Abstract: A method, system and computer program product for enhancing the functionality of the existing core root of trust measurement (CRTM). The CRTM is extended to allow platform manufacturer controlled and certified code to be incorporated into the function of the CRTM, wherein the manufacturer may define the policy for accepting a new function into the CRTM. When a firmware or software module image is compiled, the build process generates a hash value of the compiled firmware or software image, wherein the hash value reflects a fingerprint (or short hand) representation of the compiled image. A determination is made as to whether the hash value of the firmware or software image is to be a CRTM extension. If so, a digital signature of the module is created using the CRTM extension private key. This signature value is added to the firmware or software module.

Abstract: A data leakage prevention system, method, and computer program product are provided for preventing a predefined type of operation on predetermined data. In use, an attempt to perform an operation on predetermined data that is protected using a data leakage prevention system is identified. Additionally, it is determined whether a type of the operation attempted includes a predefined type of operation. Furthermore, the operation on the predetermined data is conditionally prevented based on the determination to prevent circumvention of the protection of the data leakage prevention system.

Abstract: In the field of computer software, obfuscation techniques for enhancing software security are applied to compiled (object) software code. The obfuscation results here in different versions (instances) of the obfuscated code being provided to different installations (recipient computing devices). The complementary code execution uses a boot loader or boot installer-type program at each installation which contains the requisite logic. Typically, the obfuscation results in a different instance of the obfuscated code for each intended installation (recipient) but each instance being semantically equivalent to the others. This is accomplished in one version by generating a random value or other parameter during the obfuscation process, and using the value to select a particular version of the obfuscating process, and then communicating the value along with boot loader or installer program software.

Abstract: Method for embedding a session secret, within an application instance, comprising the steps of generating an ephemeral session secret by a master application. Embedding, by master application, secret bytes, within application bytes of a slave application. Calculating said ephemeral session secret, by slave application, from said embedded secret bytes, when slave application is executed.

Abstract: One method embodiment includes defining a first package to be opened by a computing device. The method includes associating installation content to be installed on the computing device with the first package. The first package includes a second package that includes the installation content to be installed and the first package includes package functionality information to determine whether a particular package functionality can be utilized by the computing device.

Abstract: A system and method for the authorization of access to a service by a computational device or devices. A software agent generates a digital signature for the device each time it attempts to access the service and send it to an authentication server, which compares the digital signature sent with one or more digital signatures on file to determine whether access to the service is permitted. The digital signature is generated by using hashes based on software and hardware configuration data collected from the device. The system may be used in conjunction with other authorization methods and devices.

Abstract: Secure memory controlled access is described. In embodiment(s), memory stores encrypted data and the memory includes a secure memory partition to store cryptographically sensitive data utilized to control access to the encrypted data stored on the memory. Controller firmware can access the encrypted data stored on the memory, but is precluded from access to the secure memory partition and the cryptographically sensitive data. Secure firmware can access the cryptographically sensitive data stored on the secure memory partition to control access by the controller firmware to the encrypted data stored on the memory.

Abstract: An intrusion detection system for a computer network includes a knowledge database that contains a baseline of normal host behavior, and a correlation engine that monitors network activity with reference to the knowledge database. The correlation engine accumulating information about anomalous events occurring on the network and then periodically correlating the anomalous events. The correlation engine generates a worm outbreak alarm when a certain number of hosts exhibit a role-reversal behavior. It is emphasized that this abstract is provided to comply with the rules requiring an abstract that will allow a searcher or other reader to quickly ascertain the subject matter of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or meaning of the claims. 37 CFR 1.72(b).

Abstract: Provided is a data storage device capable of safely and effectively updating software of a home electric apparatus. In the home electric apparatus (100) in which currently used data is to be updated to new data, a reception unit (140) receives encrypted new data and a serial number of data to be updated. A key generation unit (112) generates a key by executing a predetermined irreversible calculation on the unique information correlated to the currently used data by a number of times based on the serial number of the data to be updated. An update unit (113) decrypts the new data by using the key.

Abstract: The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node.

Abstract: An over-the-air device services and management system includes a web applications server for providing a software download service, an account management server for providing an account maintenance service, and a synchronization server for providing a data management service. The suite of services offered by these servers may be wirelessly accessed from a client device.

Abstract: A method and a circuit for protecting a numerical quantity contained in an integrated circuit on a first number of bits, in a modular exponentiation computing of a data by the numerical quantity, including: selecting at least one second number included between the unit and said first number minus two; dividing the numerical quantity into at least two parts, a first part including, from the bit of rank null, a number of bits equal to the second number, a second part including the remaining bits; for each part of the quantity, computing a first modular exponentiation of said data by the part concerned and a second modular exponentiation of the result of the first by the FIG. 2 exponentiated to the power of the rank of the first bit of the part concerned; and computing the product of the results of the first and second modular exponentiations.

Abstract: Systems, methods and computer program products are disclosed for providing long-term authenticity proof of an electronic document having a digital signature, wherein the electronic document is digitally signed with a digital signature and the electronic document and its digital signature are archived in a data archive. Such methods, systems and computer program products may store the electronic document in a first data archive and store a hash value of the electronic document in a second data archive different from the first data archive. Long-term authenticity and integrity may be achieved by periodically re-signing, particularly time stamping the hash value in the second data archive.

Abstract: A system and method of recovering encoded information contained in a device by storing and retrieving at least part of the necessary decoding data by setting and measuring the physical characteristics of the device. Storage and recovery options include, but are not limited to, measurement of electronic or optical characteristics of electrically or optically conductive portions of the device using a range of measurement techniques that include, but are not limited to, time-domain reflectometry.

Abstract: A system and method for data processing for coding. The method may include providing a first plurality of bytes of data, non-linearly transforming the first plurality of bytes into a second plurality of bytes, multiplying each of the second plurality of bytes of data by a predetermined constant of a plurality of constants to generate a third plurality of bytes, and organizing in use the third plurality of bytes as a plurality of output bytes. Systems to practice the foregoing methods are also described.

Abstract: A system and method for coding data to help resist differential attacks. Data in m columns may be initialized to an initialized value. One new column of data may be mixed with a new input word and input to an advanced mixer. The advanced mixer may include linear mixing having indexed bytes and performing of exclusive-OR operation and transposing. An output of the advanced mixer may be a new m column state. A value of m could be 0 through 30. The value of m may have a preferred range of 27 through 36. Systems to implement the foregoing method are also described.

Abstract: To provide a content playback device capable of protecting content according to DRM, when decrypting encrypted content recorded on a recording medium and playing the decrypted content. If key generation information is “00”, a key control unit 104 concatenates a decrypted media key and content information in this order, and applies a one-way function to the concatenation result to generate a content key. If the key generation information is “10”, the key control unit 104 sets a rights key as the content key. If the key generation information is “01”, the key control unit 104 concatenates the decrypted media key and the rights key in this order, and applies a one-way function to the concatenation result to generate the content key.

Abstract: Systems and methods consistent with the present invention encode a list so users of the list may make inquiries to the coded list without the entire content of the list being revealed to the users. Once each item in the list has been encoded by an encoder, a bit array with high and low values may be used to represent the items in the list. The bit array may be embodied in a validation system for allowing users to query the list to determine whether an inquiry item is on the list. The validation system determines which bits to check by executing the same coding process executed by the encoder. If all the bits are high, then the inquiry item is determined to be part of the list, if at least one of the bits is low, then the inquiry item is determined not to be part of the original list.

Abstract: Methods and devices for increasing or hardening the security of data stored in a storage device, such as a hard disk drive, are described. A storage device provides for increased or hardened security of data stored in hidden and non-hidden partitions of a storage medium in the device. An algorithm may be utilized for deriving a key that is used to encrypt or decrypt text before it is read from or written to the hard disk. The algorithm accepts as input a specific media location factor, such as an end address or start address of the block where the text is being read from or written to, and a secret key of the storage component. The output of the algorithm is a final key that may be used in the encryption and decryption process. Thus, in this manner, the final key is dependent on the location of the block where the data is being written or read, thereby making it more difficult to tamper with the data, which may be stored in a hidden or non-hidden partition of a hard disk.

Abstract: A method in one embodiment is performed at least in part at a server in a network file system that includes said server and a plurality of clients connected by a network, the method comprising: receiving a data write request from one client; selecting a client as a write object of said data from the other clients according to a condition of said one client stored in advance and/or conditions of said other clients; and transmitting said data write request to the client selected as a write object. Additional systems, methods and computer program products are also presented.

Abstract: A solution is proposed for distributing a software product to a set of data processing entities (such as endpoints) in a data processing system; the system includes a set of security applications (such as firewalls), which are adapted to control communications of the entities. A corresponding method starts with the step of determining a target configuration of the security applications for allowing execution of the software product on the entities. A software package (or more), being adapted to enforce the software product and the target configuration, is then built. The method continues by distributing the software package in the system, so as to cause the application of the software package for enforcing the software product on each entity and the target configuration of each security application.

Abstract: To provide a program conversion device capable of executing a program that includes a secret operation using secret information without exposure of the secret information in a memory. In an execution program generation device, with respect to an original program that includes the secret operation, a combining function generation unit generates combining function processing for applying a bitwise self-dual function to an input value, a split secret information generation unit generates pieces of split secret information by performing an inverse operation of the self-dual function, a program conversion unit generates pieces of split secret operation processing each for performing the operation between each bit value of the operand information and a corresponding bit value of a different piece of the split secret information, and replaces the secret operation processing with the pieces of the split secret operation processing and the combining function processing.

Abstract: Provided is a method for setting a security channel between an OLT and at least one ONU in an EPON. In detail, a channel is generated by which the OLT makes a reciprocal security capability agreement with the ONU that wants to set a security channel in a discovery interval and then automatically registers the ONU with the security capability agreement. The security channel is set by which the OLT distributes an encryption key for the security with the ONU completed with the security capability agreement. A renewal point of the encryption key is shared by transmitting a message indicative of a time to change the encryption key between the OLT and the ONU both completed with the encryption key distribution.

Abstract: Cryptographic provider failover is performed. Upon receipt of a first security request, an integrated cryptographic provider constructs a table including a list of underlying cryptographic providers for service type algorithm pairs. The integrated cryptographic provider is one of the underlying cryptographic providers in the list. The underlying cryptographic providers are registered as hardware and software cryptographic providers in the list. The integrated cryptographic provider is registered as a routing cryptographic provider in the list. The list is arranged so that the integrated cryptographic provider has the highest priority. The integrated cryptographic provider specifies fai lover support for all registered service type algorithm pairs using one or more of the underlying cryptogaphic providers.

Abstract: A communication device having a private key and configured to implement an elliptic curve security mechanism for successful operation of which it: (a) receives a first value from another device, (b) computes a second value as the scalar multiplication of the first value with its private key and (c) returns that second value for use by the other device; the mechanism being such that the first value defines a pair of coordinates representing a first point and the second value defines a pair of coordinates representing a second point and being such that the first value is valid only if it lies on an elliptic curve of predefined form; the device being configured to implement the mechanism by the steps of: receiving data as the first value; making a first evaluation as to whether the first value is a singular point with respect to the elliptic curve; computing the second value as the scalar multiplication of the first value with the private key; making a second evaluation as to whether the second value lies on the

Abstract: An electronic device prior to entering a distribution channel is equipped with a Loss Prevention Client which permits limited use of the device until correct authentication is provided by a legitimate purchaser. By permitting limited use before authentication, the device remains both useful to a legitimate purchaser and valuable to a thief. While allowing operation in the possession of a thief, options can be provided to permit tracking of the device or to allow proper purchase of the device.

Abstract: A programmable electronic device (10) stores a number of cipher-text software modules (14) to which access is granted after evaluating a user's token (55, 80, 82), a software-restriction class (58) for a requested software module (14), and/or a currently active access-control model (60). Access-control models (60) span a range from uncontrolled to highly restrictive. Models (60) become automatically activated and deactivated as users are added to and deleted from the device (10). A virtual internal user proxy that does not require users to provide tokens (80, 82) is used to enable access to modules (16) classified in a global software-restriction class (62) or when an uncontrolled-access-control model (68) is active. Both licensed modules (76) and unlicensed modules (18,78) may be loaded in the device (10). However, no keys are provided to enable decryption of unlicensed modules (18,78).

Abstract: An application installing method according to the present invention in which an application file includes at least two application encrypting data in which the executable files are respectively encrypted using different encryption algorithms, and a license file includes at least two license encryption data in which application decryption keys for decrypting the application encryption data are encrypted using respectively different encryption algorithms. The process execution apparatus includes a calculation unit configured to execute the executable file, and a storage unit configured to store the application file and the license file. The method includes a step of decrypting the application encryption data by use of the application decryption key with the calculation unit based on the level of priority of the predesignated application encryption data stored in the storage unit, and installing the executable file corresponding to the application encryption data.

Abstract: A data transmission method is achieved by transmitting a contents data transmission request from a host device to a module; by dividing a first contents data into a plurality of blocks in the module; by transmitting the plurality of blocks from the module to the host device; and by combining the plurality of blocks to produce a second contents data. A plurality of data buses are used for the transmission of the contents data transmission request and the plurality of blocks.

Abstract: An information reproducing apparatus of the present invention includes a secure module and a main memory. The information in the secure module can not be accessed from outside. The secure module reads, using a direct access method, information relating to software stored in the main memory. The secure module checks a falsification of the software by comparing the information read with the information stored in advance in the secure module.

Abstract: A method and system for encouraging users of computer readable content to register. The method involves embedding in the computer readable content, instruction codes operable to direct a processor circuit to automatically establish a connection to a server, when the content is in use by the processor circuit, to transmit registration information to the server and operable to control further use of the content by the processor circuit in response to a key received from the server.

Abstract: This document describes tools that enable a computing device to receive an update to content management software. The tools also enable the computing device to generate new public and private keys without the use of a key server.

Abstract: Machine readable media, methods, and computing devices are disclosed which establish a protected memory channel between an operating system loader of a user partition and services of a management partition. One computing device includes protected storage, read only memory, firmware, a storage device and a processor. The storage device is to store the virtual machine monitor and an operating system having an operating system loader. The virtual machine monitor is to establish a protected memory channel between the one or more integrity services of a management partition and the operating system loader of a user partition in response to measuring and verifying the operating system loader based upon the manifest. The processor is to execute the code of the read only memory, the firmware, the virtual machine monitor, the operating system, the operating system loader, the management partition, and the user partition.

Abstract: A system and method are provided to generate a secure integrated development environment (IDE). In one embodiment, a plurality of modules in a source code associated with a conventional IDE is detected. One or more modules of the plurality of modules that are to be modified are identified. One or more modifying components are identified and are to be associated with the one or more modules that are to be modified. A secure IDE is generated by updating the conventional IDE by modifying the one or more modules in the source code associated with the conventional IDE, wherein the one or more modules are modified by associating the one or more modifying components to the corresponding one or more modules.

Abstract: A Tamper-Resistant Communication layer (TRC) adapted to mitigate ad hoc network attacks launched by malicious nodes is presented. One embodiment of the invention utilizes TRC, which is a lean communication layer placed between a network layer and the link layer of a network protocol stack. All aspects of the network protocol stack, with the exception of the routing protocol and data packet forwarding mechanism in the network layer, are unchanged. TRC takes charge of certain key functions of a routing protocol in order to minimize network attacks. Additionally, TRC implements highly accurate self-monitoring and reporting functionality that can be used by nodes in the network to detect compromised nodes. TRC of a node controls its ability to communicate with other nodes by providing non-repudiation of communications. The tamper-resistant nature of TRC provides high assurance that it cannot be bypassed or compromised.

Abstract: The present invention relates to a network device and a method for providing content compatibility between network devices having different respective digital rights management methods. The method includes exchanging security program lists of the network devices, comparing the security program list of one network device with the security program list of the other network device based on the exchanged security program lists, and installing a security program required for using content of the other network device according to the comparison result. Accordingly, there is an advantage in that the network devices using the different respective DRM-based security programs can exchange content with one another and use the content of the other network device by using the predetermined security program update methods.

Abstract: Aspects of the invention provide a method and system for coding information in a communication channel. More particularly, aspects of the invention provide an method and system for synchronous running encryption and/or encoding and corresponding decryption and decoding in a communication channel or link. Aspects of the method may include encoding and/or encrypting a first data using a first or second encoding table and/or a first or second encryption table. The method may indicate which one of the first or second encoding tables or which one of the first or second encryption tables were utilized for encoding and/or encrypting the said first data. The encoded and/or encrypted first data may subsequently be transferred downstream and decoded by synchronous decoder/decryptor using a corresponding decoding and/or decryption table.

Abstract: An information processing apparatus causes an encryption key data generating section to generate key data stored in a semiconductor memory by using encryption key source data read from the semiconductor memory and cipher generation data stored therein, and stores the key data in a temporary storage section. The information processing apparatus transmits data encrypted by an encryption circuit by using the key data. Upon receipt of the encrypted data, the semiconductor memory executes a command decrypted by a decryption circuit similarly using the key data. This achieves data communication only between the predetermined semiconductor memory and the information processing apparatus.

Abstract: A device for executing a cryptoalgorithm including a central processing unit for a first sub-group of operations and for a flow control of the cryptoalgorithm as well as a hardware circuit for a second sub-group of operations, wherein the first sub-group preferably includes arithmetic and/or logic operations, while the second sub-group includes rotation operations, permutation operations, substitution operations or selection operations.

Abstract: A communication system comprises a content provider system configured to receive a content request indicating content and a device identifier, determine a first key based on the device identifier, process the content using the first key to modify the content from an unprotected state to a protected state, and transfer the content in the protected state. The communication system further comprises an end user system configured to receive the content in the protected state and process the content with a second key to modify the content from the protected state to an unprotected state wherein the second key is internally hard coded to the end user system.

Abstract: Methods of authenticating a user design in a programmable integrated circuit. The methods utilize an identifier unique to the programmable IC and a data word taken from the user design. The data word can be unique to the design and can include a string of data taken from the configuration data for the design, or the values of circuit nodes read from selected points throughout the design. A function is performed on the identifier and the data word, producing a key specific to the user design as implemented in that programmable IC. The key is compared to an expected value. When the key matches the expected value, the user design is enabled. When the key does not match the expected value, at least a portion of the user design is disabled. Circuitry for performing the steps of the method can be implemented in the programmable resources of the programmable IC.

Abstract: A method and system for automating customer slamming and cramming complaints includes an automated reporting system having one or more receiving devices and a complaint module. Customers who want to report a slam or cram access the automated reporting system and report the complaint without having to speak with a customer service representative. The complaint module obtains the customer telephone number and retrieves customer account information using the customer telephone number. Using the customer account information, the complaint module extrapolates a type of complaint for the customer complaint and prompts the customer for information regarding the customer complaint and the type of the complaint. The customer provides customer responses to the prompts and the complaint module provides an indication to the customer regarding each customer response.

Abstract: The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node.

Abstract: An encryption processing apparatus and method in which the difficulty of encryption analysis based on power analysis can be increased considerably are provided. By dividing an original encryption processing sequence into a plurality of groups and by mixing the processing sequence by setting dummies as necessary, several hundreds to several thousands of types of different mixed encryption processing sequences can be set, and a sequence selected from a large number of these settable sequences is performed. According to this configuration, consumption power variations which are completely different from consumption power variations caused by a regular process possessed by the original encryption processing sequence can be generated, and thus the difficulty of encryption analysis based on power analysis can be increased considerably.

Abstract: A system and method for providing enhanced security for Over The Air (OTA) firmware changes defers decryption of a firmware image until it is transferred into a protected internal memory of a wireless device. An updated firmware image is encrypted at a source and transmitted to a wireless device having a processor, internal memory, and external memory. The wireless device stores the encrypted firmware image in its external memory. In response to receiving an instruction to load a new firmware image, the processor retrieves the encrypted firmware image from the external memory. The processor decrypts the encrypted firmware image and programs the internal memory in accordance with the decrypted firmware image.

Abstract: A storage means which can be accessed by an authentication apparatus stores content data, a first digest table including primary digest values corresponding to a plurality of data portions constituting the content data, a second digest table including secondary digest values corresponding to a plurality of data portions of the first digest table, and a digital signature generated from the second digest table. In a first reading step, the second digest table and the digital signature are read out from the storage means into a memory of the authentication apparatus. In a first authentication step, the authenticity of the content data is verified using the digital signature read out into the memory and the second digest table read out into the memory.

Abstract: Disclosed herein is an electronic device network having a plurality of associated electronic devices. The electronic devices may include an update agent adapted to decipher code and/or data segments. The update agent may also be adapted to modify and/or upgrade firmware and/or software components resident in the electronic devices by employing the deciphered code and/or data segments along with contents of an update. An update generator, resident in the electronic devices may employ deciphering techniques to the code and/or date segments to extract enciphered code and/or data segments. The update generator may also process the code and/or data segments to generate an update including difference information. The update generator may also be adapted to encipher difference information in the generated update.

Abstract: Briefly, a low-cost system and method for pseudo-random nonce value generation is disclosed.

Abstract: A semiconductor apparatus of the present invention includes a first to a fourth external terminals and a decoding circuit. The semiconductor apparatus in a first mode inputs a first encoded data from the first external terminal, decodes the first encoded data by the decoding circuit to generate a first decoded data, outputs the first decoded data from the fourth external terminal, and the semiconductor apparatus in a second mode, inputs a second encoded data from the first external terminal, outputs the second encoded data input from the first external terminal from the second external terminal, inputs the second encoded data output from the second external terminal from the third external terminal, decodes the second encoded data input from the third external terminal by the decoding circuit to generate a second decoded data and outputs the second decoded data from the fourth external terminal.

Abstract: A universal method and computer system for downloading game software to legacy gaming machines. A gaming machine includes a locked enclosure; a first computing device disposed within the locked enclosure, the first computing device being programmed to enable game play of the gaming machine; a second computing device disposed within the locked enclosure of the gaming machine, the second computing device being configured for network access, and an interface between the first and the second computing devices. The second computing device is configured to receive game software components over the network that are compatible with (e.g., executable by) the first computing device but not compatible with (e.g., not executable by) the second computing device and to transfer the received game software components to the first computing device over the interface. The second computing device may include, for example, a PC.