Abstract: A method and system operative to preclude content providers from tracking users, while still allowing content providers to communicate to users. An intermediary, such as an access channel provider for instance, gives content providers non-repeating user-identification-tokens, each of which a content provider can use as a key to access an intermediary resource that facilitates a communication to the user, without revealing the user's identity to the content provider.

Abstract: A test method for Internet-Protocol packet networks that verifies the proper functioning of a dynamic pinhole filtering implementation as well as quantifying network vulnerability statistically, as pinholes are opened and closed is described.

Abstract: A system for eliminating unauthorized email sent to a user on a network analyzes the sender address of incoming email and determines whether it is to be rejected by returning a standard “no such user” error code or accepted depending upon executing processing rules and analyzing managed lists of authorized senders. This provides an advantage over existing anti-spam filtering systems by intercepting unauthorized email before it reaches an existing email server or client. The system rejects all email unless authorized by using a standard “no such user” error code, and by redirecting the unauthorized email back to the sender or to a sender evaluation site. An ASL module captures authorized sender addresses from the user's outgoing email and other sources in order to update “authorized senders” lists.

Abstract: A system for managing a distributed MetaHop that is administered, managed, and monitored as a single entity. If a new gateway is added to a MetaHop, the gateway can be provisioned with membership credentials by an administrator who indicates relatively basic information for the new gateway to join the MetaHop. Once provisioned with relatively basic information, the new gateway can be shipped to a relatively remote site where it automatically seeks out an entry point to the MetaHop. After connecting to an entry point (or entry points), the new gateway is automatically provisioned with any other information used to join the MetaHop. In one embodiment, the joined gateway is automatically enabled to forward traffic. In another embodiment, a new gateway is disabled for traffic forwarding until the administrator enables it for such forwarding on the MetaHop.

Abstract: Secure presentation of media streams includes encoding the media streams into digital content, encrypting a portion of that digital content, the portion being required for presentation, in which the encrypted version is substantially unchanged in formatting parameters from the clear version of the digital content. Selecting those portions for encryption so there is no change in distribution of the media stream: packetization of the digital data, or synchronization of audio with video portions of the media stream. When encoding the media stream into MPEG-2, refraining from encrypting information by which the video block data is described, packet formatting information, and encrypting the video block data using a block-substitution cipher. A block-substitution cipher can be used to encrypt each sequence of 16 bytes of video data in each packet, possibly leaving as many as 15 bytes of video data in each packet in the clear.

Abstract: According to a conventional technique, in the case where a program is stored into a non-volatile memory once and then activated, authentication of the program is performed immediately before such activation. However, calculations such as decryption of encrypted values are required before the activation of the program starts, which causes the problem that responsiveness is decreased in proportion to the time required for calculations. In order to solve this problem, authentication of a program is performed immediately before such program is stored, so that no authentication is performed or only a part of the authentication is performed to verify the validity of certificates at program activation time.

Abstract: A communication apparatus has a communication part and authenticates a communication partner by using a digital certificate, wherein the communication apparatus includes an authentication part carrying out authentication of the communication partner by using a common certificate, the common certificate being a digital certificate not including identification information of an apparatus, and an individualized certificate transmission part acquiring, in the case the authentication by the authentication part has been made successfully, individualized certificate and transmitting the individualized certificate to said communication partner, the individualized certificate being a digital certificate including identification information of the communication partner.

Abstract: An information processing apparatus and method are provided. The information processing apparatus and method provides an attribute of a component which executes a process of reading data from an information recording medium is confirmed so that severe authentication corresponding to contents can be achieved. In authentication of a component which attempts to perform a process of data read from an information recording medium, it is confirmed whether or not an attribute of the component has a data process permission component attribute set in advance. For example, it is confirmed through the attribute confirmation whether the component is a hardware component or a software component, and only when the component is a hardware component, a process of the contents is permitted.

Abstract: In certain embodiments, a method of detecting a scene change in a digital video signal involves examining a slice of the digital video signal; determining if the slice contains a greater amount of data than a threshold amount of data; and if the slice contains a greater amount of data than the threshold, determining that the slice forms a part of a scene change. This abstract should not be considered limiting since embodiments consistent with the present invention may involve more, different or fewer elements.

Abstract: A client device is registered with a network server by having the network server generate a key number and emit an optical representation of the key number for optical reception by the client device. The client device determines the key number from the received optical representation, and encrypts or decrypts a communication using the key number, or a value based on the key number. In one embodiment, the optical representation may be either an infrared signal or visible light signal.

Abstract: A communications apparatus configured to provide a prescribed service via a network based on a standardized interface of a prescribed communications protocol is provided. The communications apparatus includes a proof confirmation unit configured to, upon receiving a request message representing a request for call-up of the standardized interface from a user, extract proof information about the user from a header region of the request message and have validity of the user verified based on the proof information; and a service executing module configured to execute a process in accordance with the standardized interface for which the call-up is requested if the validity of the user is verified.

Abstract: A method and system for ensuring system security is disclosed. The method and system split a regular expression that corresponds to a number of patterns into sub-expressions. The dependency relationships among the finite automata that correspond to the sub-expressions are maintained. Then, as data units are put through these finite automata in a sequence that is based on the dependency relationships, suspected data units are identified. The suspected data units are the ones containing content that collectively matches one or more of the aforementioned patterns. Identification of the suspected data units is based on the merged results of the finite automata. Depending on the result of identifying the suspected data units, different actions are performed.

Abstract: A security processor performs all or substantially all security and network processing to provide a secure I/O interface system to protect computing hardware from unauthorized access or attack. The security processor sends and receives all incoming and outgoing data packets for a host device and includes a packet engine, coupled to a local data bus, to process the incoming and outgoing packets. The processor further comprises a cryptographic core coupled to the packet engine to provide encryption and decryption processing for packets processed by the packet engine. The packet engine also handles classification processing for the incoming and outgoing packets. A modulo engine may be coupled to the local data bus.

Abstract: The present invention comprises fast new methods for computing high-precision solutions of Frobenius equations that arise in elliptic-curve cryptography. In particular, this invention may be used to accelerate the computation of the number of points on an elliptic curve over a finite field. The advantage over methods in prior art is that the invention is faster than previously known methods. The methods enable optimally fast canonical lifting of elliptic curves defined over finite fields, optimally fast pre-computations to determine an efficient representation of intermediate quantities, and optimally fast lifting of finite-field elements to compute multiplicative representatives. Furthermore the invention enables rapid computation of norms and traces amongst other applications.

Abstract: In an electronic apparatus control system provided with: a plurality of electronic apparatuses connected to a network covering a predetermined area; and a controller for controlling these electronic apparatuses, the controller (11) is provided with: a generating device for generating a group key peculiar to the network (18) in order to encrypt the information flowing through the network (18); and a wireless unit (21) for transmitting the generated group key to a plurality of the electronic apparatuses. The electronic apparatus is provided with: a memory device for storing the group key transmitted; an encrypting device for encrypting the information flowing through the network (18) using the group key; and a decoding device for decoding the encrypted information using the group key.

Abstract: Systems and methods that enable execution of applications at appropriate trust levels are described. These systems and methods can determine appropriate trust levels by comparing applications' permitted trust levels with their requested trust levels. These systems and method can determine applications' permitted trust levels by comparing applications' execution locations with their published locations. Applications can also be executed at a restricted trust level at which potentially dangerous operations are prohibited.

Abstract: Based on user identification data transmitted together with a compressed data from a portable reproducing apparatus, if an apparatus recognizes that a user who purchased and downloaded the compressed data is the same as a user who owns the apparatus, the audio apparatus stores and holds the compressed data after reproducing the signal from the compressed data by the decoder unit and the data processing unit. Alternatively, if it recognizes that the user who purchased and downloaded the compressed data is not the same as the user who owns the apparatus, it removes the compressed data after reproducing the signal from the compressed data by the decoder unit and the data processing unit.

Abstract: The invention concerns a system enabling a member (M) of a group (G) to produce, by means of customized data (z; K), a message (m) accompanied by a signature (8) proving to a verifier that the message originates from a member of the group (G). The invention is characterized in that the customized data is in the form of an electronic physical medium (26). Advantageously, the latter also incorporates: encrypting means (B3) for producing a customized cipher (C) from the customized data prior to the signature S of the message (m), means (B5) for producing a combination of a message m to be signed and the cipher (C) associated with said message, for example in the form of a concatenation of the message (m) with the cipher (C), and means (B6) for signing (Sig) the message (m) with the customized data (z; K) in the form of a cipher (C) associated with said message. Advantageously, the physical medium is a smart card (26) or the like.

Abstract: A method and system for remotely storing a user's admin key to gain access to an intranet is presented. The user's admin key and intranet user identification (ID) are encrypted using an enterprise's public key, and together they are concatenated into a single backup admin file, which is stored in the user's client computer. If the user needs his admin file and is unable to access it in a backup client computer, he sends the encrypted backup admin file to a backup server and his unencrypted intranet user ID to an intranet authentication server. The backup server decrypts the user's single backup admin file to obtain the user's admin key and intranet user ID. If the unencrypted intranet user ID in the authentication server matches the decrypted intranet user ID in the backup server, then the backup server sends the backup client computer the decrypted admin key.

Abstract: An authentication mechanism for use in network-based services generates an authentication token. The authentication token is provided to a client device as part of the code comprising a content page. The content page code is received and loaded by a browser application at the client device. When the content page code is received and loaded by the browser application, the authentication token is loaded by the browser as well. Upon receiving subsequent input, the browser application may send a content request to the server. The content request includes the authentication token maintained by the browser application in the content page. A server may validate the authentication token provided in the request using version information and one or more master authentication tokens.