Abstract: A system and method that facilitates entities acting as agents to manage plural domains for plural registrants includes a domain manager capable of direct attachment to the shared registry system. The domain manager resides on a server of an accredited registrar or on a server of a partner website that has made a server of an accredited registrar authoritative for at least plural domain names. A variety of DNS or zone file information can be altered using simple graphical user interfaces to enter change information and pass that change information to the domain manager server. The domain manager server passes the change information to the DNS servers either directly through the SRS or through an accredited server that passes the change information through the SRS and to the root servers. Most preferably, the domain manager has substantially direct access to the shared registry system, which asynchronously updates the DNS servers.

Abstract: An apparatus and method for authentication having a processor and at least one activator coupled to the processor is claimed. A signature generator is coupled to the processor and capable of generating a secure identifier. An emitter coupled to the signal generator capable of emitting the secure identifier. A receiver receives the emitted secure identifier and verifies that the secure identifier was appropriately transmitted. The public key corresponding to the key identifier transmitted is accessed to determine the validity of the secure identifier using the accessed key and that the time indicated in the received secure identifier is verified to be within acceptable time tolerances.

Abstract: A contents database in which data of contents enciphered by a C key is stored and provided for a contents server, wherein the contents data enciphered by the C key are enciphered by an M key and sent to a user machine. In the user machine, the contents data enciphered by the C key are stored in a storage device. Upon reproduction, the contents data enciphered by the C key from the storage device are sent to an enciphering/decoding processing unit and decoded and charging is performed in accordance with the C key. A dynamic authenticating code which dynamically changes with the elapse of time is added to the C key.

Abstract: A data storage manager is provided attached to a data processing network having at least one host device and at least one storage volume. System resources are allocated among a plurality of storage tiers, each tier having at least one partition. At least one host device and at least one storage volume are associated with each partition and at least one application is associated with each partition of the lowest level storage tier. The storage manager also includes a user profile table which identifies various users along with a log-on code, at least authorized one IP address range and at least one authorized command. The storage manager also includes a verification system responsive to a received log-on code and requested operation to restrict the user to authorized IP address range(s) and authorized commands.

Abstract: A method for secure communication between a first end terminal located in a first secure network and a second end terminal located in a second secure network, said first and second networks being separated by a relatively insecure intermediate network, wherein the method including the steps of: selectively routing a communication from the first end terminal to the second end terminal over said relatively insecure intermediate network by means of one or more network elements triggerable to selectively route said communication; and encrypting said selectively routed communication by means of an encryption engine before it traverses said intermediate network, wherein said one or more network elements and said encryption engine are located substantially within said firs secure network.

Abstract: A method for detecting within a networked computer a target vulnerability such as a Trojan Horse residing therein is disclosed, wherein the vulnerability is characterized by a signature response to an encrypted query. The method includes encrypting a plurality of query data packets in accordance with a plurality of encryption keys, each encrypted query data packet including a defined query field specific to the target vulnerability. The method further includes storing the plurality of encrypted query data packets in a memory. The method further includes thereafter scanning the networked computer for a target vulnerability residing within the networked computer by sending successive ones of the encrypted-and-stored query data packets to the host computer and analyzing responses thereto from the host computer with respect to the characteristic signature. Preferably, the encrypting is performed for substantially all of the encryption keys within a defined key space.

Abstract: A namespace management module utilizes a persistent reservation store that associates URI namespaces with one or more permissions. The reservation store can contain a number of reservation entries that each include a URI identifying a URI namespace and a corresponding Access Control List (“ACLs”) that includes permissions for the identified URI namespace. When a request to register a URI namespace is received, the permissions of an appropriate ACL can be checked to determine if the registration is approved. When a resource request is received, permissions of the ACLs can also be checked to determine if the resource request should be routed to a registered process. Preemptive wildcards can be included in aggregated URIs to identify aggregated URI namespaces. Aggregated URIs can be included in registration requests to override the registration of unauthorized processes.

Abstract: A security system for providing gated access for a third party to a secure entity or service and a method for operating the same is disclosed. The security system comprises a portable biometric device and a receiving module connected over a transmission channel. Biometric data in dependence upon a biometric characteristic such as a fingerprint of an authorized person is stored in memory of the portable biometric device. Biometric information of the person is captured, encoded and biometric data in dependence thereupon is provided to a processor. Using the processor the captured biometric data is then compared with the stored biometric data to produce a comparison result. If the comparison result is indicative of a match the first person is enabled to initiate provision of a gating signal for enabling signals provided by the third party to access the secure entity or service. The gating signal is received at a port of the secure entity or service.

Abstract: A method and systems provided for basis conversion in a cryptographic system. The method comprises the steps of a first correspondent transmitting an element represented in the first basis to an intermediate processor, the intermediate processor converting the element into a second basis representation and forwarding the converted element to the first correspondent who then uses the converted element in a cryptographic operation. A further embodiment of the invention provides for the intermediate processor to perform the basis conversion on a field element and then forward the converted element to a second correspondent. A still further embodiment of the invention provides for the correspondents in a cryptographic scheme making use of a bit string as a function of a sequence of traces of a field element, wherein the bit string is a shared secret for performing certain cryptographic operations.

Abstract: A system of distributed group management for generating authentication information relating to a group to which users belong at a high speed on a client side and, at the same time, wherein a server side can verify this at a high speed. This system provides a group certificate issuing apparatus for issuing a group certificate on a client side based on original group information including the name of the group to which the users belong and a group certificate verification unit for verifying a legitimacy of the certificate transmitted from the client side in a server.

Abstract: A method and system for transferring information using an encryption mode indicator (EMI). The present invention provides several secure information communication modes in which data (e.g., representing an audio/visual work) can be transmitted from a source device to a sink device (receiving station) in a number of secure modes. In one secure mode, EMI mode A, the information of the transmission is not allowed to be copied as a whole work; this is the highest level of copy protection. In second secure mode, EMI mode B, the information of the transmission is allowed to be copied once and once only by the sink device. In a third transmission mode, no encryption is used and free copying is available.

Abstract: A digital rights management system for controlling the distribution of digital content to player applications. The system comprises a verification system, a trusted content handler, and a user interface control. The verification system is provided to validate the integrity of the player applications; and the trusted content handler is used to decrypt content and to transmit the decrypted content to the player applications, and to enforce usage rights associated with the content. The user interface control module is provided to ensure that users of the player applications are not exposed to actions that violate the usage rights. The preferred embodiment of the present invention provides a system that enables existing content viewers, such as Web browsers, document viewers, and Java Virtual Machines running content-viewing applications, with digital rights management capabilities, in a manner that is transparent to the viewer.

Abstract: Decoding device with a decoding module (4) that decodes digital digitally encoded image data. The decoding of said image data is dependent on the programming of an FPGA circuit. In a first embodiment, the key generator for the decoding module is provided with an FPGA circuit. In a second embodiment, the decoding module is provided with an FPGA circuit. The FPGA circuit and/or the FPGA memory can be located in a removable chip-card. The content of the FPGA memory can be updated by the sender over different possible transmission channels.

Abstract: In one embodiment, a computer program blocks windows categorized as bad windows, while allowing windows categorized as good windows to be displayed. The computer program may categorize a window by consulting one or more lists. In one embodiment, a list may be updated from time to time to optimize the computer program and prevent program-obsolescence. Techniques for defeating a window-blocking mechanism are also disclosed. In one embodiment, a computer program detects if a window is of a type that offers a product to a user. If so, the computer program provides a separate window containing information regarding the product. In one embodiment, a computer program detects if a user has a need for the computer program. If so, the user is informed of the efficacy of the computer program, which is then offered to the user.

Abstract: A method for creating a secure powerline modem network transmits a private key (y) individually to each of the plurality of powerline modem devices (22) to be secured in a network such that each powerline modem device receives the private key in isolation of the network. Each of the plurality of powerline modem devices store the private key. A public key (X) is computed by a master device (32) in the network to be secured. The public key is transmitted from the master device to the plurality of devices. A shared key (Y) is computed at each of the plurality of powerline devices based on the public key and the private key, and communication within the secured network is performed by employing messages encrypted based on the shared key.

Abstract: A data processing system and method are disclosed for maintaining a secure data block within the system. A block of data is established within the system. The block of data is associated with a particular user and a particular application. A hardware master key pair is established for the system. The hardware master key pair includes a master private key and a master public key. The hardware master key pair is associated with the system for which it was established so that the master private key is known to only that system. The block of data is encrypted utilizing the master public key. The master private key is required to decrypt the encrypted block of data. This data processing system is the only system capable of decrypting the encrypted block of data.

Abstract: A method and system is provided which generates and uses authentication codes so that when one device is connected to another device, the devices can only communicate with one another. The method and system preferably counts the number of times the devices have successfully communicated as part of the authentication process.

Abstract: A mechanism for dynamically constructing service implementations to enforce restrictions on services provided to an application is disclosed. When an application desires an implementation for a particular service, the application makes a request to a framework. The framework receives the request and, in response, determines what restrictions, if any, need to be imposed on the requested implementation. Once the restrictions are determined, the framework dynamically constructs the requested implementation. The requested implementation is constructed such that it incorporates a general implementation of the service, the restrictions, and enforcement logic for enforcing the restrictions on the general implementation. Once the requested implementation is constructed, it is provided to the application. Thereafter, the application invokes the requested implementation directly for services.

Abstract: The method for authorizing access to computer applications is implemented using a computer installation which includes a computer station (1) connected to an inter-computer communication network (9), a read unit (10) connected by an electric cable (2) to the station (1), and at least one personalized portable object (7) in communication with the read unit (10) for the transfer of data. The portable object (7), in particular a wristwatch, includes a memory, several positions of which for access words are kept secret by a read and/or write barrier and at least one position of which for a word is readable. The read unit (10) detects the object (7) close by, reads the readable word and commands the station (1) to connect itself onto a determined server (8) to look in a checking file to see whether the readable word forms part of a list of authorised words. In the affirmative, a password is transmitted to the station (1) so that the read unit (10) sends it to the object (7) to open the read barrier.

Abstract: A method for protecting firewall load balancers from a denial of service attack is provided. Packets are received by the firewall load balancer. Each packet has a source and a destination. The firewall load balancer is equipped with a connection database that can contain entries about the packets. Upon receipt of a packet, the connection database is queried to determine whether or not there is an entry for the received packet. If an entry is found in the database, the packet is forwarded to its destination. Otherwise, if the packet was received from a firewall, then a new connection entry for the packet is built and is saved to the connection database and the packet is forwarded on to its destination. If the packet does not have an entry (match) in the connection database and the packet was not received from a firewall, then the packet is forwarded to a firewall.