Abstract: Methods are provided for categorizing input data into a selected data type category. Exemplary embodiments are directed to the categorization of binary input data, for example random input data, as either compressed or encrypted based on statistical analysis. To this end, at least a portion of the input data is analyzed to derive a statistical test result for the portion that is indicative of a degree of randomness of the data. The data is then categorized as either compressed or encrypted based on the statistical test result.

Abstract: Methods and apparatus to authenticate base and subscriber stations and secure sessions for broadband wireless networks, such as IEEE P802.16-based networks. The apparatus employs a trusted platform module (TPM) to generate security keys, including attestation identity keys (AIKs). A subscriber station (SS) generates an AIK key pair for a specific authentication server (AS) operated by a broadband wireless network, and sends the public AIK key to the AS during a one-time service signup process. In response to an access request, the SS sends authentication information including a manifest signed with the SS's private AIK key. The SS may then be authenticated by the AS via use of the SS's public AIK key. The AS may be authenticated by the SS using a similar process, thus supporting mutual authentication via AIK keys. The TPM may also be used to verify a current configuration of a subscriber station platform is an authorized configuration.

Abstract: A computer program product, for producing a cryptographic key label for use in exchanging information between first and second organizations of members, resides on a computer-readable medium includes computer-readable instructions configured to cause a computer to: produce a read-write cryptographic key using at least one base value; produce a write-only cryptographic key using the read-write cryptographic key; combine a first identifier, uniquely associated with the first organization, and a second identifier, uniquely associated with the key label to be produced, using a one-way function to produce a pedigree; and associate the pedigree with the read-write key and the write-only key to form the cryptographic key label.

Abstract: A cryptographic key split combiner includes a number of key split generators for generating cryptographic key splits from seed data, and a key split randomizer for randomizing the key splits to produce a cryptographic key. The key split generators can include a random split generator for generating random key splits, a token split generator for generating token key splits based on label data, a console split generator for generating console key splits based on maintenance data, a biometric split generator for generating biometric key splits based on biometric data, and a location split generator for generating location key splits based on location data. Label data can be read from storage, and can include user authorization data. A process for forming cryptographic keys includes randomizing or otherwise binding the splits to form the key.

Abstract: A delivery of content to the unspecified number of persons is prevented by limiting the content delivery range. A delivery source terminal 110 generates an authentication code based on the number of possible transmission times of content and an authentication code key 116, and configures the number of possible transmission times and the generated authentication code in a packet. The delivery source terminal 110 transmits the packet to a delivery destination terminal 130. A router 120 verifies whether the authentication code generated based on the number of possible transmission times and the authentication code key 124 that are received agrees with the authentication code received from the delivery source terminal 110, updates the number of possible transmission times when the two codes agree, generates a new authentication code, and configures it in the packet. The router 120 transmits the packet thus generated to the delivery destination terminal 130.

Abstract: Disclosed is a system configured to process content to enable tracing of at least one of a multitude of subsequent uses of content by at least one user. The system provides for: making markable content from content, iteratively marking the markable content with information such as use information; and later extracting at least one of the iteratively applied marks.

Abstract: An authenticating program, system and method for authenticating permission of a user to use a computer system, by storing inhibiting information, supervising input manipulation to a protected computer upon transition of the operating condition of the protected computer to the usable condition, acquiring input information to indicate contents of relevant input manipulations, and comparing the acquired input information with the inhibiting information stored in said inhibiting information storing means. Then, permission of the user is authenticated based on the result of the comparison. When the permission of the user is determined to be unauthentic, the operating condition of the computer is transitioned to a restricted condition.

Abstract: A cryptographic system (500) includes cryptographic sub-units (510) and associated input buffers (520) connected to a scheduler (530) and a reassembler (540). The scheduler (530) receives packets, where each of the packets includes one or more data blocks, and assigns each of the packets to one of the sub-units (510). The input buffers (520) temporarily store the packets from the scheduler (530). Each of the sub-units (510) performs a cryptographic operation on the data blocks from the associated input buffer (520) to form transformed blocks. The reassembler (540) receives the transformed blocks from the sub-units (510), reassembles the packets from the transformed blocks, and outputs the reassembled packets in a same order in which the packets were received by the scheduler (530).

Abstract: A system and method for detecting exposure of an OCSP responder's session private key in a D-OCSP-KIS to verify the status of a user's certificate online are provided. The system includes: a client for requesting certificate status information from the OCSP responder; the OCSP responder for receiving the certificate status information request from the client, sending a response, producing a hash value, and delivering the hash value to a certificate authority (CA) to get a certificate issued; and the CA for receiving the hash value from the OCSP responder and issuing the certificate to the OCSP responder in response to a certificate issue request; wherein the client verifies a digital signature using a hash value contained in the OCSP responder's certificate and the hash value contained in the response, and each client stores a counter value for a hash operation in each verification and recognizes the response as valid when a current counter value is greater than a previous counter value.

Abstract: A method and system for detecting a keylogger on a computer is described. One illustrative embodiment creates, in a memory of the computer, a hidden window; generates a unique, unpredictable data pattern; inputs, to the hidden window, the unique, unpredictable data pattern in a manner that mimics keyboard input from a user; scans running processes in the memory other than a keylogger detection process for the unique, unpredictable data pattern; and performs a secondary scan of a suspect process, the suspect process having an associated buffer that contains the unique, unpredictable data pattern.

Abstract: A state vector acquisition technique for a counter-based cryptographic data communication system is disclosed. The acquisition technique facilitates receipt of the state vector components (the short component and the long components) in any chronological order. The state vector components are saved upon receipt, and a counter for each long component is initialized upon receipt of the long component. After receipt of all components, the receiver device constructs a current state vector value based upon the received component values and the long component counter values.

Abstract: The detection of devices with duplicate media access controller (MAC) addresses in a cable network. A cable network device (CND) having a MAC address is connected by the cable network to a cable modem termination system (CMTS) having a gateway interface address. A centralized storage of historical cable modem MAC address/giaddr tuple data is used to identify CNDs that report duplicate MAC addresses. The cable network tracks the CND MAC address/giaddr tuple data of all CND requests that it receives and stores the MAC address/giaddr tuple data into a datastore (such as a database). When a CND seeks to access the network, the cable network looks into the datastore to determine whether the CND MAC address of the CND has previously been stored with a different associated giaddr, which would imply that there are multiple CNDs attached to different CMTSs where the CNDs share the same MAC address. If such duplication is detected, an appropriate remedial response is taken.

Abstract: Digital communication schemes using chaotic signals as carriers can be broadly classified into two categories. In the first category, the chaotic signals carrying the information have to be synchronously regenerated at the receiver, which may be applicable to low noise environment. The second category requires no synchronous regeneration of the carrying chaotic signals in the receiver. An example of the second category utilizes a specific bit structure, which may not be able to resist unintended reception because the fabricated bit structure can be relatively easily detected. This invention involves systems and methods for transmitting digital messages modulated as chaotic signals, and the demodulation methods. One individual chaotic signal generator having a specific chaotic characteristic value is responsible for generating a chaotic signal for each possible value of the digital message according to a chaotic algorithm.

Abstract: Systems and methods are provided for encrypting data without regard to applications writing the data to, or reading the data from, encrypted data storage devices. An operating system intercept detects information indicating that a file will be encrypted and, in respond, sets device-level flags indicating encryption and also establishes one or more encryption keys to be used in the encryption process. A second intercept detects an input/output event and, in response, calls an encryption application to encrypt (or decrypt) the data before it is written to (or read from) the data storage device.

Abstract: It is made possible to prevent “spoofing” and incur no additional management cost as effectively as possible. An authenticated device includes: at least one authenticated element that generates an output signal with characteristics spontaneously varying, at the time of manufacturing, with respect to a continuous input signal. The characteristics of the authenticated element are used as information unique to an individual.

Abstract: An exclusive encryption system is established using multiple computing devices. The exclusive encryption system allows for the exclusion of certain plaintext (e.g., by one of the computing devices) and ciphertext (e.g., by another of the computing devices) while at the same time maintaining the privacy created by the encryption (e.g., so the other computing device cannot see the plaintext). The exclusive encryption system may be implemented as part of a serverless distributed file system with directory entries (e.g., file names or folder names) being the plaintext, or alternatively as part of other systems.

Abstract: Methods and systems of authenticating a plurality of users for access to an on-line group activity are described. The systems and methods prevent overloading of any participant's computer due to authentication. In some configurations, multiple endpoints are designated as authenticators and requests for authentication are load balanced amongst the authenticators.

Abstract: Provided are a method, system, and article of manufacture, wherein a controller receives encrypted data from a first storage unit coupled to the controller. The received encrypted data is stored in a second storage unit coupled to the controller, wherein the controller is capable of accessing the second storage unit faster in comparison to the first storage unit. The encrypted data is maintained in the second storage unit, until at least one condition is satisfied.

Abstract: A method and apparatus for processing digital rights managements (DRM) contents having advertisement (AD) contents attached thereto in a DRM system are disclosed. When DRM contents including AD contents are selected by a DRM device, a rights issuer (RI) receives the AD contents and the DRM contents from a contents issuer (CI), generates a multipart contents format file, and downloads it to the DRM device. Then, the DRM device decodes the downloaded multipart contents format file to check whether the multipart contents format file includes AD contents-attached DRM contents, and if so, the DRM device reproduces the AD contents to use the DRM contents free of cost. Thus, the DRM contents can be provided to a user by using the AD contents without causing a burden of a charge.

Abstract: A digital signature method and apparatus is provided in which a first party with a first public/private key pair forms an ambiguous signature on subject data using at least the private key of the first key pair, a keystone initially only known to the first party, and the public key of at least one other public/private key-pair. This signature is ambiguous in that a signature-checking party can only verify that the signature is in the set comprising a signature created by the first party and a respective signature created by the possessor of the private key of the or each of the key pairs the public key of which was used in creating the signature. Revelation of the keystone renders the signature unambiguous. Such an ambiguous signature can be used to implement a fair exchange of signatures between any number of parties, with the exchanged signatures being ambiguous signatures until revelation of the initial signer's keystone.