Abstract: A system and method for managing content for secure communications. The system includes an interface for receiving an encrypted message, a decryption module for decrypting the message into a clear text or other readable form and a key recovery module. The key recovery module recovers a key for the user associated with the encrypted message. The decryption module decrypts the message using the recovered key. The decrypted or clear text message is then routed or transferred for further processing or handling. The further processing includes policy enforcement, virus scanning, spam filtering and/or archiving.

Abstract: A device and method for placing the device in a locked state having an associated set of permitted tasks so as to permit the device owner to share the device with others but maintain security over aspects of the device. A task change request is evaluated to determine whether the requested task is permitted and, if so, the requested task is allowed; if not, then an authorization process is invoked to prompt the user to input authorization data. Upon verification of the authorization data, the device may be unlocked and the requested change implemented. The permitted tasks may designate specific applications, specific operations or functions within applications or at the operating system level, one or more currently open windows, and other levels of granularity.

Abstract: According to an aspect of the present invention there is provided a method of binding a security element to a device, comprising: generating a passkey to encrypt the security element, the passkey being a combination of attributes, and one of the attributes being a Device ID associated with said device. Preferably, the device is a mobile device. The combination of attributes may include the following: a) a build secret, the build secret consisting of a string which is generated when the software application is created; b) a salt, the salt consisting of a random string; wherein the build string and the salt are stored as non-printable strings within encryption code of the passkey.

Abstract: A computer implemented method of identity management for application access. The method includes identifying access enabling information for users. The access enabling information related to users of a first enterprise network to enable the users to access applications on a second enterprise network. The method includes obtaining the identified access enabling information from the first enterprise network, and storing the access enabling information in an identity data store. The method also includes provisioning the access enabling information from the identity data store to one or more applications on the second enterprise network to enable the users of the first enterprise network to access the one or more applications on the second enterprise network.

Abstract: This invention relates to a method for the transmission of management data to at least one multimedia unit or a group of multimedia units. This method is characterized in that said management data is sent in the form of at least one authorization message encrypted by means of at least one synchronization key (SK), the sending of said at least one authorization message being repeated cyclically and intended for said multimedia unit or said group of multimedia units, and in that the synchronization key is modified at least during each cycle.

Abstract: Methods and systems are disclosed for automatically tracking and controlling the capacity ratings of UPS units. The methods and systems provide a central server or repository for storing the capacity ratings, grant kVA and grant code authorized for each UPS unit along with a unique security key for each unit. When a customer purchases a capacity upgrade, the server updates the capacity rating for the customer's unit and issues an upgrade grant that includes the new rating and the grant code. The upgrade grant may thereafter be downloaded by a service technician and used to upgrade the unit. Alternatively, the upgrade grant may be downloaded directly to the UPS unit, and the unit's software and/or firmware may perform the upgrade automatically. In either case, the upgrade may be performed through a software modification, thus eliminating the need for the technician to physically swap out hardware. Such an arrangement helps ensure that only authorized capacity upgrades are performed.

Abstract: According to one embodiment, a backup system for an image forming apparatus includes: the image forming apparatus including an original data storage unit configured to store data, the image forming apparatus sending a backup copy of the data; and a backup apparatus electrically communicating with the image forming apparatus, the backup apparatus including a backup copy storage unit configured to save the backup copy received from the image forming apparatus, wherein the image forming apparatus further includes: a key generation unit configured to uniquely generate a key from an input key seed; an encryption and decryption unit configured to execute an encryption process and a decryption process in a symmetric-key cryptosystem using the key generated from the key seed by the key generation unit; and a nonvolatile memory unit configured to pre-store a first key seed, and the backup apparatus further includes: a nonvolatile memory unit configured to pre-store a second key seed.

Abstract: Effective aspects of stamping outbound e-mail are combined with a registration system for e-mail senders. A mail sender participates by registering From: line information with a trusted third-party repository known as a stamp authority. When the sender sends an e-mail message, a hash of the From: line is compared against the From: line information for the sender stored in the repository. If the result is a match, the e-mail is allowed to be sent, subject to any other restrictions imposed by the stamping process. If there is not a match, then the e-mail is prevented from being stamped.

Abstract: Effective aspects of stamping outbound e-mail are combined with a registration and entity identification system for e-mail senders. A mail sender participates by registering From: line and entity information with a trusted third-party repository known as a stamp authority. When the sender sends an e-mail message, the From: line is compared against the From: line information for the sender stored in the repository. If the result is a match, entity information is added and the e-mail is allowed to be sent. If there is not a match, then the e-mail is prevented from being stamped.

Abstract: A symmetric cryptosystem uses cascaded chaotic maps to encrypt plaintext and decrypt ciphertext. Received plaintext is encrypted using the cascaded chaotic maps to generate a ciphertext. The ciphertext can then be decrypted using the same cascaded chaotic maps in order to retrieve the plaintext.

Abstract: A wireless network system and a communication method, where an external network device easily and temporarily logs in and out of the wireless network. A key management device of the wireless network system includes a limited communication unit that receives encryption information from a wireless network device, a storage unit that stores authentication information for authenticating the wireless network device, and a key creating unit that creates an encryption key using the received encryption information to allow the wireless network device to log onto the wireless network. The key creating unit also transmits the created encryption key to the wireless network device.

Abstract: A computer system is disclosed that contains cryptographic keys and cryptographic key identifiers. The system has a repository cryptographic engine that communicates securely with a remote cryptographic engine, and the repository cryptographic engine is associated with a user data store. The user data store includes a hidden link including a session key identifier encrypted with a protection key. The hidden link is associated with a remote data entity. A key data store associated with the repository server includes a session key encrypted with a session-key-protection key. The session key is used to encrypt and decrypt the remote data entity. The system also includes a repository key exchange module operable to exchange the session key with a remote key exchange module.

Abstract: Effective aspects of stamping outbound e-mail are combined with a registration system for e-mail senders. A mail sender participates by registering From: line information with a trusted third-party repository known as a stamp authority. When the sender sends an e-mail message, the From: line is compared against the From: line information for the sender stored in the repository. If the result is a match, the e-mail is allowed to be sent. If there is not a match, then the e-mail is prevented from being stamped.

Abstract: Methods and apparatus provide for: dividing a quantity of data values into a plurality of blocks; dividing the plurality of blocks into respective sub-sets of blocks; computing an intermediate message authentication code block for each sub-set of blocks by performing a first cipher block chaining algorithm on the blocks of each sub-set of blocks; and computing a message authentication code block for the plurality of blocks by performing a second cipher block chaining algorithm on the intermediate message authentication code blocks.

Abstract: A medium having stored thereon a digital signature program used to cause a digital signature generating computer to function as: a digest generation unit which generates a digest from each of a plurality of messages; a collective signature generation unit which generates a single signature, as a collective signature, to be collectively affixed to the digests of the plurality of messages; an additional information generation unit which generates, for one of the plurality of messages, additional information including the collective signature, and information about other message for which the collective signature is generated; and a transmission unit which adds the additional information to the one of the plurality of the messages, and transmits the message to a signature verifying computer for verifying a signature.

Abstract: A provisioning method and mechanism for computer systems having embedded network devices. After an initial boot-up of a computer platform, an out-of-band (OOB) controller automatically connects to a corporate DHCP (Dynamic Host Configuration Protocol) server to obtain an IP (Internet Protocol) address and a domain name in which the computer platform is running. The domain name is concatenated with a pre-defined host name to obtain a FQDN (Fully Qualified Domain Name) for a provisioning server. The OOB controller then establishes a TCP connection to the provisioning server. A server certificate chain received from the provisioning server is validated. An attempt to login to the provisioning server is made. If corporate security policy dictates granting access to the computer platform, then provisioning configuration data is received over a secure and encrypted channel.

Abstract: Methods and apparatus provide for: reading encrypted boot code from a storage medium into a local memory associated with a first of a plurality of processors; decrypting the encrypted boot code using a trusted decryption function of the first processor such that the boot code is verified as being authentic; booting the first processor using the boot code from the local memory; and authenticating boot code for one or more of the other processors in the first processor prior to the one or more other processors booting up.

Abstract: We propose new systems for certificate revocation that are more economical and efficient than traditional ones. We also point out what we believe to be a structural problem in traditional public-key infrastructures, and various ways to solve it.

Abstract: An executable program including packed code is launched in an API-monitored environment, such as a sandboxed environment, in which each call to an API issued by the executable program is intercepted. A packer API profile list including one or more packer API profiles identifying associated sets of one or more APIs utilized by an associated known packer to unpack packed code is accessed. The executable program is allowed to run so long as the executable program issues calls to APIs within an API set of a packer API profile in the packer API profile list. When the executable program issues a call to an API not within an API set of a packer API profile in said packer API profile list, the packed code is assumed to be unpacked in memory as a memory image. The memory image is evaluated, e.g., scanned, for malicious code, and upon detection of malicious code, protective action is taken.

Abstract: The present invention relates to a method for method or system which is able to control access to a new computer user password reset. The system is preloaded with a random password that does not needed to be known by anyone. There are two main situations in which this method will be used. The first situation involves a locally managed password and account where the user does not log in to a domain. The second situation involves remote management, where the user logs in to a domain.