Abstract: A method for authenticating animation, the method comprises the steps of capturing an image; converting the captured image into a wire mesh data for permitting animation of the image; providing movement data, which directs movement of the wire mesh data, and texture data indicating the covering for the wire mesh; electronically transmitting the wire mesh data, texture data and movement data; encrypting the movement data; and electronically transmitting the encryption the movement data for verifying that the animation is unaltered during transmission from its source.

Abstract: A method and system for distributing digital information is disclosed. Preferably, a user acquires a tangible object which contain a code authorizing access to the digital information. The user reads the tangible object through a reader, which sends the code to a server on which the digital information is stored. The server then authorizes access to the digital information to one or more access devices listed in registries belonging to the user. The user may use the digital information on the terms he agrees to, and, while in use by the user, access to the digital information to other users or other playback devices is disabled. Once the user no longer is using the digital information, the access device erases the digital information, and signals the server that the digital information is no longer in use, thereby re-enabling access to the digital information by the other playback devices listed in the registry.

Abstract: A procedure and a data communication system in which a service provider provides to a remote user of a service a set of expendable passwords for use by the user in accessing the service via a telecommunication and/or data network. The user's terminal device is provided with means for automatically transmitting a password at log-on to the service, and a server to which the terminal device sets up a connection includes means for identifying the password and for allowing or denying access to the service on the basis of the supplied password. The terminal device further includes means for storing a set of passwords and for selecting, at log-on to a predetermined service, the correct password from the stored set of passwords for automatic addition of the password to a connection setup signal transmitted from the terminal device to the server.

Abstract: The present invention provides a system and method for providing certified voice and/or multimedia mail messages in a broadband signed communication system which uses packetized digital information. Cryptography is used to authenticate a message that has been compiled from streaming voice or multimedia packets. A certificate of the originator's identity and electronic signature authenticates the message. A broadband communication system user may be provisioned for certified voice and/or multimedia mail by registering with a certified mail service provider and thereby receiving certification. The called system user's CPE electronically signs the bits in received communication packets and returns the message with an electronic signature of the called system user to the calling party, along with the system user's certificate obtained from the service provider/certifying authority during registration. The electronic signature is a cryptographic key of the called party.

Abstract: In an interface security system between a plurality of devices mutually connected and transmitting/receiving a signal, the respective devices include respective selectors selecting a connection pattern between signals transmitted/received and external terminals for transmitting/receiving the signals and switching connections between the signals and the external terminals in accordance with a connection pattern selected, and the selectors of the respective devices select a connection pattern and switch the connections in synchronization between the respective devices.

Abstract: In one embodiment, a method of remote attestation for a special mode of operation. The method comprises storing an audit log within protected memory of a platform. The audit log is a listing of data representing each of a plurality of IsoX software modules loaded into the platform. The audit log is retrieved from the protected memory in response to receiving a remote attestation request from a remotely located platform. Then, the retrieved audit log is digitally signed to produce a digital signature for transfer to the remotely located platform.

Abstract: Methods and systems for remotely configuring and monitoring a communication device are provided, especially useful in a computer network environment such as the Internet. A communication device or network appliance compares communications entering the communication device to a list of communication types established as known security risks, for example hacker attacks, unauthorized attempted access to network resources, or similar network security threats. If the received communication corresponds to a known security risk, the communication is classified as either a high security risk or low security risk, and an alert signal is transmitted to a remote monitoring center. Upon receiving the alert signal, the remote monitoring center assigns a priority to the alert signal based upon the type of the communication that triggered the transmission of the alert signal. Based on the assigned priority, the prioritized alert signal is then forwarded to a remote monitoring agent for resolution.

Abstract: An Operations Center (OC) (200) acts as a central key manager and intermediary in securely, reliably and non-repudiably delivering a document (3) from a sender (100) to a recipient (300). The OC (200) acts as a key manager to facilitate the process of strong authentication of the sender (100) and the recipient (300), encryption of the delivery (510), and setup of reliable connections (2A, 2B, 2C). In a preferred embodiment, the reliable connections (2A, 2B, 2C) are virtual private network connections.

Abstract: A number of data items are selected for inclusion in a data set so as to discourage a transmission of the entire set over a limited bandwidth communications path, such as the Internet. The data set includes an entirety parameter that is used to determine whether the entirety of the data set is present. In a preferred embodiment, the entirety parameter is a hash value that is based on watermarks of each data item. When presented for rendering, the watermarks of the data items in the presented material are read and a hash value based on the presented watermarks is computed. A mis-match between the computed hash value and the entirety hash value contained in the data set indicates that less than the entirety of the data set is being presented, and the rendering is prohibited.

Abstract: A method for the encryption and decryption of digital images based on cyclotomic polynomials and radiometric expressions comprising the steps of generating an encrypting transform, partitioning the digital images into data blocks, along with encrypting, transmitting, and decrypting the data blocks. Three common radiometric expressions are fundamental metamers, black metamers, and radiometric functions. In one embodiment, the mathematical equation that represents the encrypting transform is a cyclotomic polynomial. In another embodiment, a cyclotomic polynomial is used to calculate the coefficients of the mathematical equation that represents the encrypting transform. In other embodiments, the encrypting transform is generated with a radiometric expression, and the encrypted data blocks are calculated with a radiometric expression.

Abstract: A system and method for remote code integrity in distributed systems is presented. A server sends encrypted remote code to a client. The client receives the encrypted remote code and a key agent from the server. The key agent includes a key to decrypt the remote code. The client uses the key to decrypt the encrypted remote code and stores the decrypted remote code in internal memory. The key agent uses a second key included in the key agent to re-encrypt the decrypted remote code and stores the re-encrypted remote code in non-volatile memory. The client executes the decrypted remote code located in internal memory. Once the client is finished executing the decrypted remote code, the client overwrites the keys and deletes the old encrypted code.

Abstract: A sender station sends a verification signal to itself after having sent data to be distributed. In the event that any one of receiver stations has failed to receive any one of data sets, the receiver station sends a predetermined jamming signal, to thereby hinder the sender station from receiving the verification signal transmitted to the sender station. When having failed to receive the verification signal, the sender station determines that any one of the receiver stations has failed to receive the data. In contrast, when having received the verification signal, the sender station determines that all the receiver stations have successfully received the data.

Abstract: The present invention provides a method, system, and computer program product for synchronizing security credentials of users and/or groups of users between directories, operating system platforms, and/or registries. The credentials stored at a master registry are used to authenticate whether a user requesting propagation of security credentials has the required permission. If the authentication process succeeds, the user's credentials may be securely propagated to one or more targets. This technique enables synchronizing multiple copies of a user's security credentials without requiring access to a plaintext version thereof, and without forcing the credentials to a new value as part of the synchronization process. The master registry may stored an identification of the targets of the propagation on a per-user basis, or for groups of users, or for the master registry as a whole.

Abstract: Upon receiving a request to clear or reset a terminal, the terminal displays a random number, the random number is placed in a regular file and signed by a private key to created a signed clear file, the clear file is authenticated, and the original random number is replaced by a new random number, thereby ensuring the authenticity of the clear or reset request while protecting the terminal from replay attacks.

Abstract: Under a multi-task environment, a tamper resistant microprocessor saves a context information for one program whose execution is to be interrupted, where the context information contains information indicating an execution state of that one program and the execution code encryption key of that one program. An execution of that one program can be restarted by recovering the execution state of that one program from the saved context information. The context information can be encrypted by using the public key of the microprocessor, and then decrypted by using the secret key of the microprocessor.

Abstract: A method for communicating passwords includes receiving at a server a challenge from a authentication server via a first secure communications channel, the challenge comprising a random password that is inactive, communicating the challenge from the server to a client computer via a second secure communications channel, receiving at the server a challenge response from the client computer via the second secure communications channel, the challenge response comprising a digital certificate and a digital signature, the digital certificate including a public key in an encrypted form, the digital signature being determined in response to the random password and the private key, and communicating the challenge response from the server to the authentication server via the first secure communications channel, wherein the random password is activated when the authentication server verifies the challenge response.

Abstract: The intrusion protection method and system for a communications network provides address agility wherein the cyber coordinates of a target host are changed both on a determined time schedule and when an intrusion attempt is detected. The system includes a management unit which generates a random sequence of cyber coordinates and maintains a series of tables containing the current and next set of cyber coordinates. These cyber coordinates are distributed to authorized users under an encryption process to prevent unauthorized access.

Abstract: The present invention is directed, in one embodiment, to a programming interface which enables device/protocol/network independent transmission of messages to, and programming of, mobile devices. In another embodiment, the present invention is directed to data structures maintained on, and supported by, the mobile devices. The present invention also, in another embodiment, provides security for programming messages and an acknowledgement channel over which the mobile device can acknowledge receipt of, and successful implementation of, a programming message.

Abstract: A server including a dual channel communications module operable to establish a communication session between the server and a client is provided. The server may be operable to receive a dual channel communication packet from the client. In a particular embodiment, the dual channel communication packet may include a header in a data payload. The header includes a client external IP address, and the data payload includes an encoded port command having a client internal IP address and a client data port number. A codec operable to decode the port command may also be provided. The server may also include a translation module for retrieving the client external IP address from the header. In a particular embodiment, the server is operable to establish data channel coordinates including the client external IP address, the client data port number, a server internal IP address and a server data port number.

Abstract: A method for providing keys for descrambling scrambled content, the scrambled content being divided into frames, the method including: identifying a plurality of frames to be descrambled; for each frame of the plurality of frames, identifying a key period associated with a key for descrambling the frame; and for at least one frame f of the plurality of frames, substituting a substitute frame g for the frame f, the substitute frame g being chosen in order to reduce a total number of key periods associated with keys for descrambling all of the plurality of frames. Related apparatus and methods are also provided.