Abstract: In a key-insulated cryptosystem according to the present invention, a plurality of external devices are associated with a number of updates of a terminal secret key which has already been updated, and a different piece of secret information is stored in each of the external devices. In addition, a key-updating method in the key-insulated cryptosystem according to the present invention includes steps of: selecting one of the external devices depending on the number of updates of the terminal secret key; and causing the selected external device to generate key-updating information used for updating the terminal secret key based on the number of updates and the stored secret information.

Abstract: A system for accessing a packet-switching network (4), which is adapted for the use of a simplified signature method. The system includes a supplementary server (60) which is independent of a proxy server (50) of an access provider (12) and a simplified signature module (66) which is provided in the supplementary server (60). The proxy server (50) is equipped with an interface (64) which enables the connection of the proxy server to the supplementary server (60) and the transmission of at least the authentication requests sent by contacted service providers to the supplementary server (60) in order for the requests to be processed by the simplified signature module (66).

Abstract: A unified system of programming communication. The system encompasses the prior art (television, radio, broadcast hardcopy, computer communications, etc.) and new user specific mass media. Within the unified system, parallel processing computer systems, each having an input (e.g., 77) controlling a plurality of computers (e.g., 205), generate and output user information at receiver stations. Under broadcast control, local computers (73, 205), combine user information selectively into prior art communications to exhibit personalized mass media programming at video monitors (202), speakers (263), printers (221), etc. At intermediate transmission stations (e.g., cable television stations), signals in network broadcasts and from local inputs (74, 77, 97, 98) cause control processors (71) and computers (73) to selectively automate connection and operation of receivers (53), recorder/players (76), computers (73), generators (82), strippers (81), etc.

Abstract: In a communication system, a first wireless communication apparatuses belonging to a communication group receives a connection request frame including a notifying security level from a second communication apparatus outside of the communication group. The first communication apparatus stores a reference security level peculiar to the communication group, which is selected from security levels depending on one of encryption methods including non-encryption and encryption strengths. In the first communication apparatus, the notifying security level is compared with the reference level, and a response frame including one of a connect rejection and a connection permission is described, is generated and transferred to the second communication apparatus. The connect rejection represents a rejection of connection to the second communication apparatus and the connection permission represents a permission of connection to the second communication apparatus.

Abstract: To identify participants in collusion directed to altering a digital fingerprint embedded in multimedia content, an ECC based fingerprinting technique establishes a code symbol for each of a plurality of segments of digital data forming the multimedia content. The code symbols are concatenated to form a fingerprint signal, which is subdivided into a plurality of subsegments for each segment in the digital data. The subsegments are permuted and embedded into the digital data. When a suspicious copy of the multimedia content is discovered, the permuted fingerprint signal is extracted from the content and inversely permuted to form a test fingerprint. The identity of one of the colluders is determined by correlation with characteristics of the codeword originally assigned to the user. The determination of identity may be enhanced by the addition of group data embedded as an additional fingerprint in the digital data.

Abstract: A system and method are disclosed for improving a statistical message classifier. A message may be tested with a machine classifier, wherein the machine classifier is capable of making a classification on the message. In the event the message is classifiable by the machine classifier, the statistical message classifier is updated according to the reliable classification made by the machine classifier. The message may also be tested with a first classifier. In the event that the message is not classifiable by the first classifier, it is tested with a second classifier, wherein the second classifier is capable of making a second classification. In the event that the message is classifiable by the second classifier, the statistical message classifier is updated according to the second classification.

Abstract: A folder containing at least one file can be created in a file storage (17) in response to a folder creation request from an owner (30) of an IC card (10), and an access authority to the folder can be set as an access control list (18A) of the folder in response to an access authority setting request from the owner (30). Then access to the file is controlled not only on the basis of the access authority to the file set by an issuer of a voucher (issuer of the file), but also on the basis of the access authority to the folder set by the owner (30).

Abstract: In a job allocation control apparatus, whether or not a job has security setting is discriminated, if it is decided that the job has the security setting, this job is set to a scheduling target to a clean device, and if it is decided that the job does not have the security setting, this job is set to a scheduling target to a non-clean device. When a process of the job having the security setting as a scheduling target to the clean device cannot be executed, the job having the security setting is set to the scheduling target to the non-clean device. Whether or not the non-clean device satisfies a predetermined condition is discriminated. If the predetermined condition is satisfied, the job having the security setting is transmitted to the non-clean device.

Abstract: A unified system of programming communication. The system encompasses the prior art (television, radio, broadcast hardcopy, computer communications, etc.) and new user specific mass media. Within the unified system, parallel processing computer systems, each having an input (e.g., 77) controlling a plurality of computers (e.g., 205), generate and output user information at receiver stations. Under broadcast control, local computers (73, 205), combine user information selectively into prior art communications to exhibit personalized mass media programming at video monitors (202), speakers (263), printers (221), etc. At intermediate transmission stations (e.g., cable television stations), signals in network broadcasts and from local inputs (74, 77, 97, 98) cause control processors (71) and computers (73) to selectively automate connection and operation of receivers (53), recorder/players (76), computers (73), generators (82), strippers (81), etc.

Abstract: When a common key is updated to a new common key, it is possible to prevent the generation of a period during which not all the general communication apparatuses are enabled to make mutual communications using encrypted data while at the same time reducing the memory consumption of the general communication apparatus. A common key control apparatus 11 transmits a first status transition request R1 to all the general communication apparatuses when all the general communication apparatuses 12 made a transition to a distribution completed status, and transmits a second status transition request R2 to all the general communication apparatuses when all the general communication apparatuses 12 made a transition to an in-transit status.

Abstract: Prior to using a HDCP KSV for HDMI-based encryption authentication, the KSV from the source is examined to determine whether it is in a list of KSVs that have been pre-approved by the sink vendor, to further restrict access to the interface of the sink to only those HDCP-compliant sources that have been approved by the sink vendor.

Abstract: A memory card 10 inserted in a terminal device 20 establishes a SAC with each of a content server 1, a content server 2, a settlement server 1 and a settlement server 2, using an application program corresponding to the server, to securely receive and transmit data. The memory card 10 acquires a unique private key and a unique public key for each application program, and establishes a SAC with each server using the acquired private key and public key.

Abstract: Countermeasures for differential power or electromagnetic analysis attacks are provided with the definition and use of key encryption masks and masked substitution tables in a cryptographic process. Different key encryption masks and masked substitution tables are applied to different portions of masked keys used in the cryptographic process and are rotated as the cryptographic operations are carried out. The rotation of the key encryption masks and the masked substitution tables is non-uniform. Input and output masking for the substitution tables is provided.

Abstract: A method and apparatus for the digital signing of a message to be signed, the message to be signed is transmitted via a communication network to a mobile radio telephone to be used as a signing unit. A message to be signed is transmitted from a transmitter to a receiver and then from the receiver to the mobile radio telephone via a telephone network. The mobile radio telephone user indicates that the message to be signed should be signed, and the mobile radio telephone generates a signed message. The signed message is then transmitted from the mobile radio telephone to the receiver and from the receiver to an addressee.

Abstract: A unified system of programming communication. The system encompasses the prior art (television, radio, broadcast hardcopy, computer communications, etc.) and new user specific mass media. Within the unified system, parallel processing computer systems, each having an input (e.g., 77) controlling a plurality of computers (e.g., 205), generate and output user information at receiver stations. Under broadcast control, local computers (73, 205), combine user information selectively into prior art communications to exhibit personalized mass media programming at video monitors (202), speakers (263), printers (221), etc. At intermediate transmission stations (e.g., cable television stations), signals in network broadcasts and from local inputs (74, 77, 97, 98) cause control processors (71) and computers (73) to selectively automate connection and operation of receivers (53), recorder/players (76), computers (73), generators (82), strippers (81), etc.

Abstract: A system for processing DRM-enabled files includes a playback device and a software module. The software module includes a license-downloading module, a license-transforming module, a decryption module and an encryption module. The license-downloading module is configured to download a first license from a license server to a computer. The license-transforming module is configured to convert the first license to a second license. The decryption module is configured to decrypt a first DRM-enabled file of the computer into a raw file with a first decryption key. The encryption module is configured to encrypt the raw file into a second DRM-enabled file with a second encryption key. The playback device is configured to decrypt the second DRM-enabled file with the second license. The method of the system is also provided.

Abstract: A security-procuring method for making an item of communications equipment (E) secure, said item of communications equipment comprising an operating system core (K) and a set of software applications (A), said core including at least one IPv6 protocol stack (PS) making it possible to transmit incoming data packets from an input port (PIN) to an application (A) and to transmit outgoing data packets from an application (A) to an output port (POUT), said protocol stacks including a set of interfaces (HPRE, HIN, HOUT, HPOST) organized to enable external modules connected to them to access said data packets transmitted by said at least one protocol stack at determined points associated with said interfaces.

Abstract: A method (and structure) of exchange between two parties interconnected by a device or network. A recipient party (verifier) chooses a secret value x for computing a value X=F1(x), where F1 comprises a first predetermined function having at least one argument, the value x being one of the at least one argument of F1. A signing party (signer) chooses a secret value y for computing a value Y=F2(y), where F2 comprises a second predetermined function having at least one argument, the value y being one of the at least one argument of F2. The signer obtains the value X, and the signer has a private key b and a public key B. The signer computes a value s=F3(y,b,X), where F3 comprises a third predetermined function having at least three arguments: the value y, the private key b, and the value X being three arguments of the at least three arguments of F3.

Abstract: A portable device for connecting to a host information processing platform includes: a digital information storage medium storing an operating system image, secure data, applications, and system state of an owner of the portable device, wherein the medium is in read only mode until a set of tests are run on the host platform; and a platform validation program for: running the plurality of tests on the host computer to determine whether the host is safe, depending on the outcome of the tests, presenting the owner with a user-identifiable message, prompting the owner to enter decryption credentials, and receiving the decryption credentials. The portable device could also optionally include subsystems that provide additional functionality to the owner such as media playback, communications, and entertainment.

Abstract: A method and system for a secure telephone protocol are disclosed, which can be implemented using current Voice over IP (VoIP) protocols, Session Initiation Protocol (SIP, as specified in the Request for Comment (RFC) 3261 from the Internet Engineering Task Force (IETF)), Real Time Transport Protocol (RTP, as specified in RFC 3550), and Secure RTP (SRTP, as specified in RFC 3711). The secure telephone protocol can include a shared secret value that is cached and then re-used later to authenticate a long series of session keys to be used for numerous separate secure phone calls over a long period of time, thereby providing cryptographic key continuity without the need for voice authentication. In an embodiment, the secure telephone protocol can utilize the Diffie-Hellman key exchange during call setup, and AES for encrypting the voice stream.