Abstract: The present invention relates to an information processing apparatus that allows separately forming regions having different roles. When an area definition region #0100h is newly formed under an area definition region #0000h that is formed on an IC card, information of the area definition region #0100h is encrypted using a service key stored in an area registration service definition region #0020h that is formed in advance, and the encrypted information is supplied to the IC card. Upon receiving that information, the IC card decrypts the encrypted information using the service key stored in the area registration service definition region #0020h. Then, the area definition region #0100h is formed based on the result of decryption. The present invention may be applied to an IC card that exchanges information in a non-contact manner and to an apparatus that exchanges data with the IC card.

Abstract: A method for reauthentication during client roaming in a wireless network system. The network has at least one access server and a plurality of access points registered with the access server. The method includes receiving a registration request at the access server from a new access point for a roaming client registered with the access server and sending a client's session key to the new access point in a registration reply upon authentication of the registration request. The client's session key is configured for use by the new access point to authenticate the client and establish keys for the client. A method for secure context transfer during client roaming is also disclosed.

Abstract: The invention discloses a computing system such as a computer, a Personal Digital Assistant, or a mobile phone, being connected both to an internal network and an external network and being able to quickly and safely switch therebetween without being shut down while ensuring a physical separation between the two networks. When a user inputs a request of switching, a switching unit will set a trigger thereof and generate a consequent non-maskable interrupt to CPU. After receives the NMI, the CPU controls the switching unit to run a switch program kept therein to back up a current status of the system. Then the switch program backs up a current status, controls the switching unit to interrupt all serving programs and loads the other status other than the current status to the computing system, and finally control the switching unit to reset the trigger.

Abstract: A method and apparatus for activating protected content on a portable memory device when the portable memory device is incorporated into a mobile terminal during the manufacture of the mobile terminal. During manufacturing, the portable memory device is coupled to the mobile terminal, and the mobile terminal is powered on. An activation program resident on the mobile terminal is executed upon power on of the mobile terminal. The activation program imports a secure rights database of rights files from the portable memory device, activates an active rights database resident on the mobile terminal based on the imported secure rights database, and disables the secure rights database on the portable memory device to prevent subsequent unauthorized use of the portable memory device.

Abstract: A method, and deterministic random bit generator system operating in accordance with the method, for generating cryptographic keys and similar secret cryptographic inputs which are hard to guess. A seed is input from an entropy source; and an initial state is generated as a function of the seed. When a request to generate a cryptographic key is received a current state, where the current state is initially the initial state, is mixed to generate an out put string and a next state and the current state is set to the next state. The requested cryptographic key is generated from the string; and output. These steps can be repeated to generate successive output strings with assurance of forward and backward secrecy. An encryption system including such a generator is also disclosed.

Abstract: Techniques are provided for initializing, maintaining, updating and recovering secure operation within an integrated system. The techniques, which employ a data access control function within the integrated system, include authenticating by a current level of software a next level of software within an integrated system. The authenticating occurs before control is passed to the next level of software. Further, an ability of the next level of software to modify an operational characteristic of the integrated system can be selectively limited via the data access control function. Techniques are also provided for initializing secure operation of the integrated system, for migrating data encrypted using a first key set to data encrypted using a second key set, for updating software and keys within the integrated system, and for recovering integrated system functionality following a trigger event.

Abstract: The invention provides techniques for secure messages transmission using a public key system to exchange secret keys. A first entity creates public and private keys by generating a product n of two large, randomly chosen prime numbers, and then generating random matrices {A, C}, in the group GL(r,Zn) with a chosen matrix rank r such that AC is not equal to CA, and then generating a matrix B=CAC, and finding a matrix G that commutes with C. Matrices A, B, G and the integers n and r are then published as the public key and matrix C is then kept as the private key. A second entity then obtains the public key and calculates a secret matrix D that commutes with G, and further calculates the matrices K=DBD and E=DAD. The message to be sent is then encrypted using matrix K as the secret key and then sent to the first entity with matrix E. First entity then retrieves secret matrix K using K=CEC and then decrypts the received encrypted message using the retrieved secret matrix K.

Abstract: The invention is a system to secure data. The data security system includes data, a data security system enforcer, a local policy database, and a centralized policy manager. When a block level file access request is received, the data security system enforcer checks the local policy database to see if the file access request is authorized. If the file access request is authorized, then the file access request is performed. Intrusions may be determined based on the type and number of unauthorized file access requests. Forensic analysis may be performed on a database logging file access requests (both authorized and unauthorized).

Abstract: A collation processing apparatus includes user identification information memory means for storing user identification information which identifies a user, collation information input means for inputting collation information, collating means for carrying out collation processing on the basis of the collation information input by the collation information input means, user identification information reading means for reading out predetermined user identification information from the user identification information memory means on the basis of a collation result by the collating means, and output means for outputting, to external equipment, user identification information which has been read out by the user identification information reading means, thereby making it possible to specify a user. By setting a communication address serving as user identification information in the external equipment by address setting means, data communication in which the user is specified can be carried out.

Abstract: A transmitter device receives a request from a user for transmission of user message data to a requested network address on a network. A determination is made at the transmitter device whether or not the requested transmission is authorized. A transmission is sent of the user message data to the requested network address when the requested transmission is authorized. A diagnostic is issued when the requested transmission is unauthorized.

Abstract: A system and method for initializing a SNMP agent in SNMPv3 mode. In one aspect of the invention, a method is provided that allows an operator to securely enter the initial SNMPv3 privacy and authentication keys into a SNMPv3 device and cause the device to enter in SNMPv3 mode. The SNMP manager and SNMP agent both generate an associated random number and public value. The SNMP manager passes its public value to the SNMP agent in a configuration file, which causes a proprietary MIB element in the SNMPv3 device to be set with the public value of the SNMP manager. The SNMP manager reads the public value of the SNMP agent through a SNMP request using an initial valid user having access to the public value of the SNMP agent. The SNMP agent and SNMP manager each independently compute a shared secret using the Diffie-Hellman key exchange protocol.

Abstract: Methods and apparatus to facilitate secured printing in a network environment. Imaging devices on the network are adapted to look for a security key associated with each print job or incoming data stream. If no security key is identified, an imaging device denies the print request, i.e., it accepts the print job and removes it from the print queue, but generates no tangible output. If a security key is identified, a request is sent to another device on the network containing a database of valid security keys in order to validate the identified key. If the other device validates the key, the imaging device generates the tangible output. Otherwise, it denies the print request.

Abstract: Reproduction means of a general-purpose computer (1) reproduces a digital content only when a device ID included in the digital content corresponds to a device ID of a device by which it is intended to reproduce the digital content. When the device ID of the general-purpose computer (1) is altered, a recovery program for recovering an original device ID is downloaded from a recovery program generation server (2), thereby the device ID is recovered. With this arrangement, it is possible to provide a communication system which is capable of recovering a device ID when, for instance, the device ID is altered on account of the reinstall of a program such as an OS or content player.

Abstract: Methods, systems, devices and/or storage media for passwords. An exemplary method tiles an image, associates an index with each tile and optionally determines offsets for select tiles. Further, the tiling optionally relies on probability and/or entropy. An exemplary password system includes an image; a grid associated with the image, the grid composed of polygons; an index associated with each polygon; and an offset associated with each polygon wherein password identification relies on one or more indices and one or more offsets.

Abstract: A system and method for securing intellectual property rights in distributed intellectual property. The present invention grants and polices rights in electronically distributed intellectual property. Use limitations are established by agreement by the content provider and the client. The use limitations are reflected in time-based, usage-based and player based component codes that are used to determine if the client is entitled to use the intellectual property. The present invention further protects the intellectual property from unauthorized use by encrypting the intellectual property with a key created from some or all of the component codes. As the component codes are known to both the client and the content provider, no key exchange is required by the present invention.

Abstract: Described are various methods and systems for preventing unauthorized access to decryption keys on programmable logic devices. In one example, a key memory can operate in a secure mode or a non-secure mode. The non-secure mode allows decryption keys to be read or written freely; the secure mode bars read and write access to the decryption keys. The key memory can support secure and non-secure modes on a key-by-key basis.

Abstract: The invention provides techniques for secure messages transmission using a public key system to exchange secret keys. A first entity creates public and private keys by generating a product n of two large, randomly chosen prime numbers, and then generating random matrices {A, C}, in the group GL(r,Zn) with a chosen matrix rank r such that AC is not equal to CA, and then generating a matrix B=CAC, and finding a matrix G that commutes with C. Matrices A, B, G and the integers n and r are then published as the public key and matrix C is then kept as the private key. A second entity then obtains the public key and calculates a secret matrix D that commutes with G, and further calculates the matrices K=DBD and E=DAD. The message to be sent is then encrypted using matrix K as the secret key and then sent to the first entity with matrix E. First entity then retrieves secret matrix K using K=CEC and then decrypts the received encrypted message using the retrieved secret matrix K.

Abstract: An object is to provide an authentication apparatus with improved effect of preventing unauthorized use, which is applied to personal equipment carrying out a predetermined function. This authentication apparatus includes a functional part carrying out a predetermined function to be used by a user, an electromyogram acquiring part for measuring a change of an electromyogram caused by a motion of a muscle of the user, and a state transition part for implementing a transition into a state in which the user can use the predetermined function of the functional part, according to authentication of the user based on the result of the measurement.

Abstract: An elliptic curve encryption processing method and an elliptic curve encryption processing apparatus enable high-speed elliptic curve encryption processing computations to be realized. In elliptic curve encryption processing computations, two scalar multiplications, kP and lQ, are not performed separately, but the computation process of kP+lQ is performed simultaneously. In the computation of scalar multiplications, kP and lQ are set on a Montgomery elliptic curve By2=x3+Ax2+x. On the basis of a combination of each bit value of k and l from the high-order bits of the binary representation data of the scalar quantities k and l, a computation relation of the next four points based on the computed four points is selected, and based on the selected relation, a process of computing the next four points is repeatedly performed to eventually compute kP+lQ.