Abstract: A data distribution system is provided which supplies customers with an executable for requested secured data files to provide the customer with fulfillment software, obviating the need for the customer to download fulfillment software prior to requesting secure data. The data distribution system is characterized by server technology which can dynamically encrypt secured data files just prior to a customer request to download the data file. A framework for building a universal data distribution infrastructure is provided which employs Requesters.

Abstract: A technique for prohibiting access to a computer having a security function when a security device is illegally removed from the computer. The security device is a hardware component that constitutes a part of a security function for a computer. When the security device is illegally removed from the computer, access to the computer is prohibited. Data indicating that the security device is attached to the computer are stored in a nonvolatile memory. Then, when a specific event, such as a power-ON event, is used as a trigger, the procedure for prohibiting the access to the computer is initiated. Following this, based on the data stored in the memory, it is detected that the security device was once attached to the computer and that it has now been removed. If currently the security device is not attached to the computer, although it was attached before, the access to the computer is prohibited.

Abstract: Methods, systems and computer program products are provided for controlling access to digital data in a file by obtaining a passphrase from a user and generating a personal key based on the obtained passphrase. A file encryption key is generated and the digital data in the file encrypted with the file encryption key to provide an encrypted file. The file encryption key is encrypted with the personal key to provide an encrypted file encryption key. A file header containing the encrypted file encryption key and associated with the encrypted file. The encrypted file and the file header associated with the encrypted file may be stored at a file server.

Abstract: The public Internet is the world's largest system of inter-networked computers. Adequate security means for protecting sensitive data communicated over the Internet is not, however, provided. The present invention, therefore, provides a system and method for performing secure transactions over an insecure packet-switched communication network. This is achieved by interconnecting a number of master nodes over the insecure communication network. The master nodes are capable of transmitting encrypted data packets over the insecure network via pseudo-random communication paths. The master nodes are further capable of returning to any state in a secure transaction in the event of a network failure. The master nodes are also capable of using new keys to encrypt each data packet.

Abstract: A method and apparatus for authenticating and authorizing a user of a device connected to a network. In one embodiment, a set of credential descriptors is generated that describes credentials that must be built for authenticating the user. The set of credential descriptors is provided to a first device, which includes a first master credential builder for building credentials corresponding to at least one of the credential descriptors. In the event that the first master credential builder does not build all of the credentials corresponding to the set of credential descriptors, another set of credential descriptors is provided to a second device, which includes a second master credential builder for building at least one credential remaining to be built. This process continues until all credentials have been built or a determination is made that they cannot be built.

Abstract: A controller of a reproduction terminal determines whether a block read from a memory card is an encrypted block or a non-encrypted block, and then applies the read block to a content decrypting circuit. The controller stops supplying the block to the content decrypting circuit when a predetermined number of non-encrypted blocks are continuously read from the memory card. Consequently, reproduction of the encrypted content data can be stopped if the encrypted content data includes a continuous non-encrypted portion in which the number of non-encrypted blocks is equal to or larger than a predetermined non-zero number.

Abstract: A system for the encryption and decryption of data employing dual ported RAM for key storage to accelerate data processing operations. The on-chip key storage includes a dual-ported memory device which allows keys to be loaded into memory simultaneous with keys being read out of memory. Thus, an encryption or decryption algorithm can proceed while keys are being loaded into memory.

Abstract: A data encryption/decryption circuit is presented that can be implemented in a field programmable gate array. First and second logic components are provided which are controlled by first and second control signal to direct data between memory and a data processing core (e.g., a DES or TDES processing core). In a ECB mode of operation, the logic components simply pass the data from the memory to the data processing core and from the data processing core to the memory. In CBC mode, the data from the memory is XORed with data from the appropriate data processing core in the first logic component during an encryption operation, and in the second logic component during a decryption operation.

Abstract: A pseudo-random number generator (PRNG) for a cryptographic processing system is disclosed in which the PRNG is reseeded at each instance of input entropy and in which a standard timestamp variable used in determining random sequence outputs is replaced with a running counter. The method employed by the PRNG demonstrates increased resistance to iterative-guessing attacks and chosen-input attacks than those of previous technologies. The PRNG is suitable for use in, for example, a mobile telephone system for accomplishing secure communications.

Abstract: A disk drive is disclosed comprising a disk for storing data, the disk comprising a public area for storing plaintext data and a pristine area for storing encrypted data. The disk drive comprises a head for reading the encrypted data from the pristine area of the disk, and a control system for controlling access to the pristine area of the disk. Authentication circuitry within the disk drive is provided for authenticating a request received from an external entity to access the pristine area of the disk and for enabling the control system if the request is authenticated. The disk drive further comprises a secret drive key, and decryption circuitry responsive to the secret drive key, for decrypting the encrypted data stored in the pristine area of the disk.

Abstract: A system and method are provided for performing file transfers using an HTTP- or HTTPS-based Supplier Transport Gateway to connect Customer and Supplier Repositories located behind their respective firewalls. In some embodiments, the Transport Gateway is placed outside the Supplier firewall, and a Supplier Transport Proxy inside the firewall connects the Transport Gateway to the internal Supplier Repositories. In other embodiments, the Transport Gateway and Transport Proxy are reversed, the Proxy residing outside the Supplier firewall and relaying Customer HTTP/HTTPS traffic to the Transport Gateway inside the firewall, which then connects to the internal Supplier Repositories. In either case, the HTTP- or HTTPS-based Customer Repository connects through a Customer Proxy to the Supplier's Transport Gateway to request file upload/download operations.

Abstract: In a computer system and process for automated identification, processing and issuance of digital certificates, web server domain-control vetting is employed in issuance of server certificates. A Requestor requests a web server certificate from a certificate authority, the certificate authority receives the request. Based on domain information the certificate authority generates Approver email addresses, and the Requestor is required to select an Approver email address or addresses. The certificate authority contacts the Approver using the selected email address or addresses and requests that the Approver approve issuance of the certificate. If approved, the certificate authority accepts the request, and creates and signs the certificate and the signed certificate is sent to the Requestor.

Abstract: In a position authentication system and electronic equipment used for the same, image data photographed by a digital camera 1 are written into storage device 3, and at the same time GPS electric wave 5 is received by GPS receiver 2 to generate latitude/longitude information. The GPS receiver 2 encrypts the latitude/longitude information, and transmits this information as position information to center system 4. The storage device 3 stores copy-guarded place-specifying data transmitted from the center system 4. The center system 4 decodes the position information 6 input from the digital camera 1, and specifies the place on the basis of the latitude/longitude information thus obtained to generate place-specifying data. The place-specifying data thus generated are subjected to copy guard-processing and then transmitted to the digital camera 1.

Abstract: A method and system for brokering a transaction between a plurality of wireless communication devices is disclosed. The method and system includes enabling a plurality of wireless devices to communicate with one another, allowing a user to enter a request related to an object to be brokered into a first enabled wireless device, and exchanging the request with a plurality of enabled wireless devices. The system and method also includes receiving a response to the request by a third party facilitator from a user of a wireless device interested in completing the transaction. The third party facilitator will then complete the transaction between users of the first wireless device and the wireless device interested in completing the transaction. In another aspect of the present invention, at least one wireless broker device helps disseminate the request from the first wireless device to the wireless device interested in completing the transaction.

Abstract: The present invention involves a new system and process for automatically controlling whether a displayed web page and associated frames displayed within a window of a web browser are secure or non-secure. For example, whether the displayed web page and associated frames are provided via a secure socket layer (SSL), i.e. a web page from an HTTPS address (secure), or simply via an HTTP address (non-secure), respectively. Specifically, the present invention uses a dynamic “Web Component” to remotely control web page security states. Further, the Web Component according to the present invention uses the same script and HTML for all implementations or instantiations of the Web Component, regardless of which, or how many, unique local clients make use of the Web Component.

Abstract: An electronic processing device having GPS card and antenna, such as a laptop or personal digital assistant, can be enable only when a geographic-specific password is entered. Geographic regions are established in the electronic processing device with a user interface and priorities can be granted to the regions. The user further stores a geographic-specific password for each of the geographic regions. When the user travels and wishes to enable the electronic processing device, the GPS card and antenna receive and process the device's current location. When the user inputs a password, the electronic device determines if the password is appropriate for the current location. If not, access is denied.

Abstract: A method and apparatus which permits access, by intermediate nodes between source and destination nodes, to selected information such as transport level information, normally included in a payload of a packet upon which encrypting security processing has been performed according to an encrypting security protocol. In the present invention, prior to performing encrypting security processing on the packet, according to the security protocol, information related to selected information normally included in a payload of the packet is stored in a field in the header of the packet where the field is not subject to the encrypting security processing. Thereafter, encrypting security processing according to the security protocol is performed on the packet.

Abstract: A method for authenticating and logging-in a first user of a communication system to a second user is performed using hashing operations in such a manner that the first user's unique identifier is not stored on the first user's computer, and the second user's computer does not store information which allows a hacker gaining access thereto to assume the identity of the first user.

Abstract: A system and method are disclosed for detecting intrusions in a host system on a network. The intrusion detection system comprises an analysis engine configured to use continuations and apply forward- and backward-chaining using rules. Also provided are sensors, which communicate with the analysis engine using a meta-protocol in which the data packet comprises a 4-tuple. A configuration discovery mechanism locates host system files and communicates the locations to the analysis engine. A file processing mechanism matches contents of a deleted file to a directory or filename, and a directory processing mechanism extracts deallocated directory entries from a directory, creating a partial ordering of the entries. A signature checking mechanism computes the signature of a file and compares it to previously computed signatures. A buffer overflow attack detector compares access times of commands and their associated files.

Abstract: A method and system for activating and obtaining a license for a software product is disclosed. A local license is obtained from a storage medium of the software product and is stored with the software product on a user's computer. The local license allows for one of multiple license types to be activated from a single software product. The user enters a product key containing a channel ID. The compact disk or other storage medium is searched for the appropriate local license for the channel ID. The local license includes a MSIID, a channel ID range for each supported license type, a license type for each channel id range, and an optional product expiration date for the license type. The license type is determined by looking up the product key's channel id in the local license's channel id range table. If activation is required based on the license type, then an installation ID including a product ID (PID) and a hardware ID (H/W ID) are transmitted to an activation authority.