Abstract: A method for generating a network address in a communication network includes at least one user equipment and a network equipment. The method includes: a) providing a same shared secret key both at the at least one user equipment and at the network equipment; and b) generating at least a portion of the network address at the at least one user equipment and at the network equipment based upon at least the shared secret key.

Abstract: A method of authentication and an image display apparatus incorporating the method are provided. The method of authentication includes determining whether or not an error is generated in an authentication with an externally-connected multimedia source, and upon determination that the authentication error is generated, changing a reset signal to re-attempt the authentication and output to the multimedia source. As a result, successful High Bandwidth Digital Content Protection (HDCP) authentication can be provided at all times.

Abstract: An output job in an image forming apparatus not connected to a network is managed. To accomplish this, an image forming apparatus in an image forming system includes an input unit which inputs document data stored in a recording medium, a verification unit which verifies the validity of the document data on the basis of verification information associated with the input document data, an output unit which forms and outputs an image on a print medium on the basis of the document data, and an output log storing control unit which, when it is determined that the document data is valid, stores, in the recording medium, output log information containing no output image, and when it is determined that the document data is invalid, stores output log information containing the output image in the recording medium.

Abstract: A method and apparatus for performing a multiple Pre-Shared Key (PSK) based authentication in a single procedure is described, where the multiple PSK based authentication generates a combined credential in a terminal by using a plurality of credentials including a user identifier and the PSK, and authenticates the terminal in an authentication server by using the combined credential.

Abstract: Methods and systems for managing data communications are described. The method includes receiving a data communication; analyzing the data communication to determine a particular type of sender or recipient activity associated with the data communication based at least in part on an application of a plurality of tests to the data communication; assigning a total risk level to the data communication based at least in part on one or more risks associated with the particular type of sender or recipient activity and a tolerance for each of the one or more risks; comparing the total risk level assigned to the data communication with a maximum total acceptable level of risk; and allowing the data communication to be delivered to a recipient in response to the comparison indicating that the total risk level assigned to the data communication does not exceed the maximum total acceptable level of risk.

Abstract: A web site can be authenticated by a third party authentication service. A user designates an authentication device that is a shared secret between the user and the authentication service. A web site page includes a URL that points to the authentication service. The URL includes a digital signature by the web site. When the user receives the page, the user's browser issues a request to the authentication service, which attempts to authenticate the digital signature. If the authentication is successful, it sends the authentication device to the user computer.

Abstract: Methods including the steps of: upon sending an IP packet, obtaining, by a sender, a sender identity for a sender of the packet; securely tagging, by a sender, the packet with the sender identity, the packet having a plurality of fixed-length fields concatenated into a single fixed-length virtual field shared between a cryptographic hash and an identity index for supporting multiple distinct identities residing on an IP endpoint; determining, by a receiver, the sender identity by extracting it from the packet; checking, by the receiver, the packet to ensure the packet has been appropriately tagged; and enforcing a security policy, by the receiver, according to the sender identity. Preferably, the step of obtaining includes: accessing, by the sender, a server for obtaining the sender identity; and associating, by the server, the sender identity with the endpoint. Most preferably, the associating is performed using a prefix code for encoding the identities.

Abstract: Utilizing the AAA infrastructure to dynamically allocate the various parameters needed to establish the security association between the Foreign Agent and the Home Agent. The present invention uses the AAA server as a central entity to dynamically generate and distribute the chosen security association parameters needed to support the Foreign Agent and Home Agent security association based on a request from the Foreign Agent. The AAA server can also dynamically assigns a unique SPI value to the Foreign Agent and Home Agent pairs. The various parameters that can be allocated in the present invention include a FA-HA shared secret key or a public/private key pair, an authentication algorithm and mode, a FA-HA secret key lifetime, and security parameter index or security index values. The present invention also can assist in making sure that the Foreign Agent and the Home Agent stay synchronized with respect to their security association.

Abstract: This invention relates to a method and a system for generating user passcodes for each of a plurality of transaction providers from a mobile user device. A method and system for activating a plurality of passcode generators on a user device configured with a passcode application installed on the user device is provided. Each of the passcode generators may correspond to a different user account or transaction provider, such that each passcode generator provides a user passcode configured for the corresponding account or transaction provider. One or more of the passcode generators may include a passcode generating algorithm and a passcode key. Access to one or more of the passcode generators may require providing a PIN or a challenge.

Abstract: In one embodiment, a method for securely transferring entitled data from one or more devices in a customer's network to a vendor's network via a public network is described. The data is obtained from a collection module communicatively coupled to the devices. The obtained data is transformed into a format that is recognized by a backend server present in the vendor's network. The transformed data is then assorted by associating the transformed data with corresponding one or more devices. Finally, the assorted data is then encrypted and sent to the backend server securely via the public network along with entitlement attributes corresponding to the one or more devices.

Abstract: A network based installation management system that dynamically manages secure software installation on a client. The server is configured to determine the software required and prepare an appropriated response containing the list of software and an information file containing the respective attributes of the list of software. The server encoded this response and the encoded response is transmitted to the client. The client on receiving the response is configured to authenticate the response and install the encoded response after authentication. Highly accurate and reliable software installation using the network based installation management system may be achieved using a respective hardware element on the client and the server, which is configured to encode and decode a request and/or response suitably thereby providing a high level of security and trust in an un-trusted network environment.

Abstract: A digital signature system and method are disclosed. The digital signature system may include a remote certificate server for storing and maintaining at least one digital certificate of a user by a service provider and a digital signature printer driver loaded on the user's computer for communicating with the service provider via a network, such as the Internet. The digital signature printer driver may obtain verification of the user's identity from the service provider via the network and electronically place on a printable document a digital signature of the user based on the remotely stored digital certificate. The system may further include a remote storage server for storing a digital copy of the digitally signed document. The digital signature may include a unique identifier for subsequent validation of the digital signature by the service provider.

Abstract: Systems, methods and computer readable media are disclosed for a trusted proxy to intercept communications between an untrusted computerized gaming system and an online multi-player gaming service that requires games to be trusted, allowing the untrusted computerized gaming system to use the multi-player gaming service. In addition to allowing the untrusted computerized gaming system to use the multi-player gaming service in general, the trusted proxy can also limit the extent of the interaction between the untrusted computerized gaming system and the multi-player gaming service.

Abstract: Upon receiving an account creation request from a client, the server determines a count of new account requests, each having a respective password, received during a predefined time period, that satisfy a requirement that the respective password is a function of the password in the received account creation request, and determines a popularity value associated with the password. The server associates a spam score, based at least in part on the count and the popularity value, with the account creation request, and compares the spam score with certain predefined thresholds. If the spam score is above a first threshold, the server may refuse the account creation request. If the spam score is within a certain range, the server may limit the access to the account associated with the account creation request. If the spam score is below a second threshold, the server may enable normal use of the account.

Abstract: A computer implemented method for detecting and preventing spam account generation is disclosed. Upon receiving an account creation request from a client, the server analyzes the request and associates a spam score with the account creation request, based at least in part on a number of new account requests associated with the cookie received during a predefined time period, and compares the spam score with certain predefined thresholds. If the spam score is above a first threshold, the server may refuse the account creation request. If the spam score is within a certain range, the server may limit the access to the account associated with the account creation request. If the spam score is below a second threshold, the server may put no limit on access to (i.e., enable normal use of) the account.

Abstract: A digital content protection apparatus and method for digital rights management (DRM) are provided in which a content file including a plurality of content parts is imported such that a header is included which stores location information required for decoding each of the content parts. Therefore, the number of content parts constituting the content file can be recognized, and a license that is required for the use of each of the content parts can be acquired by analyzing header information without necessitating the parsing of the transport packets of the content file. Accordingly, preparation time for using content can be reduced.

Abstract: A method and system are provided to select address providers that provide mobile internet protocol devices with addresses for communication. An embodiment of the method includes obtaining an address request having a dynamic indicator. Upon obtaining an address request with a dynamic indicator, associating the dynamic indicator with one or more address providers based on the dynamic indicator. The address request is then communicated to one of the address providers associated with the dynamic indicator.

Abstract: Systems and methods for broadcast and multicast retransmissions within a protected wireless communications system are described. Retransmitted broadcast or multicast frames are designated by modification of fields or subfields in the MAC header of the frame which are constituent parts of the additional authentication data used to generate encryption keys. Such modifications cause legacy receivers to disregard the retransmitted frames or render legacy receivers to be unable to decrypt the retransmitted frame, avoiding the generation of duplicate frames. Non-legacy receivers recognizing the modification conventions can restore the MAC header to the original state and can reconstruct the original encryption keys and decrypt the retransmitted frames. A non-legacy transmitter can retransmit a frame without the need to re-encrypt the frame.

Abstract: External network connectivity of an internal host can be measured by giving an external computer a payload identifying the internal host and instructions to deliver the payload to an external host. The external host may receive the payload and contact the internal host. The internal host's response and receipt of the payload may then determine the Internet connectivity of the internal host. The path from the computer through the trusted host to the internal server shows external network connectivity without exposing the internal host to the external network directly.

Abstract: In an external authentication system for a multifunction printer according to the present invention, a USB device management section, according to an instruction from a USB device management section instructing section, (i) performs a virtualization process for virtually connecting an information processing device to a user information reading device which is locally connected to a multifunction printer, (ii) manages a status of the connection between the information processing device and the user information reading device; and a multifunction printer association management section associates the multifunction printer controlled by the information processing device with the user information reading device which is locally connected to the multifunction printer.

Abstract: Methods are provided for securely transmitting a packet between endpoints of a network. In one aspect, there is provided a method for establishing an end-to-end key using extant hop-by-hop security associations. In a second aspect, there is provided a method in which a packet-specific encryption key PEK is used to encrypt a packet p. A signature of the key PEK is independently computed at each of two nodes, using an integrity key shared by the two nodes. The signature is sent from one of the two nodes to the other in association with the packet p. The receiving node uses the signature to verify that the packet p was originated by an entity having possession of the PEK.

Abstract: Systems, devices, and methods for modifying a signed bundle and verifying the modified bundle are disclosed. A signed bundle may be modified by removing a file specified in a server file list from a plurality of files in the bundle. The signed bundle comprises a catalog of files in the signed bundle and their associated hashes. The modified bundle includes the remaining files of the signed bundle that are not specified in the server file list and the catalog file of the signed bundle, the catalog signature of the signed bundle. The modified bundle may be verified by verifying the catalog signature of the modified signed bundle, and checking that the files specified in the catalog are either in the modified signed bundle or specified in the server file list. The hashes of the files in the modified signed bundle may also be checked to verify the modified signed bundle.

Abstract: An information processing apparatus includes: a data processing unit that acquires content codes including a data processing program recorded in an information recording medium and executes data processing according to the content codes; and a memory that stores an apparatus certificate including an apparatus identifier of the information processing apparatus. The data processing unit is configured to execute an apparatus checking process applying the apparatus certificate stored in the memory on the basis of a code for apparatus checking process included in the content codes, acquire the apparatus identifier recorded in the apparatus certificate after the apparatus checking process, and execute data processing applying content codes corresponding to the acquired apparatus identifier.

Abstract: An apparatus generally having a first circuit and a second circuit is disclosed. The first circuit may be configured to (i) divide a plain text into at least three input blocks and (ii) generate at least three scrambled blocks by scrambling the input blocks using a first cipher process. The first cipher process may be configured such that a first of the input blocks does not affect the generation of a last scrambled block. The second circuit may be configured to (i) generate at least three output blocks by de-scrambling the scrambled blocks using a second cipher process and (ii) reconstruct the plain text from the output blocks. The second cipher process may be configured such that a first of the scrambled blocks affects the generation of all of the output blocks.

Abstract: A data delivery system is disclosed in this specification. The system implements an authentication process that verifies data recipients using anonymised geospatial references. Verifying information for each user is stored in client accounts. A server system uses the information to process data requests and generate verification tags for data deliveries. The verification tags include an irreversible encoding of a delivery reference for receipt of a data delivery. Recipient client systems implement a compatible encoding process to generate a delivery authentication tag. The encoded authentication tags are compared to corresponding verification tags to validate data deliveries based on the location of the client system.

Abstract: Users of mobile terminals in a communication network are provided controlled access to files in a file system through the steps of configuring the files as a file body containing a file content and a file header containing content profile information; providing a security identity module and a secure agent; storing in the security identity module user profile information identifying a set of content profiles allowed for access to the file system; extracting, via the secure agent, the content profile information from the headers of the files; retrieving, via the secure agent, the user profile information stored in the security identity module; checking the user profile information and the content profile information; and providing the user with access to those files in the file system for which the user profile information and the content profile information are found to match.

Abstract: A method and apparatus is disclosed that documents and authenticates cap removal data. According to a first aspect of the present invention, the apparatus measures a parameter indicative of the number of times that a cap has been removed by a user. The apparatus also encodes at least the parameter indicative of the cap removal data, thereby deriving encoded cap removal data. The apparatus outputs the encoded cap removal data to a user. According to a second aspect of the present invention, another apparatus receives the encoded cap removal data and decodes it to authenticate the cap removal data. According to a third aspect of the present invention, a medicine container is operable to output a result of a game based on cap removal data associated with the medicine container.

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for booting a computing device having an encrypted storage medium using full disk encryption, referred to as tamper-resistant boot. The system retrieves a kernel cache and a kernel cache digest from an unencrypted storage medium and verifies the authenticity of the kernel cache based on the credentials and the kernel cache digest. Initiation and execution of the operating system is performed if the kernel cache is authentic. In one embodiment, the system verifies the authenticity of a request to disable tamper-resistant booting by utilizing a password verifier and a password proof.

Abstract: An authentication mechanism for use in network-based services generates an authentication token. The authentication token is provided to a client device as part of the code comprising a content page. The content page code is received and loaded by a browser application at the client device. When the content page code is received and loaded by the browser application, the authentication token is loaded by the browser as well. Upon receiving subsequent input, the browser application may send a content request to the server. The content request includes the authentication token maintained by the browser application in the content page. A server may validate the authentication token provided in the request using version information and one or more master authentication tokens.

Abstract: A method and system of controlling access to a system in a medical environment is provided. The method includes calculating a signature value for at least one file usable with the medical system, transferring the calculated signature value to a signature file, and providing at least one signature value in the signature file and at least one associated file to a file system configured to be received by the medical system. At least one signature value and at least one associated file are inspected by the medical system to verify the associated file is a known medical software application asset. The medical system comprises an input/output data port configured to receive the external memory storage device, and an operating system capable of reading medical system data from and writing medical system data to the memory storage device.

Abstract: A private stream aggregation (PSA) system contributes a user's data to a data aggregator without compromising the user's privacy. The system can begin by determining a private key for a local user in a set of users, wherein the sum of the private keys associated with the set of users and the data aggregator is equal to zero. The system also selects a set of data values associated with the local user. Then, the system encrypts individual data values in the set based in part on the private key to produce a set of encrypted data values, thereby allowing the data aggregator to decrypt an aggregate value across the set of users without decrypting individual data values associated with the set of users, and without interacting with the set of users while decrypting the aggregate value. The system also sends the set of encrypted data values to the data aggregator.

Abstract: A method and apparatus of controlling access to a system containing vital corporation software and storing confidential data assets situated in an open accessible environment is provided. The method includes calculating a signature value for at least one file usable with the system, transferring the calculated signature value to a signature file, and providing at least one signature value in the signature file and at least one associated file to a file system configured to be received by the system. At least one signature value and at least one associated file are inspected by the system to verify the associated file is a known system software application asset. The system comprises an input/output data port configured to receive the external memory storage device, and an operating system capable of reading system data from and writing system data to the memory storage device.

Abstract: A secure network is disclosed. The secure network includes a residential gateway to communicate with a remote network and a local network. At least one trusted local device is configured to send communications including data packets with authentication information to the residential gateway to request access to resources of the remote network. The residential gateway inhibits a request received from the local network to access resources on the remote network until the residential gateway uses authentication information to authenticate data packets associated with the request as originating from the at least one trusted local device.

Abstract: According to one embodiment, when sending a transmission target main data 21, an authentication-tag generator unit 13 generates an authentication tag 23 by using a main data 21 and a key data 22 stored in a key-data storage unit 12. A transmitter/receiver unit 14 adds the authentication tag 23 to the main data 32 sends as a transmission data. When receiving the received data 24a, the transmitter/receiver unit 14 divides the received data into a main data 21a and an authentication tag 23a. The authentication-tag generator unit 13 generates an authentication tag 23b for comparison. A received-data authentication unit 15 determines whether or not those the received authentication tag 23a and the authentication tag for comparison 23b match with each other. A different key data is used every time upon the authentication-tag generation and use time of each key data during a set period is restricted.

Abstract: Certain embodiments of the invention may include systems and methods for identity authentication using an social network. According to an exemplary embodiment of the invention, a method is provided for authenticating an identity of a target person. The method can include determining, from a first system graph, connections between one or more hypothetical identities and a plurality of related entities associated with the one or more hypothetical identities; determining, from a second system graph, one or more real entities associated with the target person; identifying matches comprising common real entities associated with the target person and related entities associated with the one or more hypothetical identities based at least in part on the determined connections; and providing an indication of identity authentication of the target person based at least in part on the identified matches.

Abstract: The invention relates to methods and apparatuses for acquiring a physical measurement, and for creating a cryptographic certification of that measurement, such that its value and time can be verified by a party that was not necessarily present at the measurement. The certified measurement may also include corroborative information for associating the actual physical measurement process with the certified measurement. Such corroborative information may reflect the internal or external state of the measurement certification device, as well as witness identifiers of any persons that may have been present at the measurement acquisition and certification. The certification may include a signal receiver to receive timing signals from a satellite or other external source. The external timing signals may be used to generate the time included in the certified measurement, or could be used to determine the location of the measurement certification device for inclusion in the certified measurement.

Abstract: An information processing apparatus includes: a software storing unit that stores software; a storage recognizing unit that recognizes, when a storage having stored therein first authentication information for enabling a function of the software stored in the software storing unit is connected to the information processing apparatus via an interface unit, that the storage is connected and transmits second authentication information uniquely corresponding to the function of the software to be enabled to the storage; and a function managing unit that enables, when the first authentication information and the second authentication information compared by the storage coincide with each other, the function of the software on the basis of a notification informing that the first authentication information and the second authentication information coincide with each other issued by the storage, the storage deleting the first authentication information.

Abstract: In a gaming environment, a method of periodically downloading dynamically generated executable modules at random intervals that perform system configuration integrity checks in a secure and verifiable manner is disclosed. The dynamically generated executable module returns the signature to a server from which it was downloaded and deletes itself from the system being checked. The next time such an executable module is downloaded, it will contain a different randomly chosen subset of hashing and encryption algorithms. The server that is performing the system configuration integrity check maintains a database of expected system configurations and performs subset of hashing and encryption algorithms as contained in the dynamically generated executable module. The result returned by the downloaded executable module is compared to that computed locally, and an error condition is raised if they do not match.

Abstract: Embodiments of the present disclosure provide systems and methods for secure Short Message Service (SMS) communications. According to an embodiment, a method of providing secure Short Message Service (SMS) communications comprises requesting that SMS data to be sent from a client device to a remote location be encrypted. The method also comprises encrypting the SMS data by processing the SMS data with a Message Authentication Code (MAC) and a timestamp and/or counter along with second factor authentication information. The method further comprises sending the encrypted SMS data to the remote location by a secure SMS application via a regular SMS channel of the client device.

Abstract: A service provider server has management means which manages a user ID corresponding to a service user and a device IDs corresponding to an information processing terminals of the service user in association with each other.

Abstract: E-mail based user authentication is described herein. A user can access resources of a service provider by submitting only an e-mail address to which the user has access. The service provider generates an authentication ticket corresponding to the user's login request, and transmits the authentication ticket to the e-mail service provider indicated by the submitted e-mail address. The e-mail service provider processes the authentication ticket, and enables either approval or denial of the authentication ticket, whether by explicit user action or by automated processing.

Abstract: A system for binding a subscription-based computer to an internet service provider (ISP) may include a binding module and a security module residing on the computer. The binding module may identify and authenticate configuration data from peripheral devices that attempt to connect to the computer, encrypt any requests for data from the computer to the ISP, and decrypt responses from the ISP. If the binding module is able to authenticate the configuration data and the response to the request for data from the ISP, then the security module may allow the communication between the computer and the ISP. However, if either the configuration cycle or the response cannot be properly verified, then the security module may degrade operation of the computer.

Abstract: A method for detecting at least one traitor computer system among a plurality of receiver computer systems including: assigning a version of protected content to each of the plurality of receiver computer systems that are currently identified as innocent by a content protection system that monitors distribution of protected content to the plurality of receiver computer systems; recovering at least one unauthorized rebroadcast of the content; generating a score for each of the plurality of receiver computer systems with respect to the recovered unauthorized rebroadcast; calculating a threshold independent of an estimation of maximum traitor computer systems; checking a highest score against the threshold; incriminating a receiver computer system having the highest score above the threshold as a traitor computer system; and removing any unauthorized rebroadcasts overlapping with the traitor computer system. The process may be repeated from generating scores until all traitors are identified.

Abstract: An IMS User Equipment (UE) is provided. The IMS UE comprises: searching means for searching, based on UPnP technology, a UPnP network for a host device that has IMS subscription information, establishing means for establishing a session with the host device discovered by the searching means, subscription retrieving means for retrieving, from the host device via the session, the IMS subscription information, registering means for registering with the IMS network using the IMS subscription information, key retrieving means for retrieving, from the host device via the session, a first encryption key shared with an IMS application server (AS) in an IMS network by sending identity of the IMS AS to the host device via the session, and communicating means for performing encrypted communication with the IMS AS using the first encryption key.

Abstract: An information processing apparatus that can easily and safely transmit data. A registering unit registers first authentication information in association with user information indicating a first user. The first authentication information is necessary for the first user to log on to the information processing apparatus. A generating unit generates an address data that is used to transmit data from an external apparatus to the information processing apparatus and includes the user information and second authentication information. A transmitting unit transmits the address data to the external apparatus. An authenticating unit authenticates by utilizing the second authentication information included in the address data when the data is transmitted based on the address data from the external apparatus. A storing unit stores the received data in association with the first user when the authentication by the authenticating unit succeeds.

Abstract: A system, method, and computer program product are provided for populating a list of known wanted data. In use, an update to data is identified. In addition, a list of known wanted data is populated with the data, in response to the update.

Abstract: A removable drive such as a USB drive or key is provided for connecting to computer devices to provide secure and portable data storage. The drive includes a drive manager adapted to be run by an operating system of the computer device. The drive manager receives a password, generates a random key based on the password, encrypts a user-selected data file in memory of the computer device using the key, and stores the encrypted file in the memory of the removable drive. The drive manager performs the encryption of the data file without corresponding encryption applications being previously loaded on the computer system. The drive manager may include an Advanced Encryption Standard (AES) cryptography algorithm. The drive manager generates a user interface that allows a user to enter passwords, select files for encryption and decryption, and create folders for storing the encrypted files on the removable drive.

Abstract: A server certificate and root certificate for performing secure communication with monitoring target devices are issued in a site monitoring apparatus. Using a secret key that is paired with a public key, a digital signature is issued based on communication destination information in which the site monitoring apparatus is the communication destination and the issued root certificate, and the communication destination information, root certificate, and digital signature are transmitted to the monitoring target devices. The monitoring target devices receive the communication destination information, root certificate, and digital signature from the site monitoring apparatus.

Abstract: Various aspects are disclosed herein for detection of mobile devices. Detection of mobile devices can be localized to an environment that is radio frequency enclosed. Within this environment, any packages can be scanned for the presence of mobile devices and for the interrogation of information from such mobile devices, such as the mobile device number and mobile device equipment information. The environment can contain an antenna for communicating with any mobile devices within the environment and a receiver component configured to receive information from any contacted mobile device. Based on this information, a determination can be made whether to validate a contacted mobile device or to take any alternative action.

Abstract: Methods and systems are disclosed for providing secure transmissions across a network comprising a transmitting device and a receiving device. At the transmitting device, a stream of watermark bits is generated. Next, a plurality of watermarks is generated, each of the plurality of watermarks comprising an index number and a portion of the stream of watermark bits. The watermarks are inserted into each header of a plurality of outgoing packets. At the receiving device, the plurality of outgoing packets are received and it is determined if a received packet is valid based on the watermark in the header of the received packet. The stream of watermark bits may be generated using a stream cipher such as RC4, a block cipher such as 3DES in CBC mode, or other equivalent pseudo-random stream generating techniques.