Abstract: The present document describes a ready to use sensing device which is auto-configurable when turned on. The sensing device includes one or more sensors and a communication port. When turned on, the system automatically contacts a central server via the communication port and requests the address of a second server with which the sensing device is associated. Upon receipt of the address of the second server, the sensing device contacts the second server and requests its customized configuration settings. When received, the configuration settings are installed, and the sensing device starts to sample the output of the sensors and sends the samples to the second server for storage. The user may view the measurement data by accessing the second server through the internet. The minimum memory capacity required for operating the sensing device is very low, due to the fact that the samples are sent to the second server every time the samples are taken.

Abstract: In some applications, it may be more convenient to the user to be able to log in the memory system using one application, and then be able to use different applications to access protected content without having to log in again. In such event, all of the content that the user wishes to access in this manner may be associated with a first account, so that all such content can be accessed via different applications (e.g. music player, email, cellular communication etc.) without having to log in multiple times. Then a different set of authentication information may then be used for logging in to access protected content that is in an account different from the first account, even where the different accounts are for the same user or entity.

Abstract: [PROBLEMS] To prevent leak of information because loss or theft judgement is made whether or not read control information stored in a predetermined read control information storage area of an external storage is proper. If the judgment result shows that it is invalid, virtualized data stored in the external storage is decrypted, and genuine read control information virtualized in the virtualized data is extracted. Next judgement is made whether or not the extracted genuine read control information is proper. If the extracted genuine read control information is proper, the virtualized genuine data in the virtualized data along with the genuine read control information is made usable by decrypting and creating the virtualized data, and improper read control information is stored in the read control information storage area.

Abstract: A method of coding a secret, a numerical value d, subdivided into a number N of secret elements [di]n1, a composition law () applied to the elements di giving the value d. The following are calculated: (A) a first image (TN) of the secret by iterative calculation and application of the law () between the first image Ti-1 of rank i?1 and of the product according to this law of the element (di) of next rank and of a random value (Ri) of a first set, (B) a first numerical value (S1) by application of the law () to the N random values (Ri), (C) a second numerical value (S2) by application of the law to the N?1 random values (Aj) of a second set, (D) a second image T? of the secret by application of the inverse law () to the first image (TN) and to the second numerical value (S2) so as to generate an intermediate image (Tx) and then application of the inverse law to the intermediate image (Tx) and to the second numerical value (S2).

Abstract: Attempts to update confirmation information or firmware for a hardware device can be monitored using a secure counter that is configured to monotonically adjust a current value of the secure counter for each update or update attempt. The value of the counter can be determined every time the validity of the firmware is confirmed, and this value can be stored to a secure location. At subsequent times, such as during a boot process, the actual value of the counter can be determined and compared with the expected value. If the values do not match, such that the firmware may be in an unexpected state, an action can be taken, such as to prevent access to, or isolate, the hardware until such time as the firmware can be validated or updated to an expected state.

Abstract: A computer-implemented method for efficiently deploying cryptographic key updates may include (1) receiving a request for subscribed cryptographic key material from a client device that includes information that identifies both the client device and cryptographic key material currently possessed by the client device, (2) automatically identifying the client device's subscribed cryptographic key material, (3) determining, by comparing the information received from the client device with the client device's subscribed cryptographic key material, that the cryptographic key material currently possessed by the client device does not match the client device's subscribed cryptographic key material, and (4) deploying at least one update to the client device that causes the client device to update the cryptographic key material currently possessed by the client device to match the client device's subscribed cryptographic key material. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Computer-implemented systems and methods for identifying illegitimate messaging activity on a system using a network of sensors.

Abstract: A method for transmitting data, a receiving method, related devices, and an aircraft equipped with the devices. The method includes determining an authentication word of the data; processing the data to obtain processed data; and transmitting the processed data on a transmission channel.

Abstract: A system is provided for employing an orchestrator to deploy and implement changes to a system. A change request may be a system build, upgrade, and patches for updating a subset of files within the system. The orchestrator may initially perform a security check and a validation check on a received change request. Upon receiving validation and approval, the change request may be deployed and propagated through a series of deployment scopes. The deployment scopes may become increasingly larger to extensively test the applied change before fully implementing the change on the target system. The orchestrator may submit the applied change to a validation component for getting validation of the change within the deployment scope after each applied change within a deployment scope. After the change request has been deployed through the deployment scopes and validated, the change request may be deployed to the target system and fully implemented.

Abstract: The present invention relates to a content protection apparatus and method using binding of additional information to an encryption key. The content protection apparatus includes an encryption unit for creating an encryption key required to encrypt data requested by a user terminal and then generating encrypted data in which the data is encrypted. An additional information management unit manages additional information including authority information about the encrypted data. A White-Box Cryptography (WBC) processing unit generates a WBC table required to bind the encryption key corresponding to the encrypted data to the additional information. A bound data generation unit generates bound data in which the encrypted key is bound to the additional information, using a cipher included in the WBC table.

Abstract: A reception apparatus of the present invention is provided with a reception unit 301 for receiving a stream including a data signal, a display unit 305 for displaying based on the stream received by the reception unit 301, an authentication process unit 302 for authenticating a sender of the stream received by the reception unit 301, a signal separating unit 303 for separating the data signal from the stream received by the reception unit 301, and a control unit 310 for controlling so as to prohibit the screen unit 305 from displaying a screen based on the data signal separated by the signal separating unit 303 during authentication of the stream by the authentication process unit 302. Thereby, the reception apparatus appropriately plays contents without inflicting a disadvantage or stress on a user.

Abstract: A communication management system includes: a normal signature list which stores a list of signatures of normal communication; a search circuit which acquires communication data and searches the normal signature list to check if the signature of the communication data appears in the list; and a warning unit which issues a warning when communication data does not match any signature in the normal signature list. An operator terminal includes: a determination result acquisition unit which indicates whether or not communication data against which a warning has been issued is normal; and a normal signature list update unit which, when communication data against which a warning has been issued is found to be normal, adds the signature of the communication data to the normal signature list.

Abstract: The invention described herein provides a method and system for foiling a keylogger by creating a custom keyboard driver and passing the keystrokes directly to the browser in an encrypted format. The browser (which is used to access the Internet) has a component that decrypts the keystroke before it is sent to the website. Thus the present invention enables the user to go to any website and enter sensitive information (passwords, credit card numbers, etc.) without the keystrokes being intercepted by Keyloggers. In general terms, the invention described herein provides a method and system for (1) modifying the keyboard driver, (2) encrypting the keystrokes between the keyboard driver and the browser, and (3) notifying the user if the invention has been compromised.

Abstract: A method and apparatus for detecting potentially misleading visual representation objects to secure a computer is described. In one embodiment, the method includes monitoring visual representation object creation with respect to the browser, accessing verification information, wherein the verification information comprises commonly used user interface elements for forming legitimate system messages, examining web data associated with the created visual representation objects, wherein the web data is compared with the verification information to identify imitating content within the created visual representation objects and modifying at least one of the created visual representation objects to accentuate the imitating content.

Abstract: An over-the-air firmware update is accomplished in a secure manner using a two-step process. The first step uses an initial boot using a fixed boot program and an authenticated and verified secondary environment to complete starting of only authenticated code. After verifying a pending update, the second step is started with the electronic device being booted into an update mode with an update loader that has exclusive access to a signing key. A dummy update image is loaded into a temporary memory location and a hash is taken. A digital certificate is created corresponding to the update image and signed using the signing key. The update and digital certificate are atomically installed and the signing key is deactivated. Upon reboot, the new image is used for operation and is verified by the hash data and public key in the digital certificate.

Abstract: A Wi-Fi router with an integrated configuration touch-screen, and method to use this integrated touch screen to provide enhanced security features. The Wi-Fi router, which has a wired or optical network interface, may be factory pre-configured with hard to anticipate passwords and encryption codes, thus making even its default Wi-Fi settings difficult to attack. Besides displaying interactive menus on the touch-screen, the router may also generate touch sensitive dynamic alphanumeric virtual keypads to enable administrators to interact with the device without the need of extra computers or software. Inexperienced administrators secure in the knowledge that they may access and change even difficult to remember security settings at any time through the built-in touch-screen controller and simplified user interface, are encouraged to set up secure Wi-Fi systems. The device may optionally include security software that, upon touch of a button, can provide new randomized or otherwise obfuscated router settings.

Abstract: An application installing method according to the present invention in which an application file includes at least two application encrypting data in which the executable files are respectively encrypted using different encryption algorithms, and a license file includes at least two license encryption data in which application decryption keys for decrypting the application encryption data are encrypted using respectively different encryption algorithms. The process execution apparatus includes a calculation unit configured to execute the executable file, and a storage unit configured to store the application file and the license file. The method includes a step of decrypting the application encryption data by use of the application decryption key with the calculation unit based on the level of priority of the predesignated application encryption data stored in the storage unit, and installing the executable file corresponding to the application encryption data.

Abstract: An information processing device includes: a local memory unit for storing data including an encrypted content; a memory for storing data including key information used to reproduce the encrypted content; and a data processing unit performing a process of writing data to the local memory unit and the memory, and a process of reproducing the encrypted content, wherein the data processing unit performs a process of writing encrypted content downloaded from a server or encrypted content copied from a medium to the local memory unit, and performs a process of decoding the encrypted content or a validity authenticating process using the data stored in the local memory unit and the data stored in the memory when reproducing the encrypted content written to the local memory unit.

Abstract: Database management and security is implemented in a variety of embodiments. In one such embodiment, data sets containing sensitive data elements are analyzed using aliases representing sensitive data elements. In another embodiment, the sensitive data elements are stored in an encrypted form for use from a secure access, while the alias is available for standard access.

Abstract: In general, in one aspect, the invention relates to a method for executing applications. The method includes accessing a secure storage element via a host device including a computer processor; executing, by the computer processor, a hosted execution runtime environment (HERE) on the host device; identifying a persistent memory image of the HERE within the secure storage element; executing, by the computer processor, an application using the HERE; and applying, based on executing the application, a first set of changes to the persistent memory image.

Abstract: A system, method, and computer program product are provided for mounting an image of a computer system in a pre-boot environment for validating the computer system. In use, an image of a computer system is mounted in a pre-boot environment of the computer system, where the image includes a file system structure and initialization data of the computer system. Furthermore, at least one task is performed on the mounted image for validating the computer system.

Abstract: The invention relates to a method of securing a changing scene composed of at least one element and intended to be played back on a terminal. According to the invention, such a method comprises the following steps: creation (10) of at least one security rule, defining at least one authorization to modify said scene and/or at least one element of said scene and/or an authorization to execute at least one command in a context of playing back said scene on said terminal; allocation (10) of a security policy, comprising at least one of said security rules, to said scene and/or to at least one of said elements of said scene.

Abstract: A monitoring system includes at least one monitoring devices coupled to electrical power distribution system at selected locations for collecting data related to the operation of the monitored system. The monitoring device(s) includes a communication port and processors programmed to segment the collected data into blocks optimized for user analysis operations, encrypt the segmented blocks of data, bundle the encrypted blocks of data with unencrypted metadata that identifies the data blocks by at least the monitoring location at which the encrypted blocks of data were obtained and the type of data, and transmit the encrypted blocks of data with the unencrypted metadata. The system includes at least one client device that has a communication port that is coupled to the monitoring device(s) and the client device and that has a processor programmed to generate and transmit queries regarding selected ones of the encrypted blocks of data.

Abstract: A device, system, and method are disclosed. In one embodiment the device receives a user key from a user application. The device then creates a management engine key by applying a management engine key creation algorithm to the user key. Then the device sends the management engine key to a remote server. Later, the device retrieves a server key from the remote server. The device next performs a hash combination of the user key, the management engine key, and the server key to create a super key. Once the super key has been created, the device authenticates the super key, and if the super key is valid, the device then sends a management engine certification to the user application.

Abstract: Code of a software product is delivered by embodying, on a computer-readable storage medium, installation code for installing the software product code on a computer and DRM code for permitting the installation only if a predetermined condition is satisfied. If the condition is violated, the installation code is erased and that part of the storage medium then is available for general use.

Abstract: A mechanism for securely and dynamically reconfiguring reconfigurable logic is provided. A state machine within a data processing system establishes a hardware boundary to the reconfigurable logic within the data processing system thereby forming isolated reconfigurable logic. The state machine clears any prior state existing within the isolated reconfigurable logic. The state machine authenticates a new configuration to be loaded into the isolated reconfigurable logic. The state machine determines whether the authentication of the new configuration is successful. Responsive to the authentication of the new configuration being successful, the state machine loads the new configuration into the isolated reconfigurable logic. The state machine then starts operation of the isolated reconfigurable logic.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for porting digital rights management services. In one aspect, a system includes: a hardware processor; one or more memory devices coupled with the hardware processor and effecting an operating system for the hardware processor; and a digital rights management (DRM) component having a DRM adaptor configured to check whether the hardware processor has a hardware-based encryption element, use the hardware-based encryption element if available, and use a software-based encryption element if the hardware-based encryption element is not available, wherein the software-based encryption element includes code compiled from source code for the hardware processor, the source code prepared for different computer platforms.

Abstract: A system and method for protecting a software program from unauthorized modification or exploitation. A software security mechanism according to the present invention is difficult for a hacker or cracker to detect and/or defeat, but does not impose excessive runtime overhead on the host software program. The present invention further comprises a system and method for automating the injection of a software security mechanism according to the present invention into a host software program.

Abstract: A target computing environment is secured by a hardware trust anchor that provides a trust state of the target computing environment based upon a security audit of the target computing environment. And diagnosing the target computing environment can be diagnosed by the hardware trust anchor according to the security diagnostic information.

Abstract: A system and method of recovering encoded information contained in a device by storing and retrieving at least part of the necessary decoding data by setting and measuring the physical characteristics of the device. Storage and recovery options include, but are not limited to, measurement of electronic or optical characteristics of electrically or optically conductive portions of the device using a range of measurement techniques that include, but are not limited to, time-domain reflectometry.

Abstract: A portable storage medium adapter, which is connected to a computer to store data received from the computer in a portable storage medium, includes a holding part that detachably holds the portable storage medium, a detecting part that detects an unloading operation of the portable storage medium by a user, and a disablement executing part that executes a disabling process to disable external access to the data stored in the portable storage medium at a time when the unloading operation is detected in the detecting part.

Abstract: A universal method and system for downloading game software to ROM based legacy gaming machines, activating selected games and providing new services. The method includes a ROM emulator for replacing the game program image and an NVRAM emulator for swapping the game context and critical meters accordingly. The method includes detection of the state of the current game activity such as to activate a new game only at an authorized time, when no player is playing a game or is carded-in for example. The system includes emulation of the original peripherals fitted to the legacy gaming machine such as to offer extended functionality and services. The universal method and system therefore prolongs the useful life of legacy machines which otherwise would be prematurely retired.

Abstract: A system and method for root booting includes a plurality of computing devices that each boot from a read-only base volume of an attached storage device that includes data common to the computing devices. The attached storage device also includes a plurality of volumes, each dedicated to one of the computing devices, which are redirect on write snapshots of the read-only base volume including unique items for the respective computing device. The read-only base volume may be stored in one or more solid state drives which may be configured as a RAID (redundant array of independent disks) and/or mirrored with one or more other storage drives. The plurality of volumes may each be stored in one or more hard disk drives which may be configured as a RAID. The attached storage device may be operable to add common data to the read-only base volume.

Abstract: A device receives protected content and a license for the content, unprotects the content using an input key and retrieves a rule associated with the input key. The device then processes the content to create new content, retrieves at least one output key associated with the input key in the retrieved rule, protects the content using the output key and sends the newly protected content and the corresponding license. It is thus possible to impose a work flow as it is necessary for a device to store a particular key in order to access the content and as the rule imposes a particular output key depending on the input key. In a preferred embodiment, the content is scrambled using a symmetrical key that is encrypted by an asymmetrical key in the license. An alternate embodiment uses watermarking techniques instead of encryption. The invention finds particular use in video processing.

Abstract: A natural language dependent stream cipher is provided to increase complexity of stream cipher encryption. In one aspect, a message is received from a sender as an input in a first natural language and is translated into a selected second natural language. A binary Unicode representation of the input in the second natural language is created. An XOR operation is performed on the binary Unicode representation of the input in the second natural language and a binary key to generate an encrypted output. The encrypted output is sent to a receiver. The encrypted output may be decrypted by the receiver in the reverse of the encryption process. The decryption process yields the original message for viewing by an end-user of the system for a natural language dependent stream cipher.

Abstract: An improved method, apparatus, and computer instructions for processing outbound traffic passing through a port. This port is for a server and receives a request from a client. The request includes a universal resource identifier to a destination. A determination is made as to whether the request requires encryption using the universal resource identifier in the request. The request is sent through the port to the destination in an encrypted form, in response to a determination that the request requires encryption.

Abstract: There is provided a management system having a terminal device and a management server for managing terminal firmware of the terminal device. The terminal device includes: storing means storing the firmware to be capable of being updated by a user of the terminal device, and storing firmware version information to be incapable of being updated by the user; firmware updating means updating, on the basis of the version information, the firmware stored in the storing means with newer version firmware; and version information updating means updating the version information stored in the storing means with that of the updated firmware updated, and the management server includes: judging means judging, on the basis of the terminal firmware version information, a need or not to update the firmware; and transmitting means transmitting the newer version firmware to the terminal device if the firmware needs to be updated.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for porting digital rights management services. In one aspect, a system includes: a hardware processor; one or more memory devices coupled with the hardware processor and effecting an operating system for the hardware processor; and a digital rights management (DRM) component having a DRM adaptor configured to check whether the hardware processor has a hardware-based encryption element, use the hardware-based encryption element if available, and use a software-based encryption element if the hardware-based encryption element is not available, wherein the software-based encryption element includes code compiled from source code for the hardware processor, the source code prepared for different computer platforms.

Abstract: An application installing method according to the present invention in which an application file includes at least two application encrypting data in which the executable files are respectively encrypted using different encryption algorithms, and a license file includes at least two license encryption data in which application decryption keys for decrypting the application encryption data are encrypted using respectively different encryption algorithms. The process execution apparatus includes a calculation unit configured to execute the executable file, and a storage unit configured to store the application file and the license file. The method includes a step of decrypting the application encryption data by use of the application decryption key with the calculation unit based on the level of priority of the predesignated application encryption data stored in the storage unit, and installing the executable file corresponding to the application encryption data.

Abstract: The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node.

Abstract: A process for testing an integrated circuit includes collecting a set of points of a physical property while the integrated circuit is executing a multiplication, dividing the set of points into a plurality subsets of lateral points, calculating an estimation of the value of the physical property for each subset, and applying to the subset of lateral points a step of horizontal transversal statistical processing by using the estimations of the value of the physical property, to verify a hypothesis about the variables manipulated by the integrated circuit.

Abstract: A system and method for modifying a processor system with hypervisor hardware to provide protection against malware. The processor system is assumed to be of a type having at least a CPU and a high-speed bus for providing data links between the CPU, other bus masters, and peripherals (including a debug interface unit). The hypervisor hardware elements are (1) a co-processor programmed to perform one or more security tasks; (2) a communications interface between the co-processor and the debug interface unit; (3) a behavioral interface on the high-speed bus, configured to monitor control signals from the CPU, and (4) an access controller on the high-speed bus, configured to store access control data, to intercept requests on the high-speed bus, to evaluate the requests against the access control data, and to grant or deny the requests.

Abstract: A crypto-engine for cryptographic processing has an arithmetic unit and an interface controller for managing communications between the arithmetic unit and a host processor. The arithmetic unit has a memory unit for storing and loading data and arithmetic units for performing arithmetic operations on the data. The memory and arithmetic units are controlled by an arithmetic controller.

Abstract: The present invention provides a method for obtaining a proxy call session control function address, comprising when a terminal accesses an IP multi-media subsystem through a world interoperability for microwave access (WiMAX) network in roaming scenarios, a visited authentication, authorization, and accounting server (V-AAA) of the terminal retransmitting an access request message sent by an access service network (ASN) or a dynamic host configuration protocol (DHCP) or a home agent (HA) of said terminal to a home authentication, authorization, and accounting server (H-AAA) of said terminal after receiving the access request message, and H-AAA finally deciding whether the P-CSCF is located in a visited network or a home network according to a roaming protocol and visited network capability, and returning the determined P-CSCF address information, included by H-AAA in an access accept message corresponding to said access request message, to the sender of said access request message through V-AAA.

Abstract: The present invention provides an apparatus for securely acquiring a circuit configuration information set corresponding to a new cryptosystem without increasing the number of reconfigurable circuits. A content playback apparatus includes an FPGA that is reconfigurable. The content playback apparatus stores a decryption circuit program that shows the structure of a decryption circuit that executes decryption in accordance with a prescribed cryptosystem. The FPGA is reconfigured in accordance with the program to configure the decryption circuit. The playback apparatus acquires, from outside, an encrypted file that has been generated by encrypting a file including a decryption circuit program corresponding to the new cryptosystem in accordance with the prescribed cryptosystem, and decrypts the encrypted file by the decryption circuit.

Abstract: A system, method, and computer program for protecting numerical control codes, comprising decrypting an encrypted text file that defines how an event for a tool path data set is processed; processing said decrypted text file to obtain a set of instructions; formatting said set of instructions according to a definition file; and outputting said set of formatted instructions; whereby postprocessed machine controls are written and appropriate means and computer-readable instructions.

Abstract: A user interface and a processor coupled to the user interface wherein the processor receives access requests through the user interface and authorizes access through the user interface. The processor associates a rights request with a role based policy to determine access rights, modifies the determined access rights in accordance with an exception list related to particular users and records, and authorizes access to a record based upon the modified determined access rights.

Abstract: A method is provided for visually encrypting at least one part of an at least partially compressed video stream or video sequence, it being possible for said stream to be decomposed into a first type of objects and a second type of objects, the method being applied on each of the images contained in a video sequence, including at least the following steps: analyzing the sequence in the compressed domain so as to define for a given image N at least one first group of objects to be protected by visual encryption and a second group of objects, the transformed coefficients and the motion estimation vectors being transmitted directly to step d) of compression, predicting on the basis of the data arising from the analysis in the previous step of the compressed image N, the position of the objects for a following image N+1, determining the splitting into slices or into groups of slices of the image N+1, compressing the first group of objects of the image N+1 and ciphering at least one part thereof, transmitting t

Abstract: A system and method are provided enabling implicit redundancies such as constant differences and points that should be on the same curve, to be checked at the beginning, end and intermittently throughout the computation to thwart fault injection attacks. This can be implemented by checking the constant difference in point pairs during point multiplication, by checking constant scalings in exponentiation pairs, and by checking that any intermediate point is on the curve and/or in the correct subgroup of the curve.

Abstract: Devices and methods for securely storing data are provided. A device for constructing an encryption key comprising a tamper-protection barrier that encloses one or more memory devices is provided. The memory stores data for constructing the encryption key. The memory may include a single memory device or a plurality of memory devices. The tamper-protection barrier also encloses a security processor configured to combine the data stored in the memory based in part on a function, such as a logical exclusive-or (XOR) function, to construct the encryption key. The stored data in the memory may include partial keys. These partial keys may be created based in part on applying the XOR function to an encryption key.