Abstract: A method for use in a peer-to-peer communication system to ensure valid connections are made in a secure manner includes the steps of receiving an address record for a peer node which includes an ID certificate. The ID certificate is validated and checked to verify that the ID certificate has not expired. Further, the method determines if the node from whom the address record was received is to be trusted, and the number of instances of the IP address included in the certificate is already stored in cache. When the foregoing are completed successfully, i.e. the certificate is valid, not expired, has been supplied by a trusted neighbor, and does not point to an IP address that already exists for different ID's multiple times, the method opportunistically verifies ownership of the ID certificate at the peer node's IP address. That is, the verification of ownership only occurs when the advertiser of the ID is the owner of that ID (or when the ID is to be used).

Abstract: An apparatus generates additional data used to check whether an encoded digital image is changed or not. The apparatus includes a calculation unit and a recording unit. The calculation unit (a) performs a predetermined calculation using the encoded digital image and confidential information and (b) generates the additional data by applying a one-way function to a result of the predetermined calculation. The recording unit records both the encoded digital image and the additional data on a recording medium. The confidential information includes (a) first information unique to the apparatus, and (b) second information unique to an external apparatus connected to the apparatus.

Abstract: A data carrier has stored thereon a secret code and a user's biometric data. In using the data carrier, a data carrier terminal is first authenticated for access to data stored in the data carrier by reading a secret code from the data carrier in a manner known only to an authorized terminal, and then displaying the read secret on the data carrier terminal. If the user determines that the displayed secret code is correct, the user then presents a biometric feature which is read and compared to the biometric data stored on the data carrier. If the read biometric data matches the stored biometric data, then the user is authorized for further use of the data carrier on the data carrier terminal.

Abstract: This invention discloses a method of protecting copyright of a digital video work by using a digital password technology and a digital watermark technology to prevent the unauthorized use of a digital video work. Such method adds password protection of two chrominance arrays of such video work in advance, so that when such video work is published on the Internet, it can only be played in color by a specified player. As long as a user enters the correct password into the specified player, a full color visual effect of such video work can be obtained. If other players are used to play such video work, only a partial gray-scale visual effect can be obtained. Users must request or buy a specific player and a password from the distributor of such video work to play the complete information to prevent piracy.

Abstract: There are provided a method of efficiently establishing a security policy and an apparatus for supporting preparation of a security policy. According to a method of establishing a security policy in six steps, a simple security policy draft is first prepared. The security policy draft is adjusted so as to match realities of an organization, as required, thus completing a security policy stepwise. Therefore, a security policy can be established in consideration of a schedule or budget of the organization.

Abstract: A method and apparatus for a networked computer system including a plurality of devices and a shared resource. In response to one of the devices attempting to access the shared resource and representing itself to the shared resource as a first device, determining whether the device is attempting to access the shared resource through a physical connection through the network that is different than a physical connection used by the first device to access the shared resource, and when it is, denying the attempted access.

Abstract: Provided is a structure enabling dispersion of a load that is incurred by a public key certificate issuer authority or a registration authority. The structure has an issuer authority that issues a public key certificate and registration authorities each of which receives and examines a request for issuance of a public key certificate made by an end entity, wherein the registration authorities are hierarchically structured. Each of registration authorities of a hierarchical level manages registration authorities that rank immediately below or end entities. The registration authority receives a request for issuance of a public key certificate and examines it. This means that a load each registration authority must incur for processing is dispersed. One hierarchical structure of registration authorities is formed under any of various standards which stipulates a security policy, scalability, geographical classification, functional classification, or an organization.

Abstract: A first unit collects and stores data (bar codes 12) and reports to a second unit. The first unit keeps and communicates a first unit current record, for storage, of its (random and unpredictable) activities since last connection and a first unit past record for comparison, of its (random and unpredictable) activities up to last connection. Matching between its previously stored first unit current record and the received first unit past record makes the second unit grant access to the first unit and store the received first unit current record. The same can be done for the second unit by the first unit. Non-coupling invokes provision of extra identification, renewed coupling involving a common default set of records. Records can generate encryption keys. Random data and encryption prevent illegal access.

Abstract: A system for updating a communications key(s) performs an authentication(s) of the unit and/or of the communications system using an update key. By using the update key to perform the authentication(s), the key update system can reduce communications between a home communications system and a visiting communications system by sending the update key to the visiting communications system while maintaining the communications key at the home communication system. For example, in performing a key update, the home communications system generates a communications key, such as a new authentication key SSD-A-NEW, using a sequence RANDSSD generated at the home communications system and a secret key A-KEY maintained at the home communications system and at the unit. The home communications system generates the update key SSD-KEY also using the sequence RANDSSD and the secret key A-KEY.