Abstract: The present embodiments extend to methods, systems, and computer program products for enforcing device settings for mobile devices. Generally, a computer system enforces appropriate mobile device settings (e.g., policy and/or configuration settings) prior to permitting a mobile device to access maintained data. The computer system receives a request from a mobile device. The computer system determines that current mobile device settings are not appropriate for accessing the maintained data. The computer system sends device settings, representing a new mobile device configuration that is appropriate for accessing the maintained data, to the mobile device. The computer system receives an indication that the mobile device is configured in accordance with the device settings. The computer system permits the mobile device to access the maintained data in response to receiving the indication that the mobile device is configured in accordance with the device settings.

Abstract: Facilitating a transaction between a first party and a second party includes, prior to initiating the transaction, one of the parties obtaining an artificially pre-computed OCSP response about a specific digital certificate, where the artificially pre-computed OCSP response is generated by an entity other than the first party and the second party, one of the parties initiating the transaction, in connection with the transaction, the first party providing the specific digital certificate to the second party, and the second party verifying the specific digital certificate using the artificially pre-computed OCSP response. The second party may obtain the artificially pre-computed OCSP response prior to the transaction being initiated. The second party may cache the artificially pre-computed OCSP response for future transactions. The first party may obtain the artificially pre-computed OCSP response prior to the transaction being initiated.

Abstract: A method for linking of a first characteristic of a first device and a second characteristic of a second device by a server is disclosed. The method comprises the steps of selecting a first linking information and a second linking information, the first linking information matching to the second linking information, sending from the server the first linking information to the first device and the second linking information to the second device, presenting by the first device the first linking information and by the second device the second linking information, entering into the first device an indication of the matching of the first linking information and the second linking information, and based on the entered indication of the matching, sending to the server a matching confirmation for confirming the matching to the server, and associating the first characteristic and the second characteristic based on the received matching confirmation.

Abstract: A method and system for managing an intrusion on a computer by graphically representing an intrusion pattern of a known past intrusion, and then comparing the intrusion pattern of the known intrusion with a current intrusion. The intrusion pattern may either be based on intrusion events, which are the effects of the intrusion or activities that provide a signature of the type of intrusion, or the intrusion pattern may be based on hardware topology that is affected by the intrusion. The intrusion pattern is graphically displayed with scripted responses, which in a preferred embodiment are presented in pop-up windows associated with each node in the intrusion pattern. Alternatively, the response to the intrusion may be automatic, based on a pre-determined percentage of common features in the intrusion pattern of the known past intrusion and the current intrusion.

Abstract: According to one embodiment, a backup system for an image forming apparatus includes: the image forming apparatus including an original data storage unit configured to store data, the image forming apparatus sending a backup copy of the data; and a backup apparatus electrically communicating with the image forming apparatus, the backup apparatus including a backup copy storage unit configured to save the backup copy received from the image forming apparatus, wherein the image forming apparatus further includes: a key generation unit configured to uniquely generate a key from an input key seed; an encryption and decryption unit configured to execute an encryption process and a decryption process in a symmetric-key cryptosystem using the key generated from the key seed by the key generation unit; and a nonvolatile memory unit configured to pre-store a first key seed, and the backup apparatus further includes: a nonvolatile memory unit configured to pre-store a second key seed.

Abstract: A system and method for creating a trusted network capable of facilitating secure transactions via an open network using batch credentials, such as batch PKI certificates, is presented. A certificate is bound to a group, or batch, or devices. This certificate is referenced by an activation authority upon processing a request for service by a device. Information regarding the device batch certificate is maintained in a permanent, or escrow, database. A user identity is bound to a device, as a device key is used to sign a user key created on the device in the presence of the user, and a copy of the device key is later used to decrypt the signed user key upon its transmission and receipt.

Abstract: Apparatuses and methods may include creating at least one of a scramble key and a descramble key using a Copy Protection (CP) key that existed prior to a refresh period and using a value created at a time associated with the changing of a channel during the refresh period, and using the at least one of the scramble key and the descrambled key until the CP key is refreshed at an end of the refresh period.

Abstract: A method and apparatus for processing information, method and apparatus for manufacturing an information recording medium, an information recording medium, and a computer program are provided. An information processing apparatus for playing back a content recorded on an information recording medium and includes a data transform processor performing a substitution process on content member data recorded on the information recording medium. The data transform processor substitutes transform data as substitute data for the content member data in accordance with a fix-up table holding recording position information of the transform data.

Abstract: A system and method allows a user to automatically configure a new device on a local area network (LAN) by pressing a sequence of buttons on a conventional remote control (RC) while pointing the infrared (IR) transmitter of the RC at the new device. The button-sequence includes an arbitrary button-sequence selected by the user, or a pre-established button-sequence stored in an existing network member device, such as the network controller, and displayed to the user. The button-sequence represents a cipher key for an encryption/decryption algorithm. The network member device uses the cipher key to encrypt a configuration message that includes a shared network security key and transmit it over the network. The encrypted configuration message is received by the new device and decrypted using the same cipher key.

Abstract: A wireless network system and a communication method, where an external network device easily and temporarily logs in and out of the wireless network. A key management device of the wireless network system includes a limited communication unit that receives encryption information from a wireless network device, a storage unit that stores authentication information for authenticating the wireless network device, and a key creating unit that creates an encryption key using the received encryption information to allow the wireless network device to log onto the wireless network. The key creating unit also transmits the created encryption key to the wireless network device.

Abstract: An integrated circuit has a first component that has a dynamic characteristic that varies among like integrated circuits, for example, among integrated circuits fabricated using the same lithography mask. Operating the first component produces an output that is dependent on the dynamic characteristic of the first component. A digital value associated with the integrated circuit is generated using the output of the first component, and then the generated digital value is used in operation of the integrated circuit.

Abstract: A facility for providing access authorization is provided. The facility initially enforces a first, less restrictive policy when making its access control decisions. Subsequent to detecting an anomaly, the facility enforces a second, more restrictive policy when making its access control decisions. The facility returns to enforcing the first, less restrictive policy when the anomaly no longer exists. In another embodiment, the facility enforces a policy after detecting an anomaly and until the anomaly has ended.

Abstract: A method, system, and device for encrypted packet inspection allowing an authorized third party device to monitor cryptographic handshaking information (full- duplex) between two other devices and together with the secret private key then transparently decrypt the bulk encrypted data stream. The scope of this invention encompasses many applications, three examples of which are firewalls, load balancers, and local network caches. Additionally, this invention achieves and contributes to the efficient handling of encrypted information in other ways, three examples of which are making switching, routing, and security decisions.

Abstract: Improved intrusion detection and/or tracking methods and systems are provided for use across various computing devices and networks. Certain methods, for example, form a substantially unique audit identifier during each authentication/logon process. One method includes identifying one or more substantially unique parameters that are associated with the authentication/logon process and encrypting them to form at least one audit identifier that can then be generated and logged by each device involved in the authentication/logon process. The resulting audit log file can then be audited along with similar audit log files from other devices to track a user across multiple platforms.

Abstract: Scalable session management is achieved by generating a cookie that includes an encrypted session key and encrypted cookie data. The cookie data is encrypted using the session key. The session key is then signed and encrypted using one or more public/private key pairs. The encrypted session key can be decrypted and verified using the same private/public key pair(s). Once verified, the decrypted session key can then be used to decrypt and verify the encrypted cookie data. A first server having the private/public key pair(s) may generate the cookie using a randomly generated session key. A second server having the same private/public key pair(s) may decrypt and verify the cookie even if the session key is not initially installed on the second server. A session key cache may be used to provide session key lookup to save public/private key operations on the servers.

Abstract: A first user's trust level with regard to a second user can be determined by providing questions to the second user, with the questions based on a previously-collected knowledge base including information about the first user. The information about the first user may be partitioned into levels of trust, and the second user's responses to the questions may be evaluated to determine which level of trust the second user is entitled to. The knowledge base may be assembled by prompting the first user for information and/or by scanning or otherwise collecting already-existing data about the first user. The knowledge base and/or trust assessment may be distributed across a network, and in some embodiments the knowledge base or parts thereof is distributed to other users according to the trust level of those users.

Abstract: In a method of publishing creative content to at least one local digital display device, a first unit of the creative content is stored on a first portable digital storage medium in an encrypted format. The digital replication is encrypted with a selected one of a plurality of private encryption keys. The first portable digital storage medium is transferred to the local digital display device. A preselected public key is entered into the local digital display device. The preselected public key corresponds to the selected one of the plurality of private encryption keys. At least a portion of the first unit of the creative content is decrypted by employing the public encryption key using a public key/private key decryption algorithm. The portion of the creative content is displayed on the local digital display device.

Abstract: Provided are systems for authenticating the identity of a user for use in a distributed computer network including multiple sets of access credentials. A user request, including the user's input credentials, is received, and then compared simultaneously to multiple sets of access credentials in order to verify the user's input credentials. When the user's input credentials are verified, the appropriate level of access authority is then determined, and proper access is granted to the user.

Abstract: There is described an authentication system in which during an enrolment process a distinctive characteristic of a subject being enrolled is measured to generate a reference number representative of the subject. Authentication data is then generated using the reference number, and the authentication data is stored for use in a subsequent verification process. During verification, the representative characteristic of the subject being verified is re-measured to generate a test number representative of the subject being verified and the authentication data during enrolment is retrieved. The authentication system then checks for equality between the test number and the reference number using the retrieved authentication data. If the test number and the reference number are equal, then the authenticity of the subject is verified, otherwise the authenticity is denied.

Abstract: Example embodiments relate to an encryption and decryption method for a conditional access content, including (a) extracting a marker (Mc) from a data packet (DP); (b) creating a first marking block including the marker (Mc) and a second padding value (PAD2); (c) encrypting the first marking block with a second encryption key (K2); (d) encrypting a second encrypted marking value (MK2) of the first encrypted marking block; (e) creating a mixed marking block including the second encrypted marking value (MK2) a the first encrypted padding element (PADK1); (f) decrypting the mixed marking block a device of the first encryption key (K1), in order to obtain a decrypted mixed marking block; (g) extracting a predetermined part of the decrypted mixed marking block; (h) comparing the extracted part with a reference value (Mc; PDV2); and (i) if the comparison leads to an identity, determining a new set of encryption parameters different to the first set of encryption parameters and repeating steps b) to h) in which the