Abstract: A method and apparatus for verifying the authenticity and integrity of an ordered sequence of digital video frames, without having access to the original recording, by embedding therein a respective series of digital signatures based on a secret key, or keys, and on the video content of respective frames. Signatures are camouflaged by embedding in transform coefficients of a transformed representation of the video data in parts of the frame corresponding to motion. If there is sufficient motion to contain all of the signature bits, a supplementary technique embeds in high-texture areas of a frame. A final fall-back is to embed in a pre-defined default zone. A method of predicting when supplementary embedding is needed enables the process to be applied in a single pass allowing real-time operation. Verification is done during decoding by comparing, for identity, embedded signatures with signatures calculated anew using the method employed to embed.

Abstract: A human interaction proof may restrict access to computer systems by testing the image orientation detection capabilities of the user making the access attempt. The human interaction proof includes a challenge where a plurality of images is presented. The images in the challenge may be drawn from image databases or the Internet, and may be part of a set of images that have been screened for difficulty with respect to computers. Some of the presented images are rotated away from their proper orientations. A user presented with the challenge is asked to differentiate the rotated images from the non-rotated images. A correct response leads to a grant of access, and an incorrect answer leads to a denial of access. The images in the challenge may be further modified with regard to color, lighting, cropping, etc. before presentation; the modifications increase the difficulty of the challenge for computers.

Abstract: Computing endomorphism rings of Abelian surfaces over finite fields is described. In one aspect, an endomorphism ring of an Abelian surface over a finite field is probabilistically computed. A genus-two curve is generated based on the probabilistically determined endomorphism ring. The genus-2 curve is used for encryption and decryption operations and a cryptosystem.

Abstract: A method for detecting a security breach in a network comprises at one of a plurality of transceivers each having a different media access control address, receiving a signal from an access point, the signal representing one or more packets of data, determining a source media access control address for each of the packets, and alerting the access point when the source media access control address of one of the packets is the media access control address of the transceiver.

Abstract: A method and apparatus for controlling connectivity comprising a connectivity control element coupled between an interface connector and an interface circuit, and an interface controller, coupled to the connectivity control element, for authenticating a peripheral device and controlling connectivity between the interface connector and the interface circuit based upon authentication of the peripheral device.

Abstract: A copy protection method and a copy protection system are disclosed. The system includes a private key verifier receiving a media certificate that includes a private key identification of a compliant playing device and searching for an actual private key corresponding to the private key identification, an intermediate key decryptor receiving an encrypted intermediate key and decrypting the intermediate key with the actual private key, a media key decryptor obtaining an original media key by decrypting the decrypted intermediate key with a media identification; and a media data decryptor receiving an encrypted media data set and decrypting the media data set with the original media key. The method and system of the present invention are applicable to all types of digital media data, and it makes no assumption of any specific media properties.

Abstract: A system and method of using a controller and firewall devices. Each of the firewall devices operate in an active mode during normal operation. The method may include the steps of determining when a first and/or second redundant data packet is received from a first/second firewall device, respectively, determining a valid sequence number, and transmitting the first/second redundant data packet to a target device when a sequence number of the first/second redundant data packet matches the valid sequence number and a first/second logical condition is satisfied, respectively. The first/second logical condition is at least one of the second/first firewall device is failed, a sequence number of the second/first redundant data packet varies from the valid sequence number, and the first/second firewall device is a primary firewall device.

Abstract: A computer connected to a memory. The computer to execute an encryption program in the memory. The encryption program including an incremental modular multiplication portion to calculate a first product. The incremental modular multiplication portion to calculate a second product from a prefixed first product. A modular reduction portion to reduce the second product. The reduced second product is provided to a multiplication portion of the encryption program to generate encryption keys.

Abstract: An information processing apparatus decrypts, using meta data, encrypted data obtained by encrypting stream data including successive frames according to an encryption method in which, when the stream data is sequentially encrypted on a frame-by-frame basis, a key used for encrypting each frame is updated according to a predetermined rule. The meta data includes the plurality of keys used for encrypting the stream data and update information for identifying update timings of the keys. The apparatus includes a decrypter for acquiring the encrypted data and decrypting each frame using the key used for encrypting the frame and a meta data acquirer for acquiring the meta data and delivering one of the keys corresponding to the frame to the decrypter in accordance with the update information. The meta data acquirer includes a corrector for detecting an error in the update information and correcting the update information if an error has occurred.

Abstract: Described is a system and method for receiving a data packet including a destination address and a source address, the data packet corresponding to a port number, assigning an address risk value for the data packet based on the source address and a port risk value for the data packet based on the port number. The data packet is categorized into a community based on the source address, wherein the community is predefined by a user corresponding to the destination address, the community includes a utility value. The address risk value and the port risk value are compared to the utility value to yield a benefit coefficient and the data packet is treated based on the benefit coefficient.

Abstract: A method for protecting sensitive data in an entry of a log file for later audit, which includes encrypting the sensitive data in the log entry by using a random cryptographic key for each auditor authorized to access the log entry, encrypting the random cryptographic key by using an auditor's personal cryptographic key, and for each auditor not authorized to access the log entry, encrypting a fake cryptographic key having the same properties as the random cryptographic key by using an auditor's personal cryptographic key.

Abstract: A signature generation apparatus and a signature verification apparatus which can prevent the occurrence of norm zero vector forgery attack. The signature generation apparatus (110) includes a signature generation unit (114) which generates signature data (S) for a message (m) using a private key stored in a private key storage unit (112), and converts the format of the signature data (S) so that the first sub-element of the N sub-elements in the signature data (S) indicates 0 without changing the norm of the signature data (S). The signature verification apparatus (120) includes a signature verification unit (124) which judges whether or not the first sub-element of the N sub-elements included in the signature data (S) indicates 0, and determines the signature data (S) as unauthorized data when judging that it is not 0.

Abstract: Methods and computer program products for creating sketches of a document, which are compared with sketches of other documents, in order to determine the documents' degree of similarity. A sketch is a digest of information from random locations within a document. A document is divided into a set of shingles. Each shingle is converted into a set of fingerprints. A sketch is determined based on one bit fingerprints thus created. In order to create additional sketches of the document, a new set of fingerprints are created by randomization techniques.

Abstract: An authentication method and system in a communication system are provided. An MS, a BS and an AAA server acquire a first MSK by a first EAP authentication for the MS in an EAP-in-EAP scheme. After the first EAP authentication, they acquire a second MSK by a second EAP authentication for the MS in the EAP-in-EAP scheme.

Abstract: A hashing method and system. The method comprises receiving by a computing system, a user password. The computing system generates a first hash for the user password. The computing system generates a second hash for a system parameter and performs an operation relating the first hash to the second hash to generate a first combination value. The computing system generates a third hash for the first combination value. The computing system receives a specific password for requesting access to the computing system. The computing system generates a fourth hash for said specific password and performs an operation relating the fourth hash to the second hash to generate a second combination value. The computing system generates a fifth hash for the second combination value. The third hash is compared to the fifth hash to determine that the third hash matches the fifth hash. Access is enabled to the computing system.

Abstract: A method and device for using a partial public key in a cryptosystem. The cryptosystem may be based on a group, such as an elliptic curve over a finite field. The device includes a first memory for storing system parameters of the cryptosystem and a second memory for storing a portion of a public key of the cryptosystem. The device receives the complete public key, or the remainder of the public key, via communication with another device. The received portion of the public key is used to form a validated public key. A processor of the device uses the validated public key for encrypting messages and/or verifying signatures. The size of the second memory is reduced since only part of the public key is stored.