Abstract: A password entry method and apparatus prompts a user for entry of a password and outputs dynamic password entry interface legitimacy information in response to the prompt for entry of the password. The dynamic password entry interface legitimacy information may be a hard to duplicate animated image, audio sequence, or other suitable legitimacy information that allows a user to visually or audibly determine whether the password entry interface being presented is legitimate. Accordingly, the user will know whether or not to trust the password entry interface, such as a password dialog box displayed on a display device, prior to entering password information.

Abstract: A method and system for distributed generation of unique random numbers. The unique random number can be used to create digital cookies or digital tokens. A first network device (e.g., a computer) on a computer network receives an x-bit bit mask template from a second network device on the computer network (e.g., a gateway). The first network device generates a first portion of an x-bit digital cookie. The first network device requests a second portion of the x-bit digital cookie from the second network device. The request includes the first portion of the x-bit digital cookie. The first network device generates a complete x-bit digital cookie using the first portion of the x-bit digital cookie generated by the first network device and the second portion of the x-bit digital cookie generated by the second network device.

Abstract: The present invention includes a method and device for calculating an encryption key, K?c, for use in the initialization of an encryption algorithm. The present invention discloses a method for calculating the encryption key, K?c(x), by obtaining a ciphering key, Kc(x), determining a maximum ciphering key length, L, based on the requirements of the two devices wishing to communicate, and determining a maximum usable encryption key length, Lmax. The ciphering key, Kc(x), is then manipulated through an addition function or an exclusively-or function with a polynomial g1(x). The result is multiplied with a polynomial g2(x), which spreads the starting points of said encryption key, K?c(x). The encryption key is thus determined according to K?c(x)=g2(L)(x)[Kc(x) mod g1(L)(x)]. The method of calculating the encryption key, K?c, ensures that a maximum ciphering key length is not exceeded. In addition, the method provides new possible starting points each time a new encryption key, K?c, is generated.

Abstract: An information processing device to solve the above-mentioned disadvantage according to the present invention comprises: information receipt part to receive a digital information from an external information record medium; first judgment part to judge whether the external information record medium is a medium which is readable and writable; second judgment part which judges whether a predetermined security processing is performed to the digital information to be received; and control part to control the information receipt part to refuse a receipt of the digital information which is judged that the medium is readable and writable by the first judgment part and a security processing is not performed by the second judgment part.

Abstract: Computer security protection referred to herein as ATM/ALERT is provided. This system interacts with established software to recognize a valid identification which will then allow a requested action such as an ATM transaction to occur. The system also interacts with the established software to recognize an alert signal issued by the user who is under duress which will then activate security measures via the established software. Exemplary identifications include a PIN number, iris scan, thumb print or facial scan. In some embodiments, the computer security protection requires first-time entry of a valid identification and second-time entry of a valid identification to allow the requested action.

Abstract: Methods, systems and computer program products are provided which provide for controlling access to digital data in a file by encrypting the data with a first key, encrypting the first key with a second personal key generated from a password/passphrase associated with the file and further encrypting the encrypted first key with a control key which is managed by the system. In certain embodiments, user authentication may also be provided by issuing a ticket which is utilized to create, access and administer the files in the system.

Abstract: A method for generating random numbers includes the steps of providing a liquid crystal cell containing a liquid crystal material, wherein a potential difference is applied across said liquid crystal material to cause a chaotic turbulent flow. The resulting flow or physical result of the liquid crystal material is measured to generate a baseline measurement, and subsequently the at least one physical property is measured again to generate a plurality of reading measurements. Determining the difference between each of the reading measurements and the baseline measurement, and setting bits based on the differences generates a sequence of random numbers. An apparatus for generating random numbers is also disclosed. These truly random numbers may then be used to encrypt data prior to transmission.

Abstract: A method for migrating a base chip key from a first computer system to a second computer system is disclosed. A first computer system includes a base chip key 1, and a second computer system includes a base chip key 2. Using a first certificate for the base chip key 1, a manufacturer of the second computer system generates a second certificate for the base chip key 1. Similarly, using a first certificate for the base chip key 2, a manufacturer of the first computer system generates a second certificate for the base chip key 2. A first data packet is then sent from the first computer system to the second computer system. The first data packet includes a first random number and all the data required to reproduce the base chip key 1 in the first computer system. The first data packet is also encrypted with the base chip key 1's public key.

Abstract: An apparatus and method for regulating a flow of information based on a position of a key in a lock assembly is presented. Depending on a position of the key in the lock assembly and data flow rules, an electronic circuit regulates a flow of data to a target network. Data flow rules may be based on session type, transmit time, target address and password.

Abstract: A method of ensuring the security of data from a medical test includes providing the patient with a medical data card issued by a secure information provider, and having a unique patient identification number (PID), a public key encryption private key, and public key encryption public key (Key 2). The method further includes a first test request card having an encrypted identification of the patient and the test, a health care provider code, Key 2, and the test type that accompanies the patient's test specimen to the secure information provider, a second test request card bearing an encryption of the PID and the test type to forward with the patient's specimen to a testing laboratory; a first test results card bearing an encryption of the PID and the results; and a second test results card that may be read in conjunction with the patient's medical data card.

Abstract: When the user inputs an instruction for accessing storage information stored in a fingerprint identification unit to a host computer, the host computer sends an identification instruction command to the fingerprint identification unit. A fingerprint detection section formed of an LED, a lens barrel, a CCD, and an A/D converter read the fingerprint of the user, identifies the fingerprint by using an identification controller, and allows the user to access the storage information only when the identification result is affirmative. The identification result is also sent to the host computer simultaneously.

Abstract: A method of locking data and a program that analyzes the data commences with a generation of a first key. This first key is associated with both the data and a specific, compiled copy of the program. A gatekeeper logic is generated. The gatekeeper logic utilizes at least the first key to prevent the specific, compiled copy of the program from analyzing data other than the specific data. In this way, the specific copy of the program is locked to specific data, and is accordingly limited to performing analysis operations utilizing the specific data.

Abstract: A memory device is provided that is used by a computer system and that has a memory pattern obtained after a function is called when the computer system executes a program, the memory pattern comprising: a return address storage area for storing a return address 230 for the source of a call for the execution of a currently active function; a previous frame pointer storage area for storing a previous frame pointer 220 to the calling source for the execution of a currently active function; and a local variable storage area to be located below the return address storage area 230 and the previous frame pointer storage area 22, wherein when a data array 211 is stored in the local variable area, a guard variable 212 is stored in a location preceding the data array 211, and wherein the guard variable is used as a target to confirm whether the return address has been destroyed.

Abstract: A system and method for unique authentication of each replication of a plurality of soft-copy documents, forming a group. One soft-copy document, out of the group, becomes a carrier for an authentication code aimed at protecting the group. The authentication code is computed from the concatenation of the plurality of soft-copy documents and a key. A random number is also generated for each replication of the group of files. The random number is combined with the authentication code to mark the soft-copy document which has been selected to become the carrier. Thus, the invention introduces randomization in the insertion of the authentication code so that for each replication of an identical group of data files, unique authentication data can be associated, merged and hidden in the transmitted information.

Abstract: A distributed storage system for storing at least one credential (46), provided by an issuing authority and relating to an identity (42, 44), is described. The system comprises: a plurality of unique identities (42, 44) each having a local store (40). Each local store (40) securely stores credentials (46) relating to the owner of the identity (42, 44). The system also comprises one or more security certificates (66) provided at each identity (42, 44) for ensuring the authenticity of the credentials (46). The security certificates (66) provide secure references to the issuers of the credentials (46) and this can be used in verifying the origin of each credential (46). The identity can be provided a website or a mobile phone for example.

Abstract: An improved architecture is provided, based upon the prior art common data security architecture, with the modification of adding in a generic trust policy library (217) at an add-in security modules layer (215) and a policy interpreter (224) at a common security services manager layer (202), so that individual users may provide sets of trust policies in the form of a trust policy description file (223), which uses a generic policy description language provided by the architecture. The architecture provides a generic method of incorporating trust policies into a computing platform in a manner which avoids a prior art problem of the semantics of trust policies which are hard-coded in prior art trust policy modules (117). The architecture also improves management flexibility. In the present disclosure, a generic policy description language is provided, which enables different users to define the semantics of a plurality of trust policies.

Abstract: A method, system, and computer program product for selectively encrypting one or more elements of a document using style sheet processing. Disclosed is a policy-driven augmented style sheet processor (e.g. an Extensible Stylesheet Language, or “XSL”, processor) that creates a selectively-encrypted document (e.g. an Extensible Markup Language, or “XML”, document) carrying key-distribution material, such that by using an augmented document processor (e.g. an augmented XML processing engine), an agent can recover only the information elements for which it is authorized. The Document Type Definition (DTD) or schema associated with a document is modified, such that the DTD or schema specifies a reference to stored security policy to be applied to document elements. Each document element may specify a different security policy, such that the different elements of a single document can be encrypted differently (and, some elements may remain unencrypted).

Abstract: A method and system for providing protection from exploits to devices connected to a network. The system and method include a component for determining whether an encapsulation has been applied to an attachment associated with a message and unencapsulating such encapsulated attachment, and a component that performs at least one decompression of the attachment when the attachment is compressed. If it is determined that the message, including the attachment, is to be scanned, a component is included that determines whether a header, body, and/or attachment of the message includes exploits. A device that receives messages that are directed to the network employs the components above to provide exploit protection for at least one of the messages.

Abstract: A communications system and method for transmitting authorization messages to mobile platforms is provided. The communications system authorizes the mobile platform to continue transmitting data with a single signal rather than multiple signals. Specifically, the authorization signal comprises a unique address for a path of forward link equipment that transmits data to the mobile platform. The unique address informs the mobile platform which equipment is currently being used for data transmission, and the mobile platform then relays this information back to a ground station. The authorization signal further comprises a return link assignment that informs the mobile platform which transponder is to be used for data transmission back to the ground station. Accordingly, a single signal is used to transmit the required data to the mobile platforms.

Abstract: A protection system and associated method prevent the automatic crawler access to a company's web-based data, without impacting the ability of an interactive user, such as a consumer, to access the data and to conduct regular business transactions. In one embodiment, the protection system will not prevent the crawler from downloading data; rather, the data will be rendered non-extractable by the crawler. In another embodiment, the protection system will prevent crawler access to the data.