Abstract: A document accessible over a network can be registered. A registered document, and the content contained therein, cannot be transmitted undetected over and off of the network. In one embodiment, the invention includes maintaining a plurality of stored signatures over a registered document. In one embodiment, the plurality of stored signatures are generated by extracting content from the document, normalizing the extracted content, and generating the plurality of signatures using the normalized content.

Abstract: A system and method are disclosed for facilitating access to a plurality of certificate-related and other services including certificate validation. A seller is provided with digital signature messaging software for accessing these services. Two preferred implementations are disclosed for integrating a seller's existing Web server and applications with this software. The first preferred implementation is referred to as “passive integration” because it requires little or no modification to a seller's existing e-commerce Web application.

Abstract: The present invention provides a computer program product, method and data processing apparatus for reviewing files for potential malware. The computer program product comprises logging code operable to maintain a statistical log having an entry for each file sent for review, each entry being arranged to store a count value indicating the number of times that the file has been sent for review and a value of one or more predetermined attributes relating to the file. Weighting table code is also used to maintain a weighting table identifying, for each value of said one or more predetermined attributes, a weighting indicating the likelihood that a file having that value of the one or more predetermined attributes will be malware.

Abstract: An Identity System obtains and maintains real time certificate status. The Identity System retrieves real time status information for the System's certificates and stores a record of the status. The Identity System also stores validation information for the certificate, including the time the real time status was retrieved and a validation interval of time extending from the status retrieval time. Smaller validation intervals reduce the potential for the real time status changing during the validation interval. When the Identity System exports or displays a certificate for a user, the Identity System can employ the stored validation information and certificate status to ensure the certificate's validity.

Abstract: Systems, methods and devices for scrambling/descrambling sets of data bits using subsets of a recurring sequence of scrambler bits. A self-synchronous scrambler, regardless of the generating polynomial being implemented, will generate repeating sequences of scrambler bits regardless of the initial stage of the scrambler. To implement a parallel scrambler, given a current state of the scrambler, the next n states of the scrambler are predicted based on the current state of the scrambler. The scrambling operation can then be preformed using the values in the current state—parallel logic operations between preselected bits of the current state will yield the required values to be used in scrambling an incoming parallel data set. Once these required values are generated, a parallel logical operation between the required values and the incoming data set will result in the scrambled output data.

Abstract: A security system, method and computer program product are provided. In use, information from a plurality of sensors associated with at least one computer is received, where such information relates to events that have occurred at the at least one computer. Thereafter, the information is correlated, and a reaction is conditionally performed based on the information.

Abstract: A stream cipher is provided with a first and a second data bit generators to generate in parallel a first and a second stream of data bits. The stream cipher is further provided with a combiner function having a shuffling unit including a storage structure to generate a pseudo random sequence, by combining the first stream of data bits with at least stochastically generated past values of the first streams of data bits, generated by using the second stream of data bits to stochastically operate the storage structure of the shuffle unit to memorize and reproduce the data bits of the first stream.

Abstract: A system, method and computer program product are provided for adaptive network data monitoring. In use, network data may be monitored utilizing at least one threshold. Then, it is automatically detected whether there is a change in the network. If a change in the network is detected, the at least one threshold is automatically modified based on the change.

Abstract: A distribution server 103 distributes a content via a network, and a KIOSK terminal 105 receives the content via the network and records the content in an SD memory card 100. A customer device 111 receives a content via the SD memory card 100, checks out the content and records a copy on a recording medium. SD-Audio players 122 to 124 receive a copy of the content and play back the copy. Here, the KIOSK terminal 105 records a Usage Rule that certifies the right to control recording of content on the SD memory card 100. Move Control Information showing the number of times that moving of rights is permitted is set in the Usage Rule.

Abstract: A diagnostic tool includes a security system which prevents the unauthorized downloading of updated software. In one embodiment, a first external storage device includes a first security signature and is electrically coupled to the diagnostic tool. A second external storage device includes software and is also electrically coupled to the diagnostic tool. When a second security signature located within the diagnostic tool is the same as the first security signature included within the first external storage device, the diagnostic tool downloads the software into an internal storage device located within the diagnostic tool. In another embodiment, an external storage device includes software and is electrically coupled to the diagnostic tool. Upon initial use, a first security signature which is the same as a second security signature located within the diagnostic tool is written by the diagnostic tool to the external storage device.

Abstract: A public key validation agent (PKVA) includes a registration authority which issues a first unsigned public key validation certificate (unsigned PKVC) off-line to a subject that binds a public key of the subject to a first public key serial number (PKVN). The registration authority maintains a certificate database of unsigned PKVCs in which it stores the first unsigned PKVC. A credentials server issues a disposable public key validation certificate (disposable PKVC) on-line to the subject. The disposable PKVC binds the public key of the subject from the first unsigned PKVC to the first PKVN from the first unsigned PKVC. The credentials server maintains a table that contains entries corresponding to valid unsigned PKVCs stored in the certificate database. The PKVA can be employed in a public key validation service to validate the public key of the subject before a private/public key pair of the subject is used for authentication purposes.

Abstract: In an authentication apparatus, coordinates input from a coordinate detector via a plurality of discontinuous holes or openings, cutouts or marks provided on a member which is used to specify the coordinates are detected, and an authentication is made based on a comparison result of the detected coordinates and a plurality of registered coordinates.

Abstract: A record and related method is provided for storing encoded information comprising a storage media, first marks on the storage media having a covert code characteristic, with the first marks conveying a covertly marked code and second marks preferably having an overt code characteristic which convey a second overtly marked code useful in decoding the covertly marked code.

Abstract: An optimized approach for arriving at a shared secret key in a multicast or broadcast group environment is disclosed. The key exchange method is mathematically equivalent to the standard broadcast version of the Diffie-Hellman public-key algorithm. However, from an implementation perspective, nodes within a multicast or broadcast group are treated in a binary fashion, whereby a shared secret key is generated for a pair of nodes at a time. Once the shared secret key is computed by the pair, the nodes within the pair are viewed as a single entity by a node that is to be joined. This process is iteratively performed until all the nodes within the multicast group attain a common shared secret key. Under this approach, the number of messages exchanged between the nodes for establishing the secured channel is significantly reduced compared to the standard broadcast Diffie-Hellman method.

Abstract: The present invention is directed to computer viruses and more particularly to a method and system for use in a virus-free certificate firewall, of controlling and filtering files using a virus-free certificate.

Abstract: A method and system as disclosed for use in a virus-free certificate proxy (107, 801), of retrieving from one or a plurality of virus-free certificate authorities (104, 804) a virus-free certificate (200) certifying that a file is virus-free. The method includes the steps of: receiving (1001) virus-free certificate request for a file; selecting a virus-free certificate authority (104, 804) having authority to generate a virus-free certificate (200) for the file; requesting (1003 . . . 1007) the virus-free certificate to the selected virus-free certificate authority (104, 804); receiving (1003 . . . 1007) from the selected virus-free certificate authority the generated virus-free certificate; sending back (1005) in response to the virus-free certificate request the received virus-free certificate.

Abstract: A network system providing secure service facility has a central control & management equipment to enable unified key management. The network includes a plurality of switching equipment and central control & management equipment, each of which includes encryption section. The encryption section of central management & control equipment encrypts; (a) a public key of switching equipment of a called party (i.e. terminating switching equipment); and, (b) a common key for encrypting message to be transferred between switching equipment. This is carried out each time a call requesting secure communication is originated. Then, the encrypted keys are delivered to the switching equipment of a calling party (i.e. originating switching equipment). Central management & control equipment maintains public keys of any switching equipment in a database.

Abstract: Non-delegable client requests to servers storing local information only are disclosed. In one embodiment, a request is sent from a client to a server of a list of servers. The server determines whether it is inappropriate to fulfill the request. If so, it sends an error message to the client that it is off-line. When the client receives the message that the server is off-line, it sends the request to another server on the list, which is continued until a server is found that is able to fulfill the request. Embodiments of the invention thus leverage existing client-known error messages to redirect client requests to other servers.

Abstract: A system for conferencing callers includes a time division multiplexed (TDM) bus. A public switched telephone network (PSTN) interface node that is coupled to the TDM bus receives PSTN signals from a PSTN caller and communicates corresponding information in a first timeslot using the TDM bus. An Internet Protocol (IP) interface node coupled to the TDM bus receives IP packets from an IP caller and communicates corresponding information in a second timeslot using the TDM bus. Also coupled to the TDM bus is a conference bridge node that receives the information for the IP caller and communicates it to the PSTN interface node in a first conference timeslot, using the TDM bus. The conference bridge node also receives the information for the PSTN caller and communicates it to the IP interface node in a second conference timeslot, using the TDM bus.

Abstract: Leased lines are provisioned over an internet protocol communications network by providing bandwidth tallies at each node and link in the network. Traffic to be sent over the leased line is labelled as high priority at the entry point to the leased line. Differentiated services mechanisms are set up at each node in the route to allow high priority traffic on the leased line to be processed before other traffic. A customer requests a leased line between two points and with a specified bandwidth and quality of service. Bandwidth tallies are checked along the chosen path to ensure that the requested bandwidth is available. As well as this checks are made to ensure that no more than a threshold level of high priority traffic will be present at any one node or link. Once the network is configured such that sufficient bandwidth is available and high priority traffic levels will not exceed the threshold level, the leased line is available for use.