Abstract: A system and method of controlling use of content in accordance with usage rights associated with the content. A request for content is analyzed by looking for a signature from a user device making the request to determine if the user device has security components for enforcing the usage rights. If the request does not have the signature, a software agent is sent to the user device to determine if the user device is secure and the request is resent with the signature if the user device is secure. Content is rendered with a rendering engine of the user device in accordance with the usage rights in response to the resent request.

Abstract: A system for securely transmitting an information package (10) to an addressee via a network (108) includes a directory interface (110) adapted to check a directory (112) to determine whether the addressee has a public key; an escrow key manager (116), coupled to the directory interface (110), adapted to provide an escrow encryption key for encrypting the package (10); a encryption module (114), coupled to the escrow key manager (116), adapted to encrypt the package (10) with the escrow encryption key; a computer-readable medium (118), coupled to the encryption module (114), adapted to store the package (10) in escrow for the addressee; a notification module (120), coupled to the computer-readable medium (118), adapted to send a notification to the addressee via the network (108); a key registration module (124), coupled to the notification module (120), adapted to issue, in response to the addressee acknowledging the notification, new public and private keys to the addressee; and a transmission module (122),

Abstract: The public-key encryption method uses the sender-side apparatus by the creator of a ciphertest and creates the ciphertext of a plaintext x (?{0, 1}n) in y1=f (x0k1G(r)), y2=H (x0k1G(r))r with respect to the published trapdoor-equipped unidirectional function f and the random functions G, H. Meanwhile, the receiver of the ciphertext, who has received the ciphertext by the receiver-side apparatus via the communications line, performs the decryption processing with the use of f?1, i.e., the secret key, in accordance with the steps inverse to those of the encryption processing.

Abstract: The invention relates to two cryptographic processes based on composition of multivariable maps: 1) low degree maps for asymmetric cryptographic communication process; 2) high degree maps for symmetric cryptographic communication process. The cryptographic process establishes a correspondence through either a low degree (asymmetric) or a high degree polynomial map (symmetric) between a first vector (X) represented by (x1, x2, . . . , xn) of a finite field (K) and a second vector (Y)=(y1, y2, . . . , ym) of the same field, n and m being integers not too small. The said polynomial map yi=fi(x1, x2, . . . , xn) is derived from composition of various nonlinear and linear maps. The novel elements for the asymmetric invention include the use of inseparable small variable maps with hidden equations, generalized de Jonquiere maps, and the combination of these maps with other maps.

Abstract: A host-based intrusion detection system (HIDS) sensor that monitors system logs for evidence of malicious or suspicious application activity running in real time and monitors key system files for evidence of tampering. This system detects attacks targeted at the host system on which it is installed and monitors output to the system and audit logs. It is signature-based and identifies and analyzes system and audit messages for signs of system misuse or attack. The system monitors the logs of applications running on the host, including mail servers, web servers and FTP servers. The system also monitors system files and notifies the system administrator when key system and security files have been accessed, modified or even deleted.

Abstract: A secure memory and processing system is disclosed for use in various types of communication devices. The secure processing system provides for the encryption and storage of sensitive data in a storage medium external to the secure processing system. The encrypted data is decrypted with encryption logic circuitry within the secure memory and transferred to a zeroizable memory for use by a host processor. The secure memory uses a laser-scribed encryption key coupled to encryption logic circuitry within the secure memory for encrypting and decrypting the sensitive information.

Abstract: A central processing unit comprising means for processing computer instructions. The Means for processing computer instructions includes means for receiving computer instructions and means for executing computer instructions. A secure memory unit is coupled to the processing means, and contains one or more resident security check programs therein. When the means for processing information receives a secure attention instruction through the receiving means the means for executing computer instructions interrupts the instructions it is executing, and executes the security check program by retrieving its instructions from the secure memory. The security check program returns the result of the check program. If the results are satisfactory, a cryptographic check key authenticates the result values transmitted to the source of the secure attention instruction. If the cryptographic check value is incorrect or non-existent, the source of the secure attention instruction is notified of a security problem.

Abstract: Described herein is one or more implementations for compressing one or more keys.

Abstract: Computing apparatus comprises a memory means storing the instructions of a secure process and an authentication process; a processing means arranged to control the operation of the computing apparatus including by executing the secure process and the authentication process; a user interface means arranged to receive user input and return to the user input; and an interface means for receiving a removable primary token and communication with the token. The token comprises a body supporting a token interface for communicating with the interface means, a token processor; and a token memory adapted to store token data including information for identifying the token and auxiliary token information identifying one or more authorized auxiliary tokens.

Abstract: A method of securely connecting a plurality of client computers to computer resources in a shared computer system by extending client network domains around computer resources in the shared computer system. The network domains of different clients remain isolated from one another in the shared computer system. The method includes associating each of the plurality of client computers with at least one virtual private network connection. The plurality of client computers are remotely connected to at least one virtual private network termination device in the shared computer system. The at least one virtual private network connection is established by the at least one virtual private network termination device. The at least one virtual private network connection is associated with a plurality of virtual local area networks. At least one of the computer resources in the shared computer system is associated with each of the plurality of virtual local area networks.

Abstract: Described herein is one or more implementations for allowing a user access to a unique data subset of a database.

Abstract: A method, computer program product, and apparatus for presenting data about security-related events that puts the data into a concise form is disclosed. Events are abstracted into a set data-type. Sets with common elements are grouped together, and summaries of the groups—“situations” are established from groups whose severity exceeds a threshold value. These groups and situations are then propagated up a hierarchical arrangement of systems and further aggregated so as to provide summary information over a larger group of systems. This hierarchical scheme allows for scalability of the event correlation process across larger networks of systems.

Abstract: A data processing method and system for generating a unique symmetric key inside a PSD having limited trust relationships between PSD manufacture, PSD issuer, subsequent service providers and a trusted third party.

Abstract: Techniques are provided for initializing, maintaining, updating and recovering secure operation within an integrated system. The techniques, which employ a data access control function within the integrated system, include authenticating by a current level of software a next level of software within an integrated system. The authenticating occurs before control is passed to the next level of software. Further, an ability of the next level of software to modify an operational characteristic of the integrated system can be selectively limited via the data access control function. Techniques are also provided for initializing secure operation of the integrated system, for migrating data encrypted using a first key set to data encrypted using a second key set, for updating software and keys within the integrated system, and for recovering integrated system functionality following a trigger event.

Abstract: Systems, methods and a modulated data signal are described herein that provide an efficient way to derive a single key from which a user can extract virtually any number of data encryption keys. A database is logically divided into segments and a small prime number is associated with each segment. An encryption key is derived for each segment in the database and a key set is determined for distributing a data subset to a user. Each segment is encrypted with the corresponding encryption key. A single key is derived using the prime numbers associated with the data segments and the single key, the encrypted database, and a small amount of public information is provided to the user. The user utilizes this information to extract the encryption key set from the single key. One implementation utilizes a tree structure to significantly reduce the number of modular exponentiations that must be calculated when extracting the encryption keys.

Abstract: Methods and systems for selectively encrypting and decrypting messages transmitted on a channel of a communication network, such as a broadcast channel, are provided. Group encryption keys are provided for one or more services utilizing the broadcast channel to communicate messages. A message associated with a particular service first receives an error check value, such as a cyclical redundancy check (CRC) value generated from the unencrypted message. The message is then encrypted using the group encryption key for the service and the CRC is added to the encrypted message and transmitted with a broadcast address of the communication network. A receiver then receives the message and determines that the CRC indicates an error (as it is generated from the encrypted message rather than the unencrypted message). The receiver then decrypts the message using the group encryption key for the service (assuming the receiver is authorized to receive the service, i.e.

Abstract: A variety of performance optimization techniques are provided that are based upon a history of a user's usage patterns. To reduce actual response time, the system prefetches information in anticipation of the user's request. To reduce perceived response time, if a response to the user's request is likely to be delayed, the system initiates other anticipated fast-response processes for the user. To ease the user's interaction with the system, the user's interface is dynamically modified to facilitate the entry of anticipated requests. To improve security, increased security measures are invoked when the user's request pattern is inconsistent with prior request patterns. At a system level, performance assessments and optimizations, including dynamic load balancing, are based on the prior usage patterns of mulitple users.

Abstract: A document or message is protected against forgery or repudiation by processing a selected part or parts of the text of the document or message to form a hash, usually of fewer characters than the selected part or parts of the text. The processing comprises retrieving numerical values which define the respective characters of the selected part or parts of the text and making a calculation using the numerical values of the successive characters. Preferably the hash is added to the text.

Abstract: Techniques are provided for initializing, maintaining, updating and recovering secure operation within an integrated system. The techniques, which employ a data access control function within the integrated system, include authenticating by a current level of software a next level of software within an integrated system. The authenticating occurs before control is passed to the next level of software. Further, an ability of the next level of software to modify an operational characteristic of the integrated system can be selectively limited via the data access control function. Techniques are also provided for initializing secure operation of the integrated system, for migrating data encrypted using a first key set to data encrypted using a second key set, for updating software and keys within the integrated system, and for recovering integrated system functionality following a trigger event.

Abstract: The invention presented describes a system and procedure for protecting against the espionage of secret information. A counter is allocated to each secret piece of information, in particular codes. The counter counts the number of uses of the secret information. In this, the counter is set to a starting value. Each use of the secret data element increases the counter state by a defined value. If the counter state reaches a maximum value, the use of the secret data element will be blocked. The blocking of the secret information can, however, be avoided if a defined event occurs before the maximum value of the counter is reached which automatically resets the counter state to its starting value. Any technical, economic or organisational condition can be defined as an event. Particular advantages of the invention presented are that each code can have its own counter allocated to it. In this way, different numbers of uses can be established for each code with regard to its function.