Abstract: Initially, a key range variable is created by concatenating the card group value, card number and reference number for an encryption key to be generated. A hashing algorithm generates an encryption key from a master key and the variable key range variable. The encryption key and the key range variable are output to the caller who requested the key. The encryption key is used to encrypt the information, while the variable key range is stored with the encrypted data. Generation of a decryption key requires a user call for a decryption key and includes the key range variable from the encrypted data. A hashing algorithm generates a decryption key from the master key and the key range variable. The decryption key is used to decrypt the information.

Abstract: A user-configurable firewall and method in which a user-changeable security setting for a client computer is maintained by an access server through which a user accesses the public network. The user-changeable security setting can be used to specify which outside computers or network devices may access the client computer and what type of access to the client computer is allowed. If an attempt to access the client computer is made, the user-configurable security setting is checked to determine if the attempted access is allowed by the current security setting. If the attempted access is allowed by the current security setting, access is allowed to the client computer; otherwise, access is not allowed. If the user changes the user-configurable security setting, the changes to the user-configurable security setting are provided to the access server.

Abstract: A device and method for protection of legitimate software against used software and counterfeit software in recording media. The device includes a disk is set in a main unit. A specific title code is read, and if this title code has been registered, the main unit shifts to a normal operation. If the code has not been registered, verification software is initiated, PG detection is performed, and when a PG pattern and verification data match, the code is registered in the COCT. If matching does not occur, the disk is processed as illegitimate software.

Abstract: A method, apparatus and system for secure forensic investigation of a target machine by a client machine over a communications network. In one aspect the method comprises establishing secure communication with a server over a communications network, establishing secure communication with the target machine over the communications network, wherein establishing secure communication with the target machine includes establishing secure communication between the server and the target machine, installing a servelet on the target machine, transmitting a secure command to the servelet over the communications network, executing the secure command in the servelet, transmitting data, by the target machine, in response to a servelet instruction, and receiving the data from the target machine over the communication network.

Abstract: An information generating apparatus for generating output information to be outputted is provided with: an error correcting code adding device for adding an error correction code, which is used for an error correction of the output information when the output information is outputted, to the output information to thereby generate the output information having the error correction code; and a replacing device for replacing a part of the output information having the error correction code, which is generated by the error correcting code adding device, with identification information indicating that the output information to be outputted is not illegally copied to thereby generate the partially replaced output information.

Abstract: A method for multiplication of a point P on elliptic curve E by a value k in order to derive a point kP comprises the steps of representing the number k as vector of binary digits stored in a register and forming a sequence of point pairs (P1, P2) wherein the point pairs differed most by P and wherein the successive series of point pairs are selected either by computing (2mP,(2m+1)P) from (mP,(m+1)P) or ((2m+1)P,(2m+2)P) from (mP,(m+1)P). The computations may be performed without using the y-coordinate of the points during the computation while allowing the y-coordinate to be extracted at the end of the computations, thus, avoiding the use of inversion operations during the computation and therefore, speeding up the cryptographic processor functions. A method is also disclosed for accelerating signature verification between two parties.

Abstract: A system and method for retrieving security data, such as Security Associations (“SAs”) of the IPSec protocols, required for secured transmission of network packets uses a caching mechanism to significantly enhance the speed of retrieving the security data. The system has a plurality of security policy filters, and each filter may have multiple security data entries associated with different communication streams. To enable fast retrieval of security data for network communication packets, the system maintains cache table. Each entry of the cache table contains data identifying a communication stream and negotiated SA data or an exempt filter for that stream. When a packet passes through the system, a security driver derives an index value from the communication stream data of the packet, and the cache table entry corresponding to the derived index value is then retrieved.

Abstract: A technique for password encryption and decryption for user authentication in a federated content management system. One or more commands are executed in a computer to perform a datastore operation on a datastore connected to the computer. A string of characters are received. The string of characters is encrypted based on a first character standard. Then, the encrypted string of characters is transformed to be compatible with a second character standard.

Abstract: Methods and apparatus, including computer program apparatus and a system, for providing a trusted time. A first local time from a computer is sent to a trusted server. Trusted time data protected by encryption or a digital signature is received from the trusted server. The invention stores the trusted time data on the computer and checks the validity of the trusted time data. The trusted time data is used on the computer to compute a trusted time corresponding to a local time.

Abstract: The invention is a system for digital watermarking that operates on a conventional digital video stream to etch, on hand, and read, on the other hand, digital watermarks in the stream that do not visibly interfere with the video content. A system according to the invention operates on digital data that has been transformed into the spatial-frequency domain, using inter-block differences between spatial-frequency coefficients to encode the bits of a digital watermark. Using the principles of the invention, it is possible to encode multiple watermark bits between two adjacent blocks, thus providing higher watermark data rates relative to underlying video content.

Abstract: One embodiment of the present invention provides a system that detects a macro virus in a computer system by statically analyzing macro operations within a document. The system operates by receiving the document containing the macro operations. The system locates the macro operations within the document, and performs a flow analysis on the macro operations within the document to determine associated values for variables within the macro operations. Next, the system compares the macro operations including the associated values for variables against a profile containing information about suspect macro operations and associated values for variables to determine whether the document contains suspect macro operations. If so, the system informs a user that the document contains suspect macro operations. In one embodiment of the present invention, after informing the user, the system receives instructions from the user specifying an action to take with regards to the document.