Abstract: Aspects for consumer product distribution in the embedded system market are described. The aspects include forming a secure network for distributing product digitation files capable of configuring operations of an adaptive computing engine (ACE), and providing an agent server within the secure network for controlling licenses of the product digitation files, wherein a separation of responsibility and control of the distributing and licensing exists.

Abstract: An electronic memory component provides a plurality of access-secured sub-areas. Each access-secured memory sub-area has at least one assigned parameter, for example, an address. The memory encrypts the assigned parameters of the access-secured sub-areas in such a way that on the one hand the security of such devices is increased considerably and on the other hand the associated expense and technical complexity are not too great. The encryption allows access to at least one sub-area dependent on at least one further sub-area.

Abstract: A method and system for establishing and managing digital cash. This method is to emit and circulate secure electronic cash that allows to use non-homomorphic signature schemes, and avoids having to use blind signature techniques. With one specific embodiment, the method provides anonymous digital cash, and comprises the steps of providing an entity with a secure coprocessor, a user establishing a secure channel to a program running on said coprocessor, and the user sending a coin to be digitally signed to the coprocessor.

Abstract: A system identifies undesirable content in responses sent to a user, such as in e-mail or in downloadable files, from an Internet or intranet site. The system utilizes a redirection program that identifies content requests from a user to a target server. The redirection program redirects the request to a proxy server that sends the request to the target server. Upon receipt of the response from the target server, the proxy server scans the response, which includes any attachments, for undesirable content, such as junk e-mails, computer viruses, pornographic material, and/or other undesirable content. The proxy server then acts upon the response, and any undesirable content, in accordance with default or user-defined parameters, such as removal of the undesirable content. The proxy server may then send the response, as modified, or a notification message to the redirection program forwarding to the user.

Abstract: A data structure with endpoint address and security information. The data structure includes an address field that includes one or more endpoint addresses for an entity. The data structure further includes a security field that includes one or more keys for facilitating secure communications with the entity. The data structure may also be such that the contents of the address field and the security field are serialized in the data structure. The data structure may be extensible such that new address fields and security fields may be added.

Abstract: Communication between an administrator device and an administered device in a network is arranged in the form of a chain of digitally signed communication items including messages sent from an originator device to a recipient device. Each message has an associated respective digitally signed receipt, and the originator device is configured not to send a new item toward the recipient device in the absence of a respective digitally signed receipt for a previously sent item. With at least one, and preferably by both of the administrator device and the administered device, there is stored a history record of communication items exchanged therebetween. The history record is agreed upon and signed by both the administrator device and the administered device.

Abstract: A content reproduction system that allow the user to rent or purchase any desired contents for reproduction without depending on a predetermined type of information of the user. The content reproduction system includes: a recording medium storing a license ticket including an encrypted master key; and a reproduction apparatus that receives from the user a request for a selected content and the information of the selected content, acquires distribution content information corresponding to the selected content, stores it in association with the license ticket into the recording medium. When reproducing the content, the reproduction apparatus generates a content using an encrypted content decryption key and an encrypted content that are contained in the distribution content information, and using a master decryption key information corresponding to the distribution content information, and reproduces the generated content.

Abstract: A method of authenticating candidate members 1 wishing to participate in an IP multicast via a communication network, where data sent as part of the multicast is to be encrypted using a Logical Key Hierarchy based scheme requiring that each candidate member submit a public key to a group controller. The method comprises, at the group controller 1, verifying that the public key received from each candidate member 1 is owned by that member and that it is associated with the IP address of that candidate member 1 by inspecting an interface ID part of the IP address.

Abstract: A self-healing device is provided in which changes made between the time that an infection resulting from an attack on the device was detected and an earlier point in time to which the device is capable of being restored may be recovered based, at least in part, on what kinds of changes were made, whether the changes were bona fide or malware induced, whether the changes were made after the time that the infection likely occurred, and whether new software was installed.

Abstract: A system for providing security in a computing network. The system has a server for distributing policies to be implemented by firewall devices in the network. The firewall devices provide hardware implemented firewalls to communication devices making network connections. The system has logic to allow a connection to be made to the network via a communication device at a node provided the firewall device is at that node. Therefore, the firewall device must be in the system for a connection to be established via the communication device. Additionally, the system is configured to cause data transferred by the communication device to be processed by the firewall.

Abstract: Provided are a method, a system, an article of manufacture, and a computer program product, wherein a first indicator is stored for a first entity, and wherein the first indicator identifies groups to which the first entity belongs and operations associated with the groups. The first entity receives a second indicator from a second entity, wherein the second indicator indicates privileges granted to the second entity for at least one operation on at least one group. A determination is made locally by the first entity, whether an operation requested by the second entity is to be executed by the first entity, based on a comparison of the second indicator to the first indicator.

Abstract: In a wireless communication system, a method and system for implementing the A5/3 encryption algorithm for GSM and EDGE compliant handsets are provided. Input variables may be initialized in a keystream generator and an intermediate value may be generated with a cipher key parameter and a key modifier. A number of processing blocks of output bits may be determined based on a number of bits in an output keystream. The processing blocks of output bits may be generated utilizing a KASUMI operation and may be based on an immediately previous processing block of output bits, the intermediate value, and an indication of the processing block of output bits being processed. The processing blocks of output bits may be generated after an indication that an immediately previous processing block of output bits is available and may be grouped into two final blocks of output bits in the output keystream.

Abstract: An unauthorized apparatus detection device detecting clones of a playback device. In a management server, a reception processing unit acquires a user terminal identifier and a first random number of a user terminal, judges whether a second management server random number, which is stored in a storage unit in correspondence with the user terminal identifier, matches the first user terminal random number. If the two fail to match, a display unit displays a message indicating that a clone exists. If the two match, a terminal information generation unit generates a new random number, and writes the generated random number as the second random number in the storage unit. A transmission processing unit transmits the generated random number to the user terminal via a transmission/reception unit and the user terminal updates the first user terminal random number to the generated random number.

Abstract: In order to create a highly-secured common key while a data error on a transmission path is corrected by an error correction code having remarkably high characteristics, in a quantum key distribution method of the invention, at first a communication apparatus on a reception side corrects the data error of reception data by a deterministic, stable-characteristics parity check matrix for a “Irregular-LDPC code.” The communication apparatus on the reception side and a communication apparatus on a transmission side discard a part of pieces of the common information according to public error correction information.

Abstract: A system and method for use with local area networks (LANs) automatically configures a new device on a LAN by secure encrypted transmission of setup parameters. A remote control (RC) with an infrared (IR) transmitter contains a stored setup command and a security number that is used only once (a “nonce”). Setup of a new device is initiated by pressing a “setup” button on the RC which generates the security number and transmits it and the setup command to the new device via IR. The new device receives the setup command and security number and queries the network for the setup parameters. The RC also transmits the security number via IR to a network member device that contains the setup parameters. The network member uses the security number as an encryption key to encrypt the setup parameters and transmit them over the network. The new device uses the security number as the decryption key to decrypt the transmitted setup parameters.

Abstract: A method for providing a security provider for a client comprises providing a service provider interface, that is compatible with a security framework layer, and one or more services. The one or more services include at least one of, authentication, authorization, auditing, role mapping and credential mapping. The one or more services can be exposed through the service provider interface and the framework layer can expose the one or more services to an application program interface.

Abstract: A method for theft deterrence of a computer system is disclosed. The computer system includes a trusted platform module (TPM) and storage medium. The method comprises providing a binding key in the TPM; and providing an encrypted symmetric key in the storage medium. The method further includes providing an unbind command to the TPM based upon an authorization to provide a decrypted symmetric key; and providing the decrypted symmetric key to the secure storage device to allow for use of the computer system. Accordingly, by utilizing a secure hard disk drive (HDD) that requires a decrypted key to function in conjunction with a TPM, a computer if stolen is virtually unusable by the thief. In so doing, the risk of theft of the computer is significantly reduced.

Abstract: An audio stream is divided into a plurality of audio object (AOB) files that are recorded having each been encrypted using a different encryption key. At least one piece of track management information (TKI) is provided corresponding to each track. Playlist information (PLI) assigns a playback position in a playback order to each track when a plurality of tracks are to be played back one after the other.

Abstract: When an application is loaded into a device (100, 200), the device verifies that the application originates from a trusted operator. The verification implies that the application must, in a secure manner, present itself to the device in such a way that the device can ensure that it originates from the trusted operator. The device identifies the trusted operator as well as the issuer of a SIM (211) located in the device. Thereafter, the device compares the identity of the trusted operator with the identity of the issuer of the SIM, and if the identity of the trusted operator corresponds to the identity of the issuer of the SIM, the previously verified application is installed in a secure execution environment (104, 204, 211) of the device.

Abstract: A system and method for providing distributed security of a network. Several device profilers are placed at different locations of a network to assess vulnerabilities from different perspectives. The device profiler identifies the hosts on the network, and characteristics such as operating system and applications running on the hosts. The device profiler traverses a vulnerability tree having nodes representative of characteristics of the hosts, each node having an associated set of potential vulnerabilities. Verification rules can verify the potential vulnerabilities. A centralized correlation server, at a centrally accessible location in the network, stores the determined vulnerabilities of the network and associates the determined vulnerabilities with attack signatures. Traffic monitors access the attack signatures and monitor network traffic for attacks against the determined vulnerabilities.