Abstract: The invention relates to the integration of a security operations policy into a threat management vector.

Abstract: Methods and systems are provided for using an existing email transfer protocol, such as SMTP, to exchange digital objects in an authenticated manner. The provided methods and systems solve the bootstrapping problem of computer identities for P2P communication by authenticating the exchange of public information. If the electronic mail protocols are strong, in that sending an email message to a given address results in the message reaching that address with a high degree of confidence, then the exchange of public information performed in accordance with embodiments of the invention is confidently authenticated.

Abstract: To render digital content encrypted according to a content key (KD) on a first device having a public key (PU1) and a corresponding private key (PR1), a digital license corresponding to the content is obtained, where the digital license includes the content key (KD) therein in an encrypted form. The encrypted content key (KD) from the digital license is decrypted to produce the content key (KD), and the public key (PU1) of the first device is obtained therefrom. The content key (KD) is then encrypted according to the public key (PU1) of the first device (PU1 (KD)), and a sub-license corresponding to and based on the obtained license is composed, where the sub-license includes (PU1 (KD)). The composed sub-license is then transferred to the first device.

Abstract: The present invention relates to a method for embedding and detecting a watermark where a forgery/alternation of an image can be identified and the location of forgery/alternation can be verified by embedding and detecting a watermark into a digital image which is shot in real time. The watermark is generated by using a quantized coefficient after frequency transform used in the compression process. By embedding this into an image, the image can be compressed simultaneously with the embedded watermark. The present invention relates to a method for embedding a robust watermark which embeds a random sequence circular shifted from an original pseudo random sequence by the distance d as the watermark is embedded into an image, and a method for generating and embedding the watermark by using a DCT coefficient quantized during an MPEG compression process of the image.

Abstract: A multi-identity security environment is created for use in controlling access to resources. The multi-identity security environment enables one process that is spawned by another process to access resources security accessible to the one process, as well as resources security accessible to the another process. The multi-identity security environment includes an identity of the one process and an identity of the another process.

Abstract: A distributed network of independently operable servers is provided. Each server is adapted to communicate over the network with at least one of the other servers and has a datastore with a plurality of datafields adapted to store information about at least one user. By enabling an authentication of a user based on a user supplied biometric identifier, the network is adapted to enable the transfer of information relating to the user between different servers.

Abstract: A method embodied in a daemon resident on a server provides for notification of a client when a new session is initiated with respect to the client's private account. Assuming that a user is able to log onto the server and gain access to the client's account, the daemon checks if the client has requested notification and if so, formats e-mail alerts and distributes them to requested e-mail addresses on, for instance, local computers, cell phones, PDA and other receivers of e-mail traffic. Should the client discover, by receiving one of these e-mails that an impostor client has gained access to the client's account, the daemon is able to close down the sessions selected by the client and cancel the current password in favor of a temporary new password available only to the client.

Abstract: The invention relates to aspects in connection with the automatic generation and processing of signature files. The signature files are generated in paper form on the basis of documents (28) that comprise a personal signature (34) and also control information items (30) assigned to the signature (34) and/or the documents (28). The documents in paper form (28) are scanned in within the scope of a batch processing operation in order to generate signature files that contain the personal signatures (34) in an electronically processable form and also representations of the respectively assigned control information items (30). The control information items (30) contained in a signature file are identified and interpreted document-wise. Then the signature files are automatically processed as a function of the content of the assigned control information items (30).

Abstract: This invention is directed to a system and method for monitoring the processes of a document processing peripheral, including unauthorized access thereof. More particularly, this invention is directed to a system and method for monitoring the processes of a document processing peripheral, detecting any unauthorized processes, operations, or usage levels of the document processing peripheral, and then generating a notification of such unauthorized process.

Abstract: A tamper-resistant certification device receives a certified digital time stamp from a trusted third party, resets a time function and produces a time stamp receipt in an on-line mode; The tamper-resistant certification device receives a digital file from a mobile computing device, and produces a certified digitally signed digital file including a copy of the digital file, time stamp receipt and temporal offset in an off-line mode to evidence the content of the digital file within a defined tolerance of a day and/or time. A processor may be portioned into tamper and non-tamper resistant portions.

Abstract: A data processing device, in a system performing authentication among a plurality of storage device (IC cards etc.), able to maintain security of authentication at other device even when secrecy of key data held by part of the devices is lost, wherein a key generation unit generates individual key data unique to an IC card based on identification data unique to the IC cards received from the ICs of the IC cards and a card processing unit performs mutual authentication with the IC based on the individual key data.

Abstract: A method is provided to handle an electronic mail message such that the receiver of the e-mail message can verify the integrity of the message. A request is provided from a sender's side to a service. The request includes information regarding the e-mail message. The service processes at least a portion of the request to generate a result. For example, the service may encrypt the portion of the request, according to a public/private key encryption scheme, to generate a digital signature as the result. The service provides the result to the sender's side. At the sender's side, the result is incorporated into the e-mail message and the result-incorporated message is transmitted via an e-mail system. At the receiver's side, the result-incorporated e-mail message is processed to assess the integrity of the received e-mail message.

Abstract: A source generates a medium key (KM) and a media secret table including a plurality of entries, each entry including (KM) encrypted by a public key (PU-PD) of a plurality of devices, obtains the medium ID of a medium therefrom, generates a content key (KD) for a piece of content, encrypts the content with (KD) to result in (KD(content)), encrypts (KD) with (KM) to result in (KM(KD)), generates a package for the content including (KD(content)), (KM(KD)), the medium ID, and a signature based on at least the medium ID and verifiable with (KM), and copies the generated package and the media secret table to the medium. Thus, a device with the medium and a private key (PR-PD) corresponding to an entry of the media secret table can access and render the content.

Abstract: A system and method for establishing centralized, out-of-band access to remote network elements is provided. Status and other information can be securely retrieved from the remote elements. One or more servers observe and manage a plurality of remote elements using modem-to-modem communications between a modem bank and a remote modem. Requests are submitted through a central mediation point, thereby allowing central control of user profiles and a collection of security audit log information. One or more authentication mechanisms provide enforced security measures and trusted communication paths between a user and a remote element. Remote elements can be securely monitored and administered from a central location.

Abstract: A method and apparatus for accessing a destination computer behind a firewall using a browser are described. In one embodiment, the method includes an intermediary service receiving a destination computer request, which demonstrates that the destination computer is available to be accessed, and receiving a browser request to access the destination computer. The method then includes the intermediary service associating the browser with the destination computer and providing communication between the browser and the destination computer. The communication is being provided in a form acceptable to the firewall.

Abstract: To render digital content encrypted according to a content key (KD) on a first device having a public key (PU1) and a corresponding private key (PR1), a digital license corresponding to the content is obtained, where the digital license includes the content key (KD) therein in an encrypted form. The encrypted content key (KD) from the digital license is decrypted to produce the content key (KD), and the public key (PU1) of the first device is obtained therefrom. The content key (KD) is then encrypted according to the public key (PU1) of the first device (PU1 (KD)), and a sub-license corresponding to and based on the obtained license is composed, where the sub-license includes (PU1 (KD)). The composed sub-license is then transferred to the first device.

Abstract: The invention proposes a method for handling authentication requests in a network, wherein the authentication requests may have different types, the method comprising the steps of determining (S1, S3, S4) types of the authentication requests, and applying (S5-S7) a policy for handling the received authentication requests based on the determined types of authentication requests. The invention also proposes a corresponding network control element and a computer program product.

Abstract: Embodiments of the invention provide methods and systems for authenticating an enrolled user of a biometric authentication and/or identification system having an exception mode, in which the enrolled user submits a temporary password during authentication. The temporary password is only generated if the enrolled user's identity is verified and the person authorizing a change to the exception mode submits a valid biometric identifier.

Abstract: A data processing device able to keep a technique for generation of the key data in a key generating means secret from a developer of an authenticating means, wherein an authentication program has a description for calling up a function in a key generation program and entering identification data of service etc. input from an IC of an IC card as input parameters of the function and wherein a key generation program generates a key by using the identification data written at predetermined addresses as input parameters in accordance with the execution of a code on the basis of the authentication program.

Abstract: Technique for protecting a communications network, such a computer network, from attack such as self-propagating code violations of security policies, in which the network is divided into “compartments” that are separated by access control devices such as firewalls. The access control devices are then used to stop the spread of self-propagating attack code, the “zero-day” worms, for example. However, the access control devices are configured such that upon activation legitimate in-use network services will not be jeopardized.