Abstract: A security system for monitoring, controlling, and automating one or more work areas and office furniture components, or monitoring, controlling, and automating utility components in other environments such as retail, restaurant, and home applications. The system includes passive and active access authentication devices and active or passive unlocking and lockdown devices for utility components, such as storage components, office furniture components, offices, and work sites. The system may include, for example, a processor, an access authentication device, sensors for monitoring work areas, actuators for controlling and automating work areas, and status and alarm notifiers.

Abstract: A method according to one embodiment may include: receiving a first encrypted signal at a server of a computing network, the first encrypted signal comprising firmware encrypted by a first encryption algorithm having a first complexity level; sending a second encrypted signal over the computing network to at least one managed client in response to the first encrypted signal, the second encrypted signal comprising the firmware encrypted by a second encryption algorithm having a second complexity level, wherein said first complexity level is greater than said second complexity level; and updating existing firmware of the at least one managed client in response to receipt of the second signal at the at least one managed client. Of course, many alternatives, variations, and modifications are possible without departing from this embodiment.

Abstract: A code inspection system produces a dynamic decoy machine that closely parallels one or more protected systems. The code inspection system can analyze and monitor one or more protected systems, and as those protected systems are updated, altered or modified, the dynamic decoy machine, in which potentially malicious code is tested, can also be updated. Thus, the dynamic decoy machine can accurately reflect the current state of the one or more protected systems such that the potentially destructive nature, if any, of suspicious code can be evaluated as if it were in the actual environment of the protected system, without jeopardizing the security of the protected system.

Abstract: Systems and methods are provided for protecting and managing electronic data signals that are registered in accordance with a predefined encoding scheme, while allowing access to unregistered data signals. In one embodiment a relatively hard-to-remove, easy-to-detect, strong watermark is inserted in a data signal. The data signal is divided into a sequence of blocks, and a digital signature for each block is embedded in the signal via a watermark. The data signal is then stored and distributed on, e.g., a compact disc, a DVD, or the like. When a user attempts to access or use a portion of the data signal, the signal is checked for the presence of a watermark containing the digital signature for the desired portion of the signal. If the watermark is found, the digital signature is extracted and used to verify the authenticity of the desired portion of the signal. If the signature-containing watermark is not found, the signal is checked for the presence of the strong watermark.

Abstract: The present invention is related to a method for verifying authorized access, and is specifically a method for verifying authorized access with an improved means of inputting a password, so as to prevent a spectator observing the inputting process from learning the password, and to facilitate memorizing the password. In said method, a user memorizes as a ‘user-friendly’ password, in relation to a reference background predetermined by the user, at least one locations as assignable districts, their order, and their number, but inputs the password by inputting codes that are shown at locations of the assignable districts consisting the memorized password. These codes are randomly determined and shown to the user, so that the codes as password change each time whenever the user asks to enter the system.

Abstract: Reliable end-to-end messaging in which tracking and acknowledgement information are contained in the electronic message that is visible to layers above the transport layer, thereby being independent of what transport protocols, and whether different transport protocols, are used to communicate between the two end points. Furthermore, acknowledgment messages may identify multiple ranges of sequence numbers corresponding to received electronic messages, thereby permitting further flexibility and completeness in acknowledging received messages.

Abstract: Systems and methods for processing textual messages which are integrated with one or more digital attachments is described. These systems and methods are useful in the electronic filing and processing of, for example, image data, and of textual data associated with the image data. One particular application of these systems and methods would be for the electronic filing and processing of dental x-rays with patient claim forms.

Abstract: In an implementation of administrative security systems and methods, access to administrative functions is controlled according to access privileges. A security process can be executed with administrative privilege to initiate an administrative function, and a user process can be executed with non-administrative privilege such that access to the administrative function is restricted. The user process can request initiation of the administrative function via the security process with parameters that include an identification of the administrative function and input arguments to the administrative function.

Abstract: A system and method is provided for handling network communications between a client and a target server on the Internet to protect the privacy and anonymity of the client. For a session between the client and the target server, a routing control server sets up a routing chain using a plurality of Web servers randomly selected from a pool of participating Web servers as routers for routing messages between the client and the target server. To prevent traffic analysis, an “onion encryption” scheme is applied to the messages as they are forwarded along the routing chain. A payment service cooperating with the routing control server allows a user to pay for the privacy protection service without revealing her real identity.

Abstract: A system is provided for upgrading a legacy security system having a legacy control panel and a legacy card reader, without interfering with legacy system operation. A new control panel is installed between the legacy card reader and the legacy control panel. Also, a new token reader is installed next to the legacy card reader and connected to the new control panel. The new control panel passes credentials it receives from the legacy card reader to the legacy control panel, avoiding interference with legacy system operation. When the new control panel receives credentials from the new token reader, it evaluates them against an access rights list administered independently of the legacy access rights list. When the new control panel determines that an access request should be granted, it sends a memorized legacy credential associated with full access rights to the legacy control panel, causing it to open the door.

Abstract: A certificate validation framework allows for the use of plug-ins for a certificate path builder and certificate path validator. Clients can include a web server clients, SSL certificate validation or application code.

Abstract: Described is a method of assigning a network address to a trap, the network address being a dark address of a virtual private network. The network traffic destined for the network address is monitored and a classification of the network traffic is determined. After the classification, a predetermined response is executed based on the classification of the traffic.

Abstract: The present automatic update mechanism provides a method for determining whether computer-readable components loaded within a memory device are at a level of protection specified for protected content that a media application is attempting to process. If a current level of protection provides lower protection that the level specified, a file is updated to achieve at least the level of protection specified by the protected content. Updating the file to achieve the level of protection is performed in a manner that minimizes rebooting of a computing device.

Abstract: Methods and apparatus are provided for creating a secure zone having multiple servers connected to a resource virtualization switch through I/O bus interfaces, such as PCI Express or PCI-AS. Servers connected to the resource virtualization switch using I/O bus interfaces share access to one or more virtualized cryptographic accelerators associated with the resource virtualization switch. Applications on a server or system images running on hypervisor inside server can use cryptographic accelerators associated with the resource virtualization switch as though the resources were included in the server itself. Connections between multiple servers and the resource virtualization switch are secure non-broadcast connections. Data provided to a resource virtualization switch can be cryptographically processed using one or more shared and virtualized cryptographic accelerators.

Abstract: The system delivers a continuous sequence of individual pieces of media information over a communications network to a group of users that selected said media information. The system includes at least one server that transmits the continuous sequence of individual pieces of media information at approximately the same time to each user in the group. The system also includes an application configured to generate a user interface screen. The User interface screen includes a list of available media information, a program guide containing information relating to the media information selected by a user, and an object configured to allow a user to initiate a purchase of a product. Finally, the system includes at least one server configured to maintain an audit log that records data.

Abstract: Methods and apparatus are provided for an entity such as a CPU to efficiently call a cryptography accelerator to perform cryptographic operations. A function call causes the cryptography accelerator to execute multiple cryptographic operations in a manner tailored for specific processing steps, such as steps during a handshake phase of a secured session. The techniques provide efficient use of hardware processing resources, data interfaces, and memory interfaces.

Abstract: Systems and methods that protect transport stream content are disclosed. The system may include a first module and a second module, the first module having a common interface. The second module is coupled to the first module via the common interface. In one embodiment, the first module is a set top box, and the second module is a conditional access card. In one example, the first module demodulates an incoming transport stream, copy protection encrypts the demodulated transport stream and passes the copy protection encrypted transport stream to the second module via the common interface. The second module copy protection decrypts the transport stream received from the first module, conditional access decrypts at least some of packets of the transport stream that were conditional access encrypted, copy protection encrypts the transport stream and passes the copy protection encrypted transport stream to the first module via the common interface.

Abstract: The present automatic update mechanism provides a method for periodically checking for updates to support a trusted environment. During the periodic check, an indication from an update service is received if there is a recommended update. Upon receiving the indication, a new revocation list is downloaded from the update service and saved as a pending revocation list. The pending revocation list is then available for on-demand update when protected content requests a higher level of protection on a computing device than the protection provided by a current level of protection on the computing device.

Abstract: A cipher key is generated by first information shared in secrete between a data transmitting unit 10 and a data receiving unit 20, second information derived from duplication control information of transmit data and third information which is time change information shared between the data transmitting unit and the data receiving unit to cipher data by a CPU 12 by using the above-mentioned cipher key to transmit, from the data transmitting unit 10 to the data receiving unit 20, transmit data in which the duplication control information and the time change information are added to the ciphered data.

Abstract: A system for identifying perpetrators of fraudulent activity includes location logic for locating, extracting, or capturing identifying information from a client communication received from a client device. For example, the location logic may locate, or extract, a variety of message headers from an HTTP client request. The system may also include analyzer logic to analyze the identifying information, for example, by comparing the identifying information with previously captured identifying information from a previously received client communication. Finally, the system may include account identifier logic to identify user accounts associated with the previous client communication in which the same identifying information was extracted.