Abstract: A secure authentication system, computer program recording medium and method enable secure transaction with authentication to eradicate fraud. A customer is authenticated via a customer application executed on a communication device. A customer-paced communication session is enabled between the customer application and a transaction system via a network connection. A customer continuity factor is monitored in maintaining the communication session. In response to receiving a customer request via the customer application, a level of trust in current authentication of the customer is determined based on the user continuity factor. In response to the level of trust being below a trust threshold, the customer is directed via the customer application to provide a customer request comprising a customer-supplied image having a specified contextual element. The communication session is re-authenticated to process the user input by the transaction system based on verification of the received user-supplied image.

Abstract: In accordance with one embodiment, a method for securing data is disclosed. The method includes sensing multi-dimensional motion of a body part of a user to generate a multi-dimensional signal; in response to the multi-dimensional signal and user calibration parameters, generating a neuro-mechanical fingerprint; and encrypting data with an encryption algorithm using the neuro-mechanical fingerprint as a key.

Abstract: In an approach for managing user profiles, a computer identifies a first user profile and one or more additional user profiles, wherein the first user profile is active on a computing device. The computer receives streaming data. The computer receives a trigger wherein the received trigger includes biometric data. The computer identifies a second user profile from the identified one or more additional user profiles that is associated with the received trigger. The computer compares biometric data from the second user profile with the biometric data in the received trigger. The computer determines whether the biometric data matches, within a defined tolerance level, the biometric data in the second user profile.

Abstract: Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a possible attacker. A log-in process or a user-authentication process, is augmented or enriched by one or more incidental tasks, which force the user to perform additional on-screen interactions or input-unit interactions, which in turn enrich and augment the pool of user interactions from which the system extracts one or more user-specific features. The extracted user-specific features are used as part of the user authentication process, and are further used to differentiate among users.

Abstract: A panelist identification device for determining an identity of a panelist based on an input interaction pattern of the panelist is provided. Additionally, a method for determining an identity of a panelist based on an input interaction pattern of the panelist is provided. Further, a computer-readable storage device having processor-executable instructions embodied thereon is provided. The instructions are for determining an identity of a panelist based on an input interaction pattern of the panelist.

Abstract: Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, detecting a possible cyber-attacker, detecting a remote access user, and detecting an automated script or malware. The methods include monitoring of user-side input-unit interactions, in general and in response to an interference introduced to user-interface elements. The monitored interactions are used for detecting an attacker that utilizes a remote access channel; for detecting a malicious automatic script, as well as malicious code injection; to identify a particular hardware assembly; to perform user segmentation or user characterization; to enable a visual login process with implicit two-factor authentication; to enable stochastic cryptography; and to detect that multiple users are utilizing the same subscription account.

Abstract: Systems and methods for encrypting a plaintext logical data object for storage in a storage device operable with at least one storage protocol, creating, reading, writing, optimization and restoring thereof. Encrypting the plaintext logical data object includes creating in the storage device an encrypted logical data object including a header and one or more allocated encrypted sections with predefined size; encrypting one or more sequentially obtained chunks of plaintext data corresponding to the plaintext logical data object thus giving rise to the encrypted data chunks; and sequentially accommodating the processed data chunks into the encrypted sections in accordance with an order the chunks are received, wherein the encrypted sections serve as atomic elements of encryption/decryption operations during input/output transactions on the logical data object.

Abstract: A privacy region-masking device of an automobile black box system includes a masking region configuration module for constructing a masking region on an internal image of a vehicle and a key management module for creating and managing a masking key which is used for masking the masking region on the internal image of the vehicle. The privacy region-masking device further includes a masking execution module for masking the masking region on the image using the masking key, thereby generating a masked image adaptable to protect the privacy of a passenger.

Abstract: A common key block encryption device includes a first hash unit applying locked key permutation to a variable-length s-bit plaintext, and outputting a fixed-length n-bit first block and a second (s-n)-bit block; a first encryption processing unit outputting a third block encrypted by element of n-bit block tweakable block cipher using tweak, inputting the first block; a second encryption processing unit generating a random number (s-n)-bit block with a result of group computation of the third block and the first block as input by using an arbitrary cipher having theoretical security at least against a known-plaintext attack; and a second hash unit applying the locked key permutation to the result of the group computation of the random number block and the second block, and to the third block to output a fifth n-bit block and a sixth (s-n)-bit block. The fifth and sixth blocks are concatenated into an s-bit encryption.

Abstract: A device and method of collision-free hashing of near-match inputs that includes the following components. An adder for receiving an input i, a check value cv, and outputs n, which is greater than or equal to the sum of i and cv. A checker for receiving a value n, a value d, a first polynomial, and an output at which the first polynomial appears if the checker determines that the first polynomial is of degree proportional to d and divides xn+1. A factorization block for factoring the first polynomial into a second polynomial and a third polynomial. A first division block for dividing an input of bit length i by the second polynomial to generate a first portion of the hash of the input. A second division block for dividing the input by the third polynomial to generate a second portion of the hash of the input.

Abstract: An end user system comprises a communication interface configured to receive content in a protected state and transfer the content in the protected state, a processing system coupled to the communication interface and configured to receive the content in the protected state, process the content with a key hard coded internally to the processing system to modify the content to an unprotected state, and transfer the content in the unprotected state, and a user interface coupled to the processing system and configured to receive the content in the unprotected state and output the content.

Abstract: Techniques are provided for processing data. Connections having different security properties are stored, wherein each of the connections allows applications at the client computer to access data sources at a server computer. A request is received from an application to access a data source, wherein the request has associated security properties. In response to the client computer requesting establishment of a connection on behalf of the application, it is determined whether there is a stored connection that used a same set of security properties as are associated with the request from the application and that connected to the data source that the application requests access to. In response to determining that there is a stored connection that used the same set of security properties and that connected to the data source, the connection and an associated client encryption seed, client encryption token, server encryption seed, and server encryption token are re-used.

Abstract: In order to develop a method for carrying out a protected function of an electrical field device in such a manner that a high degree of security against unauthorized accesses to the electrical field device can be ensured irrespective of the nature of the communication link between a user and the electrical field device, an identification device for the electrical field device and a security device are used to check whether a stated protected function of the electrical field device can be carried out, or should be refused. The invention also relates to an appropriately configured electrical field device.

Abstract: Technologies are disclosed to transfer responsibility and control over security from player makers to content authors by enabling integration of security logic and content. An exemplary optical disc carries an encrypted digital video title combined with data processing operations that implement the title's security policies and decryption processes. Player devices include a processing environment (e.g., a real-time virtual machine), which plays content by interpreting its processing operations. Players also provide procedure calls to enable content code to load data from media, perform network communications, determine playback environment configurations, access secure nonvolatile storage, submit data to CODECs for output, and/or perform cryptographic operations. Content can insert forensic watermarks in decoded output for tracing pirate copies.

Abstract: A method for controlling file access on computer systems is disclosed. Initially, a virtual machine manager (VMM) is provided in a computer system. In response to a write request, the VMM determines whether or not a location field is valid. If the location field is not valid, then the VMM writes the write request information to a storage device; but if the location field is valid, then the VMM encrypts the write request information before writing the write request information to the storage device. In response to a read request, the VMM again determines whether or not a location field is valid. If the location field is not valid, then the VMM sends the read request information to a read requester; but, if the location field is valid, then the VMM decrypts the read request information before sending the read request information to the read requester.

Abstract: A storage device may include a storage unit that stores data transmitted via a plurality of first wires; and a security control unit that controls connection between each of a plurality of second wires connected to an external device and each of the plurality of first wires by programming a plurality of switching devices according to an encryption key.

Abstract: A method is provided for authenticating micro-processor cards to determine whether a card is a genuine card or a fake card. Authentication is performed by a checking program of at least one card reader terminal. The program sends to each card commands belonging to a standard and public set of commands. The method includes: modifying the checking program in the terminal or terminals, in such a way that the program additionally sends, to each card to be authenticated, at least one additional command, called a secret command, from a set of at least one additional command, pre-inserted into each genuine card, and different from the standard and public set of commands; and a step of detecting authenticity of the card, if the secret command is recognised and/or processed correctly, or the presence of a clone, if the secret command is not recognised and/or is processed wrongly.

Abstract: A base station PDCCH (Packet Data Control Channel) apparatus for scrambling transmission packet data to prevent other terminals from recognizing the transmission packet data in a base station including a packet data channel device for transmitting packet data to a terminal and a packet data control channel device for transmitting control information needed for demodulation of the packet data to the terminal. In the apparatus, an encoder encodes the control information and generates a coded control information stream comprised of a stream of a plurality of bits. A scrambler generates a scrambling sequence using unique information known to only the terminal and the base station, and scrambles the coded control information stream with the scrambling sequence.

Abstract: A method and a corresponding apparatus for metering usage of software products on a computer are proposed. The solution of the invention is based on the idea of associating each product with an installation signature (indicative of the installation of the product on the computer) and with a running signature (indicative of the running of the product on the computer). The products that are installed on the computer are asynchronously determined according to their installation signatures; in this way, any ambiguities (for example, caused by different versions and/or configurations of a product sharing the same executable modules) can be resolved in advance. Therefore, when at run-time the invocation of an executable module is detected it is possible to use only the running signatures to identify the corresponding product uniquely (without the need of additional information about the executable module, such as its size).

Abstract: An apparatus and corresponding method and computer program comprises a key mixing circuit to generate N groups of AES Blocks, each generated based upon a key, a transmitter MAC address, and a start value for a packet number. An input circuit receives N encrypted MPDUs, each comprising the transmitter address and one of N values for the packet number. Each of the N values for the packet number is greater than, or equal to, the start value for the packet number. A decryption circuit decrypts each of the N encrypted MPDUs using the respective one of the N groups of AES Output Blocks. The key mixing circuit generates each of the N groups of AES Output Blocks before the input circuit receives the respective one of the N encrypted MPDUs. The predetermined start value is initialized when the apparatus is initialized and incremented when each of the N groups of AES Output Blocks is generated.

Abstract: Secure presentation of media streams includes encoding the media streams into digital content, encrypting a portion of that digital content, the portion being required for presentation, in which the encrypted version is substantially unchanged in formatting parameters from the clear version of the digital content. Selecting those portions for encryption so there is no change in distribution of the media stream: packetization of the digital data, or synchronization of audio with video portions of the media stream. When encoding the media stream into MPEG-2, refraining from encrypting information by which the video block data is described, packet formatting information, and encrypting the video block data using a block-substitution cipher. A block-substitution cipher can be used to encrypt each sequence of 16 bytes of video data in each packet, possibly leaving as many as 15 bytes of video data in each packet in the clear.

Abstract: A method of determining the integrity of a message exchanged between a pair of correspondents. The message is secured by embodying the message in a function of a public key derived from a private key selected by one of the correspondents. The method comprises first obtaining the public key. The public key is then subjected to at least one mathematical test to determine whether the public key satisfies predefined mathematical characteristics. Messages utilizing the public key are accepted if the public key satisfies the predefined mathematical characteristics.

Abstract: A header object for a data file is comprised of sub-objects which specify properties of the data stream and contains information needed to properly verify and interpret the information within the data object. In order to allow the protection of any set of sub-objects without requiring that the sub-objects follow any specific ordering, a new sub-object is introduced which includes region specifiers identifying regions within sub-objects and verification information for those regions. This new sub-object in the header object allows the modification of non-protected regions and reorganization of sub-objects in a header without invalidating verification information.

Abstract: Techniques are provided for dynamically establishing and managing authentication and trust relationships. An identity service acquires and evaluates contracts associated with relationships between principals. The contracts permit the identity service to assemble authentication information, aggregated attributes, and aggregated policies which will drive and define the various relationships. That assembled information is consumed by the principals during interactions with one another and constrains those interactions. In some embodiments, the constraints are dynamically modified during on-going interactions between the principals.

Abstract: A data recording/reproducing method wherein encrypted digital data obtained by subjecting digital data to first encrypting by using a contents key and encrypted contents key obtained by subjecting the contents key to second encrypting are recorded on a recording medium, the encrypted digital data and the encrypted contents key, having been recorded, are reproduced, and the encrypted digital data is decrypted by using the contents key obtained by decrypting the encrypted contents key, thereby to obtain the digital data.

Abstract: A reproducing apparatus for reproducing data from a recording medium and supplying the data to an external apparatus for recording of the data. The reproducing apparatus has a plurality of authenticators for authenticating the external apparatus and the reproducing apparatus selects an authenticator corresponding to a type of the data reproduced from the recording medium and conducts authentication with the external apparatus. After authentication is confirmed, the reproducing apparatus sends the data to the external apparatus to record the data by the external apparatus.

Abstract: The present invention provides permutation instructions which can be used in software executed in a programmable processor for solving permutation problems in cryptography, multimedia and other applications. The permute instructions are based on an omega-flip network comprising at least two stages in which each stage can perform the function of either an omega network stage or a flip network stage. Intermediate sequences of bits are defined that an initial sequence of bits from a source register are transformed into. Each intermediate sequence of bits is used as input to a subsequent permutation instruction. Permutation instructions are determined for permuting the initial source sequence of bits into one or more intermediate sequence of bits until a desired sequence is obtained. The intermediate sequences of bits are determined by configuration bits. The permutation instructions form a permutation instruction sequence, of at least one instruction.

Abstract: A recording method and a recording apparatus whereby digital data is recorded onto a disc as run-length limited code used for modulating marks or spaces on the disc and, at the same time, the recorded digital data is encrypted by using key data which is also recorded onto the same disc by varying the shape of marks or spaces with timing having no effect on the edges of the marks or the spaces. A playback method and a playback apparatus reproduces the digital data and the key data recorded on the disc by the recording method and/or the recording apparatus from the disc with the key data used for decrypting the reproduced digital data.

Abstract: A vehicle control system for permitting voice control of at least one device in a vehicle by at least one user includes a radio transponder unit which outputs an RF signal which includes an identification code; an electronic receiver for receiving the RF signal and down converting the received signal to output the identification code; a microphone for receiving an audible signal spoken by a user and converting the audible signal to a digital signal; a memory for storing a plurality of files, each file comprising a voiceprint of a user and a command instruction for controlling at least one function of the device; and a microprocessor for determining whether the identification code is valid and for analyzing the digital signal to determine whether it matches one of the voiceprints stored in memory if the identification code is determined valid. The microprocessor executes a command instruction to control the function of the device if a match has been found.

Abstract: A loyalty program with game that executes games on a smart card, wherein the loyalty program with game can also be used as a simple loyalty program without game, no major modifications need not be made to shop terminals, and the number of times customers can play games can be limited according to sales amounts, wherein point data managed by a point application is divided into two types: “pre-game points” and “post-game points.” In shops, points are added to the pre-game points. For game execution, the pre-game points are subtracted, and points gained by game are added to the post-game points. Shop terminals need not be modified, and customers not to play game can also enjoy reasonable exchange of gained points. From the viewpoint of system management, by limiting the number of times customers can play game, points gained by game can be prevented from circulating infinitely.

Abstract: The machine involves code wheels in cascade or in a maze with random or mixed circuits which operate a printing device to print the cipher conjugate of the letter on an operated key when the keyboard is connected to one end of the code wheel maze, and to print the plain conjugate of the letter in cipher when a key bearing such letter is operated with the keyboard connected to the other end of the code wheel maze. The printer is connected to the end of the code wheel maze opposite the end to which the keyboard is connected in both cases.

Abstract: The cryptographic system automatically and continuously changes the cipher equivalents representing plaintext characters so as to prevent any periodicity in the relationship. The system has a series of juxtaposed, rotatable, connection changing mechanisms to provide a large number of alternative paths for the passage of an electric current corresponding to a message character. Further, the system has parts for the irregular and permutative displacements of the members of a set of circuit changing mechanisms to thwart cryptanalysis. The juxtaposed cipher commutators are controlled by cam wheels of different diameters.

Abstract: The crytographic system automatically and continuously changes the cipher equivalents representing plaintext characters so as to prevent any periodicity in the relationship. The system has a series of juxtaposed, rotatable, connection changing mechanisms to provide a large number of alternative paths for the passage of an electric current corresponding to a message character. Further, the system has parts for the irregular and permutative displacements of the members of a set of circuit changing mechanisms to thwart cryptanalysis.

Abstract: An optical recording medium includes a transparent substrate having a surface formed with a track of pits. A reflecting layer extends on the surface of the transparent substrate. The pits include first-type pits and second-type pits. The first-type pits are devoid of projecting rims extending along edges thereof while the second-type pits have projecting rims extending along edges thereof.

Abstract: A method and a device for facilitating authorized and simultaneously restraining unauthorized access to a multitude of alphanumeric sequences, for instance for credit cards, code keys and the like. According to the method every correct sequence (e.g. 5533) is encrypted by mathematically manipulating it by means of an encrypting sequence (7221) common to every correct sequence, so that every correct sequence is converted into a fictitious encrypted sequence. The credit card has a carrier (12-16) for carrying and exposing the fictitious sequence. A deciphering of the fictitious sequence is performed by a reversed mathematical manipulation of the fictitious sequence.

Abstract: A method an apparatus for block or stream encrypting text uses an autokeyed rotational state vector to encrypt plain text to yield cipher text. The text is stored as a block in a buffer of an arbitrary number of bytes. Each byte of plain text in the buffer encrypted to yield a byte of cipher text by using a rotational state vector, and the rotational state vector is updated or changed as a function of one or more of: the cipher text, the plain text and a key. The encryption operation is advantageously a series of alternating non-linear and linear transformations. The method of encryption is advantageously involutory in that the encryption method and apparatus for a given key is identical to the decryption method and apparatus with the same key.