Abstract: A method, apparatus, and computer-readable media for detecting a security breach in a network comprising an access point and a plurality of transceivers each having a different media access control address comprises, at one of the transceivers, receiving a signal from the access point, the signal representing one or more packets of data; determining a source media access control address for each of the packets; and transmitting an alert packet to the access point when the source media access control address of one of the packets is the media access control address of the transceiver.

Abstract: A watermarking system includes an encoding data processor operable to generate at least one marked version of an original item of material by introducing one of a predetermined set of code words into a copy of the original material item. The apparatus has a code word generator operable to provide the code word having a plurality of code word coefficients, and an encoding processor operable to combine the code word coefficients with the material. Each of the plurality of code words of the set is uniquely associated with a data word having first and second fields. Each of a set of values of the first field is represented as a first part of the code word having a first plurality of coefficients, and the second field is represented as a second part of the code word having a second plurality of coefficients.

Abstract: A method and apparatus for providing an authentication logic to authenticate a registered caller, the authentication logic to use hashes of one or more random locations within the caller's code base to validate that the caller is registered.

Abstract: A copy protection method and a copy protection system are disclosed. The system includes a private key verifier receiving a media certificate that includes a private key identification of a compliant playing device and searching for an actual private key corresponding to the private key identification, an intermediate key decryptor receiving an encrypted intermediate key and decrypting the intermediate key with the actual private key, a media key decryptor obtaining an original media key by decrypting the decrypted intermediate key with a media identification; and a media data decryptor receiving an encrypted media data set and decrypting the media data set with the original media key. The method and system of the present invention are applicable to all types of digital media data, and it makes no assumption of any specific media properties.

Abstract: Systems and methods for verifying a document. A document having an encoded document data portion that includes assist information and at least one digitally-signed appended one-way hash is inputted. The encoded document data file is decoded and a representation is recovered using the assist information. A verification one-way hash is generated from the recovered representation. The verification one-way hash is then compared to the appended one way hash and the authenticity of the document is verified based on the results of the comparison.

Abstract: A copy-protected-state indicating MPEG-TS data output unit (3) holds a bit stream obtained by previously compressing and encoding image and/or audio data representing that recording desired by the user has ended in failure because the contents is copy-protected. When copy control information (V2) outputted from an IEEE 1394 interface (1) indicates a copy-protected state, a selecting unit (20) selects copy-protected-state indicating MPEG-TS data (V3) outputted from the copy-protected-state indicating MPEG-TS data output unit (3) and outputs it as to-be-recorded MPEG-TS data (V4). Thereby, the data (V3) is recorded.

Abstract: A system is disclosed which facilitates authentication processes with web-enabled wireless devices, including those that do not support the use of cookie files. To facilitate such authentication, a web server analyzes an HTTP request file from a communication device for the presence of security token data. Where none is found, a client is directed to a login page for input of authentication data, such as a user name and password information. Upon proper authentication, the client's communication device is issued a security token using standard HTML—INPUT tags. Thereafter, the web server determines if each additional HTTP request file received from the client includes a security token before responding to the request.

Abstract: A secure method and system of digital data transmission between a sender and a receiver, including a phase of receiver authentication by a symmetrical authentication key sharing algorithm with no transmission of the key, a phase of data watermarking by using the authentication key as the watermarking key, and a phase of transmission of the watermarked data.

Abstract: A server (115) having a communication link comprises an application execution environment, a random IP address generator application (135) executing within the application execution environment of the server to randomly select (205) an IP address, a communications interface configured to send outbound data or to receive inbound data thereby establishing the communications link in coordination with the random IP address generator application and a processor (150). Preferably, the processor is programmed to receive a request from a client (112 or 114) and process the request if an IP address randomly selected at the client synchronously matches the randomly selected IP address at the server. Additionally, the processor can be further programmed to ignore the request from the client if the IP address randomly selected at the client fails to synchronously match the randomly selected IP address at the server.

Abstract: A vehicle obtains from a certification authority a certification that an authentic device is associated with a cryptographic key. The certification certifies that the cryptographic key is bound to information identifying the authentic device. The vehicle utilizes the cryptographic key obtained from the certification authority in cryptographic communication with the remote access device, and determines whether the remote access device is the authentic device based on whether the cryptographic key is successfully utilized in the cryptographic communication. Upon determining the remote access device is the authentic device, the vehicle may communicate further with the remote access device.

Abstract: A system and method for communicating information between a first party and a second party, comprising identifying desired information, negotiating, through an intermediary, a comprehension function for obscuring at least a portion of the information communicated between the first party and the second party, communicating the encrypted information to the second party, and decrypting the encrypted information using the negotiated comprehension function. Preferably, the intermediary does not itself possess sufficient information to decrypt the encrypted information, thus allowing use of an “untrusted” intermediary. The comprehension function may be dynamic with respect to its response to the negotiated comprehension function, and thus permit limitations on the use of the information by the second party. For example, the decryption of the encrypted information may be time limited.

Abstract: A system, method and program of the invention provides an application program tool that generates a password for a user to access a resource. The tool receives as input from a user a global user password and at least one hash key. The tool applies a consistent algorithm to the name of the resource being accessed, such as a domain name for an Internet site, and the hash key, and the global user password to generate the password. The same password is regenerated the next time the user accesses the same resource. The tool automatically populates the resource with the password.

Abstract: A method is provided for using an identity service for protecting identity information during an electronic transaction. The method includes registering an identity client, wherein the identity client possesses an associated multi-component identity. The method further includes regulating access to the multi-component identity such that the identity service authorizes dissemination of fewer than all components of the multi-component identity to an identity requestor. Additionally, a method for providing client identity repair protect a client from fraudulent distribution of electronically available client identity information. Upon detection of fraudulent distribution of identity information, a new identity reference is created and attempts to access an old identity reference are tracked. If the attempts to access the old identity reference are authorized, the attempts are re-directed to the new identity reference. However, if the attempts were unauthorized, access to the new identity reference is denied.

Abstract: A system, method and computer program product are provided for scanning data. Initially, data is received at a network element. Thereafter, a load on the network element is identified. The data is then conditionally scanned at the network element based on the load on the network element.

Abstract: Deterring an attack on a tamper-resistant application program may be accomplished by loading a plurality of agents and starting a plurality of processing threads, each thread executing one of the agents, concurrently executing each agent substantially in parallel to produce a processing result for each agent for an iteration of a stage of protocol processing, storing each processing result in an entry in a buffer associated with each agent, and repeating the executing and storing actions for multiple iterations of the protocol processing. When one of the agents stores a processing result in a last entry of the agent's buffer, the processing results from the first entries in the buffers are combined to produce a combined result, and if the combined result indicates an error, failure semantics may be executed.

Abstract: An apparatus and method thereof for providing a secure path for a digital signal in an intelligent transceiver such as a bi-directional set-top box. A digital signal (e.g., a broadcast signal or a signal received via a cable modem) is received by the intelligent transceiver at a front-end device (comprising, for example, a tuner). The digital signal is descrambled (if it is scrambled) and encrypted (if it is not encrypted) by a first functional block (e.g., an interface card or point of deployment) coupled to the front-end device. Coupled to the front-end device via the first functional block is a second functional block for processing (e.g., decoding) audio and/or visual content within the digital signal. Integrated into the second functional block is a decryption engine for decrypting encrypted signals. Signals from the front-end device are received via the first functional block by the decryption engine integral to the second functional block.

Abstract: A convenient and secure system and method for access to any number of password-protected computer applications, web sites and forms without adding to the user cognitive load and without circumventing the inherent security of such password-protection schemes. An existing password field on a device display is overlaid with password wallet pop-up field which allows a wallet “master” key to unlock the wallet. An application-specific and/or user-specific password is automatically retrieved from the wallet and entered into the password field with no other user action required.

Abstract: A network of radio devices is managed by carrying out a radio device registration at a registering authentication server when it is possible to communicate with all the authentication servers, distributing registration information to the authentication servers, managing the registration information at each one of the authentication servers, carrying out a radio device deletion at a deleting authentication server, distributing deletion information to the authentication servers, and deleting the radio device from the registration information according to the deletion information at each one of the authentication servers.

Abstract: In the key installation system for improving the confidentiality and concealment of the key, a first decrypting circuit decrypts an encrypted key EKEY1(EDK(MK1)) using an encrypted key EDK1(MK1) as the key. A second decrypting circuit decrypts an encrypted key EMK1(KEY1) using the output of the second decrypting circuit, that is, an internal key KEY1 as the key. A third decrypting circuit decrypts the encrypted key EDK1(MK1) using the output of the second decrypting circuit, that is, an internal key MK1 as the key, to generate a final secret key DK1.

Abstract: A method of converting audio data encrypted for anti-piracy and copyright protection to a suitable format so that the data can be played in a portable device. A computer first decrypts the encrypted audio data and inserts information for setting equalizer, then encrypts the audio data lightly with the information for setting equalizer and transmits the data to a portable device. The portable device sets equalizer suitable to the lightly-encrypted audio data using the information for setting equalizer inserted by the computer, then decrypts the lightly-encrypted audio data, and outputs the decrypted audio data while amplifying or attenuating audio data for each band according to the set equalizer. Therefore, heavily encrypted audio data can be playable in a portable device with relatively low computing power and, by setting equalizer mode suitable to a music genre, the audio data can be conveyed to a listener authentically.