Abstract: Embodiments of an electronic circuit include a cryptographic engine which includes a key derivation function and encryption logic. The key derivation function combines a master secret key with a plurality of key modifiers including at least an operating system tag specific to an operating system, and derives an encryption key from the combined master secret key and plurality of key modifiers. The encryption logic is coupled to the key derivation function and encrypts data using the derived encryption key to generate a cryptographic binary large object (blob) for virtualized protected storage that is accessible only to the operating system specified by the operating system tag.

Abstract: The present invention relates to a content protection apparatus and method using binding of additional information to an encryption key. The content protection apparatus includes an encryption unit for creating an encryption key required to encrypt data requested by a user terminal and then generating encrypted data in which the data is encrypted. An additional information management unit manages additional information including authority information about the encrypted data. A White-Box Cryptography (WBC) processing unit generates a WBC table required to bind the encryption key corresponding to the encrypted data to the additional information. A bound data generation unit generates bound data in which the encrypted key is bound to the additional information, using a cipher included in the WBC table.

Abstract: A method and apparatus for detecting potentially misleading visual representation objects to secure a computer is described. In one embodiment, the method includes monitoring visual representation object creation with respect to the browser, accessing verification information, wherein the verification information comprises commonly used user interface elements for forming legitimate system messages, examining web data associated with the created visual representation objects, wherein the web data is compared with the verification information to identify imitating content within the created visual representation objects and modifying at least one of the created visual representation objects to accentuate the imitating content.

Abstract: The invention described herein provides a method and system for foiling a keylogger by creating a custom keyboard driver and passing the keystrokes directly to the browser in an encrypted format. The browser (which is used to access the Internet) has a component that decrypts the keystroke before it is sent to the website. Thus the present invention enables the user to go to any website and enter sensitive information (passwords, credit card numbers, etc.) without the keystrokes being intercepted by Keyloggers. In general terms, the invention described herein provides a method and system for (1) modifying the keyboard driver, (2) encrypting the keystrokes between the keyboard driver and the browser, and (3) notifying the user if the invention has been compromised.

Abstract: In accordance with at least one presently preferred embodiment of the present invention, there is broadly contemplated herein the managing of a POP not solely in the BIOS but at least partly in a more secure location. In accordance with a particularly preferred embodiment of the present invention, this location could be in a NVRAM (non-volatile random access memory) inside a TPM (trusted platform module). Most preferably, this location will contain code that the BIOS preferably will need to access and employ in order to complete the booting of the system.

Abstract: A recursive web crawling and analysis tool that includes conducting an initial crawl of a target to identify testable or analyzable objects. The objects are then parsed to identify vulnerabilities, as well as additional objects that can be analyzed. An attack is then launched against the analyzable objects in an effort to break or verify the vulnerabilities. During this attack, additional analyzable objects may be discovered. If such additional objects are discovered, the web crawler is invoked on the additional objects as well, and the results of the crawl are fed back into the parser and attacker functions.

Abstract: A high-speed security device for network connected industrial controls provides hybrid processing in tandem hardware and software security components. The software security component establishes state-less data identifying each packet that requires high-speed processing and loads a data table in the hardware component. The hardware component may then allow packets matching data of the data table to bypass the software component while passing other non-matching packets to the software component for more sophisticated state analysis.

Abstract: An information processing device includes: a local memory unit for storing data including an encrypted content; a memory for storing data including key information used to reproduce the encrypted content; and a data processing unit performing a process of writing data to the local memory unit and the memory, and a process of reproducing the encrypted content, wherein the data processing unit performs a process of writing encrypted content downloaded from a server or encrypted content copied from a medium to the local memory unit, and performs a process of decoding the encrypted content or a validity authenticating process using the data stored in the local memory unit and the data stored in the memory when reproducing the encrypted content written to the local memory unit.

Abstract: A system for increasing a tamper resistance of a digital data processing unit, comprises a first unit (901) comprising processing means (906) for processing the received digital data in dependence on values looked up in at least one look-up table (916) based on values in the received digital data. The system further comprises a second unit (902) comprising means (912) for computing at least one value for inclusion in the digital data causing the first unit (901) to look up at least one predetermined value in the look-up table (916) when processing the digital data. It comprises an inserter (910) for including the at least one value in the digital data, and an output (908) for transmitting the digital data to the first unit.

Abstract: An image input device which includes a means for inputting image data, a memory for storing secret information and an operator for carrying out an operation by using the image data and the secret information.

Abstract: Database management and security is implemented in a variety of embodiments. In one such embodiment, data sets containing sensitive data elements are analyzed using aliases representing sensitive data elements. In another embodiment, the sensitive data elements are stored in an encrypted form for use from a secure access, while the alias is available for standard access.

Abstract: The systems and methods of the present invention provide a solution that makes data provably secure and accessible—addressing data security at the bit level—thereby eliminating the need for multiple perimeter hardware and software technologies. Data security is incorporated or weaved directly into the data at the bit level. The systems and methods of the present invention enable enterprise communities of interest to leverage a common enterprise infrastructure. Because security is already woven into the data, this common infrastructure can be used without compromising data security and access control. In some applications, data is authenticated, encrypted, and parsed or split into multiple shares prior to being sent to multiple locations, e.g., a private or public cloud. The data is hidden while in transit to the storage location, and is inaccessible to users who do not have the correct credentials for access.

Abstract: A data encryption device is connected between an HDD and an HDD controller that controls the HDD. The data encryption device encrypts data that is stored from the HDD controller to the HDD, and decrypts data that is read from the HDD. A CPU of the data encryption device receives a command issued from the HDD controller to the HDD, and determines whether the command is executable at the HDD. When it is determined that the command is executable, the command is issued to the HDD. On the other hand, when it is determined that the command is unexecutable, the CPU prohibits issuance of the command to the HDD. Furthermore, when a command issued to the HDD is a specific command, the CPU bypasses data transferred between the HDD controller and the HDD without encryption or decryption.

Abstract: The invention includes a method and apparatus for notification and delivery of messages to mobile users using a secure client associated with a user device. The secure client includes a power module, a communication module, a storage module, and an alert module. The power module powers the client device independent of a power state of the user device. The communication module receives a wake-up message and responsively triggers the secure client to switch from an inactive state to an active state without changing the power state of the user device, initiates a secure connection with a secure gateway in response to the wake-up message, and requests and receives a user message from a messaging application using the secure connection. The storage module stores the received message independent of the power state of the user device. The alert module activates an alert to indicate that the message is available.

Abstract: A system, method, and computer program product are provided for mounting an image of a computer system in a pre-boot environment for validating the computer system. In use, an image of a computer system is mounted in a pre-boot environment of the computer system, where the image includes a file system structure and initialization data of the computer system. Furthermore, at least one task is performed on the mounted image for validating the computer system.

Abstract: The invention relates to a method of securing a changing scene composed of at least one element and intended to be played back on a terminal. According to the invention, such a method comprises the following steps: creation (10) of at least one security rule, defining at least one authorization to modify said scene and/or at least one element of said scene and/or an authorization to execute at least one command in a context of playing back said scene on said terminal; allocation (10) of a security policy, comprising at least one of said security rules, to said scene and/or to at least one of said elements of said scene.

Abstract: A printing system and printer with an electronic signature capability, and a method thereof are provided. To print security documents using an electronic signature stored in a portable memory, the printing system of the invention includes a portable memory for storing an electronic signature. A memory interface connects detachably to the portable memory. A printer receives the electronic signature from the memory interface, composes the received electronic signature with print data, and executes a print operation. Accordingly, a stamping or signature process on numerous documents can be facilitated, and excessive stamping or signature execution can be prevented. Moreover, the electronic signature of the invention can be executed on various types of forms or documents.

Abstract: A removable drive such as a USB drive or key is provided for connecting to computer devices to provide secure and portable data storage. The drive includes a drive manager adapted to be run by an operating system of the computer device. The drive manager receives a password, generates a random key based on the password, encrypts a user-selected data file in memory of the computer device using the key, and stores the encrypted file in the memory of the removable drive. The drive manager performs the encryption of the data file without corresponding encryption applications being previously loaded on the computer system. The drive manager may include an Advanced Encryption Standard (AES) cryptography algorithm. The drive manager generates a user interface that allows a user to enter passwords, select files for encryption and decryption, and create folders for storing the encrypted files on the removable drive.

Abstract: A monitoring system includes at least one monitoring devices coupled to electrical power distribution system at selected locations for collecting data related to the operation of the monitored system. The monitoring device(s) includes a communication port and processors programmed to segment the collected data into blocks optimized for user analysis operations, encrypt the segmented blocks of data, bundle the encrypted blocks of data with unencrypted metadata that identifies the data blocks by at least the monitoring location at which the encrypted blocks of data were obtained and the type of data, and transmit the encrypted blocks of data with the unencrypted metadata. The system includes at least one client device that has a communication port that is coupled to the monitoring device(s) and the client device and that has a processor programmed to generate and transmit queries regarding selected ones of the encrypted blocks of data.

Abstract: Code of a software product is delivered by embodying, on a computer-readable storage medium, installation code for installing the software product code on a computer and DRM code for permitting the installation only if a predetermined condition is satisfied. If the condition is violated, the installation code is erased and that part of the storage medium then is available for general use.

Abstract: A system and method identifies one of several security token services that can be used to convert an identity token into one containing content, a format and having a signature corresponding to a signing key name that a software service can use. The identification of the security token service that may be used to perform the conversion is made using machine readable information about the signing key name that the software service can use.

Abstract: A method and system for securing a handheld computing device is described. A personal encryption device may be physically connected to a handheld computing device. Responsive to the connection, a main screen user interface may be displayed on a display of the handheld computing device. The main screen user interface may include at least one cryptography option for a user of the handheld computing device. A user-defined input representative of selection of a first cryptography option of the at least one cryptography option may be received, and at least one cryptography process associated with the selected first cryptography option may be implemented by the handheld computing device and personal encryption device. The cryptography options may include encryption, decryption, digital signatures, and digital signature verification.

Abstract: A system and method of recovering encoded information contained in a device by storing and retrieving at least part of the necessary decoding data by setting and measuring the physical characteristics of the device. Storage and recovery options include, but are not limited to, measurement of electronic or optical characteristics of electrically or optically conductive portions of the device using a range of measurement techniques that include, but are not limited to, time-domain reflectometry.

Abstract: A portable storage medium adapter, which is connected to a computer to store data received from the computer in a portable storage medium, includes a holding part that detachably holds the portable storage medium, a detecting part that detects an unloading operation of the portable storage medium by a user, and a disablement executing part that executes a disabling process to disable external access to the data stored in the portable storage medium at a time when the unloading operation is detected in the detecting part.

Abstract: A secure execution environment for execution of sensitive code and data including a secure asset management unit (SAMU) is described. The SAMU provides a secure execution environment to run multiple instances of separate program code or data code associated with copy protection schemes established for content consumption. The SAMU architecture allows for hardware-based secure boot and memory protection and provides on-demand code execution for multiple instances of separate program code or data provided by a host processor. The SAMU may boot from an encrypted and signed kernel code, and execute encrypted, signed code. The hardware-based security configuration facilitates the prevention of vertical or horizontal privilege violations.

Abstract: A wireless communications validation system comprises a validation module configured to determine an identity of an antenna disposed in a computer system and an identity of a wireless module disposed in the computer system, the validation module configured to validate permissible combination of the antenna with the wireless module.

Abstract: There is provided a computer-implemented method for authentication, the method comprising: defining a demanded level of security in an authorization service of a server; providing at least one authentication mechanism comprising at least one instance for at least one client; providing a policy comprising a security level for the at least one instance; receiving at least one request from the client to the server; authenticating the request based on the policy and the demanded level of security by the authentication service; and permitting the request if the demanded level of security is reached.

Abstract: A device receives protected content and a license for the content, unprotects the content using an input key and retrieves a rule associated with the input key. The device then processes the content to create new content, retrieves at least one output key associated with the input key in the retrieved rule, protects the content using the output key and sends the newly protected content and the corresponding license. It is thus possible to impose a work flow as it is necessary for a device to store a particular key in order to access the content and as the rule imposes a particular output key depending on the input key. In a preferred embodiment, the content is scrambled using a symmetrical key that is encrypted by an asymmetrical key in the license. An alternate embodiment uses watermarking techniques instead of encryption. The invention finds particular use in video processing.

Abstract: A natural language dependent stream cipher is provided to increase complexity of stream cipher encryption. In one aspect, a message is received from a sender as an input in a first natural language and is translated into a selected second natural language. A binary Unicode representation of the input in the second natural language is created. An XOR operation is performed on the binary Unicode representation of the input in the second natural language and a binary key to generate an encrypted output. The encrypted output is sent to a receiver. The encrypted output may be decrypted by the receiver in the reverse of the encryption process. The decryption process yields the original message for viewing by an end-user of the system for a natural language dependent stream cipher.

Abstract: An improved method, apparatus, and computer instructions for processing outbound traffic passing through a port. This port is for a server and receives a request from a client. The request includes a universal resource identifier to a destination. A determination is made as to whether the request requires encryption using the universal resource identifier in the request. The request is sent through the port to the destination in an encrypted form, in response to a determination that the request requires encryption.

Abstract: An embodiment of the present invention proposes a new secure microprocessor for software protection. The invention presents a secure microprocessor, which embeds a symmetric encryption/decryption hardware a symmetric key (Embedded Key), and a safe cache. The symmetric encryption/decryption is the same for all microprocessors, but the Embedded Key is unique for each microprocessor.

Abstract: Enhancing locality in a security co-processor module of a computing system may be achieved by including one or more additional attributes such as geographic location, trusted time, a hardware vendor string, and one or more environmental factors into an access control space for machine mode measurement of a computing system.

Abstract: The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node.

Abstract: A crypto-engine for cryptographic processing has an arithmetic unit and an interface controller for managing communications between the arithmetic unit and a host processor. The arithmetic unit has a memory unit for storing and loading data and arithmetic units for performing arithmetic operations on the data. The memory and arithmetic units are controlled by an arithmetic controller.

Abstract: A system and method for modifying a processor system with hypervisor hardware to provide protection against malware. The processor system is assumed to be of a type having at least a CPU and a high-speed bus for providing data links between the CPU, other bus masters, and peripherals (including a debug interface unit). The hypervisor hardware elements are (1) a co-processor programmed to perform one or more security tasks; (2) a communications interface between the co-processor and the debug interface unit; (3) a behavioral interface on the high-speed bus, configured to monitor control signals from the CPU, and (4) an access controller on the high-speed bus, configured to store access control data, to intercept requests on the high-speed bus, to evaluate the requests against the access control data, and to grant or deny the requests.

Abstract: A system, method, and computer program for protecting numerical control codes, comprising decrypting an encrypted text file that defines how an event for a tool path data set is processed; processing said decrypted text file to obtain a set of instructions; formatting said set of instructions according to a definition file; and outputting said set of formatted instructions; whereby postprocessed machine controls are written and appropriate means and computer-readable instructions.

Abstract: The present invention provides a method for obtaining a proxy call session control function address, comprising when a terminal accesses an IP multi-media subsystem through a world interoperability for microwave access (WiMAX) network in roaming scenarios, a visited authentication, authorization, and accounting server (V-AAA) of the terminal retransmitting an access request message sent by an access service network (ASN) or a dynamic host configuration protocol (DHCP) or a home agent (HA) of said terminal to a home authentication, authorization, and accounting server (H-AAA) of said terminal after receiving the access request message, and H-AAA finally deciding whether the P-CSCF is located in a visited network or a home network according to a roaming protocol and visited network capability, and returning the determined P-CSCF address information, included by H-AAA in an access accept message corresponding to said access request message, to the sender of said access request message through V-AAA.

Abstract: A method is provided for visually encrypting at least one part of an at least partially compressed video stream or video sequence, it being possible for said stream to be decomposed into a first type of objects and a second type of objects, the method being applied on each of the images contained in a video sequence, including at least the following steps: analyzing the sequence in the compressed domain so as to define for a given image N at least one first group of objects to be protected by visual encryption and a second group of objects, the transformed coefficients and the motion estimation vectors being transmitted directly to step d) of compression, predicting on the basis of the data arising from the analysis in the previous step of the compressed image N, the position of the objects for a following image N+1, determining the splitting into slices or into groups of slices of the image N+1, compressing the first group of objects of the image N+1 and ciphering at least one part thereof, transmitting t

Abstract: Devices and methods for securely storing data are provided. A device for constructing an encryption key comprising a tamper-protection barrier that encloses one or more memory devices is provided. The memory stores data for constructing the encryption key. The memory may include a single memory device or a plurality of memory devices. The tamper-protection barrier also encloses a security processor configured to combine the data stored in the memory based in part on a function, such as a logical exclusive-or (XOR) function, to construct the encryption key. The stored data in the memory may include partial keys. These partial keys may be created based in part on applying the XOR function to an encryption key.

Abstract: Systems and methods for selectively providing access to a media device based on a profile associated with the media device. In certain embodiments, the profile of the media device can be user-defined as a development profile or a personal profile. When the device is connected to a host computer system, the profile of the media device is accessed. If the profile of the media device is a development profile, an integrated development environment on the host computer system can access the media device. If the profile of the media device is a personal profile, the integrated development environment is prevented from accessing the device.

Abstract: Server-side encrypted pattern matching may minimize the risk of data theft due to server breach and/or unauthorized data access. In various implementations, a server for performing the server-side encrypted pattern matching may include an interface component to receive an encrypted query token. The server may further include a query component to find a match for the encrypted query token in the encrypted data string. The query component may find such a match without decrypting the encrypted data string and the encrypted query token by using an encrypted dictionary that includes information on the edges of the encrypted suffix tree.

Abstract: A method and terminal for implementing hot-plug of a smart card are disclosed. The method includes: during the process of playing mobile multimedia, a descrambling library sending request information for obtaining a program key to a smart card driving module, which judges whether a smart card is in a plug-in state or a pull-out state after receiving the request information: if in the plug-in state, the smart card driving module forwarding the request information to the smart card, receiving response information returned by the smart card, forwarding the response information to the descrambling library, and meanwhile forwarding the response information to a virtual smart card module to save; if in the pull-out state, the smart card driving module forwarding the request information to the virtual smart card module, which returns the saved response information to the smart card driving module, which forwards the response information to the descrambling library.

Abstract: An apparatus, system, and method are disclosed for interfacing a driver with an encryption source that uses a communication module that allows the driver and the encryption source to communicate messages to one another, wherein the messages result in the encryption source providing encryption data that the communication module relays to the driver.

Abstract: A protocol for total email and collaborative software (e.g., Exchange-brand server) session security. By way of example, securing the traffic between two servers within the same organization or cross organizations is critical to maintaining privacy of electronic data and communications. For example, securing communications between two Exchange-brand servers is particularly useful for individuals and organizations that routinely send and receive confidential information via electronic mail. It is important for the receiving side (server) to authorize the sending side (client) to send the information; the sending side should authorize the receiving side to receive information to prevent unauthorized information disclosure. The novel system and/or protocol disclosed herein can provide a mutually authenticated, authorized, and encrypted channel between two servers both within the same organization and across disparate organizations.

Abstract: Various embodiments of a system and method for reporting and measuring consumption of media content are described. Embodiments may include computing a set of registration hash values for an encrypted content file representing each of one or more content items. To distribute a content item to a consumer, an encrypted content file representing the content item is delivered to a content viewer system. At the content viewer system, a set of playback sums is computed that corresponds to segments of the content item actually played on the content viewer system. The playback hash values can be matched with registration hash values to establish that one or more segments of a content item associated with the matched hash values have been played.

Abstract: A system detects an attack on the computer system. The system identifies the attack as polymorphic, capable of modifying itself for every instance of execution of the attack. The modification of the attack is utilized to defeat detection of the attack. In one embodiment, the system determines generation of an effective signature of the attack has failed. The signature is utilized to prevent execution of the attack. The system then adjusts access to an interface to prevent further damage caused to the computer system by the attack.

Abstract: A computing system and method providing normal security services and high security services are disclosed. The computing system includes hardware resources, a processor core and an access right checker. The hardware resources are grouped into resource security levels. The processor, switching between a normal security and a high security state, assigns a user access right to a request. In comparison with the normal security state, user access right assigned in the high security state further allows the request to use the hardware resources of a higher resource security level. According to the assigned user access right and the resource security levels of required hardware resources of the request, the access right checker determines whether the request has the authority to use the hardware resources, and thereby, the access right checker executes the request or responds the issued request with an exception.

Abstract: A method for security monitoring of an electronic device includes determining whether a storage system of the electronic device is a secured storage system according to a signal of a first switch of the electronic device, determining whether an encryption key of the secured storage system is modifiable according to a detected signal of a second switch of the electronic device. Decrypting the secured storage system using a decryption key if the decryption key is the same as a preset decryption key in the secured storage system.

Abstract: The present invention facilitates convenient and secure distribution of proprietary content. A present secure content enabled drive system and method permits flexible use of storage medium for both protected distribution of information and user definable storage use. In one embodiment, a computer readable storage medium includes an unprotected information portion, a protected information portion and a protection interface. The unprotected portion stores unprotected information. The protected content portion stores protected information. The protection interface protects information in the protected content portion from unauthorized access.

Abstract: A system and method efficiently deletes a file from secure storage, i.e., a cryptainer, served by a storage system. The cryptainer is configured to store a plurality of files, each of which stores an associated file key within a special metadata portion of the file. Notably, special metadata is created by a security appliance coupled to the storage system and attached to each file to thereby create two portions of the file: the special metadata portion and the main, “file data” portion. The security appliance then stores the file key within the specially-created metadata portion of the file. A cryptainer key is associated with the cryptainer. Each file key is used to encrypt the file data portion within its associated file and the cryptainer key is used to encrypt the part of the special metadata portion of each file. To delete the file from the cryptainer, the file key of the file is deleted and the special metadata portions of all other files stored in the cryptainer are re-keyed using a new cryptainer key.