Abstract: Techniques are described for generating and actively verifying a boot code associated with a peripheral device of a computer system to prevent potential security threats the boot code may introduce into the computer system. The techniques for generating boot code entail generating the boot code from a high-level programming language using a verification application program interface (API). The API aids in generating a certificate, which is associated with the boot ode in that the certificate describes operation of the boot code. After generating the boot code and associated certificate, the two are loaded onto a memory module of the peripheral device. Once the peripheral device ie connected to the computer system, the computer system may retrieve the boot code and certificate. The computer system utilizes techniques to actively verify the boot code by performing a security check on the boot code in accordance with the associated certificate.

Abstract: A method, system, and network elements for authentication and authorization of a mobile terminal (MT) roaming to or in a foreign network different from its home network is provided, the home network having an authentication and authorization home server (AAAH), and the foreign network having a plurality of domains each of which comprises at least one local server (AAAL1, AAAL2) for authentication, authorization and accounting, each of which local servers being connected to at least one network access server (NAS) for handling access for mobile terminals roaming to or in the foreign network, wherein an authentication and authorization of the mobile terminal is performed whenever the mobile terminal performs a roaming, wherein the authentication and authorization is performed according to a procedure pursuant to one of a plurality of hierarchy levels, whereby a combination of network elements involved in the roaming determines the hierarchy level to be used.

Abstract: Systems and methods are described which utilize a recursive security protocol for the protection of digital data. These may include encrypting a bit stream with a first encryption algorithm and associating a first decryption algorithm with the encrypted bit stream. The resulting bit stream may then be encrypted with a second encryption algorithm to yield a second bit stream. This second bit stream is then associated with a second decryption algorithm. This second bit stream can then be decrypted by an intended recipient using associated keys.

Abstract: A peer connected device for controlling access by a client device to protected devices on a computer network. The peer connected device has a central processing unit and a network interface configured to receive address resolution requests broadcast on the computer network by the client device seeking access to one of the protected devices and to transmit address resolution replies generated by the apparatus on the computer network.

Abstract: The invention relates to a data storage medium having a semiconductor chip which has at least one memory in which an operating program is stored which contains a number of commands, with each command producing signals which can be detected from outside the semiconductor chip. According to the invention the data storage medium is designed in order to split secret data, which is stored in the semiconductor chip in order to carry out security-relevant or safety-relevant operations or is generated by this semiconductor chip, into at least three data parts, with an arithmetic unit being included in order to calculate a random number and in order to divide the random number, with the first data part being the integer result of the division process, the second part being the remainder of the division process, and the third part being the random number itself.

Abstract: Multiple entity control of access restrictions for media playback may include a first entity receiving a request for a media resource hosted by a third-party entity, the first entity authorizing a user to access the requested media resource and providing an indication to the third-party entity that the user is authorized to access the requested media resource, the third-party entity authenticating the user based upon a qualification specification, and delivering the requested media resource to the user.

Abstract: An arrangement is provided for performing the KASUMI ciphering process. The arrangement includes apparatuses and methods that parallelize computations of two FI functions in KASUMI rounds within one clock cycle and computes two consecutive FL functions in the KASUMI rounds within one clock cycle.

Abstract: In order to protect the user security data, provided is a memory card capable of preventing the data leakage to a third party not having the access authority by imposing the limitation on the number of password authentications and automatically erasing the data. In a system comprised of a multimedia card and a host machine electrically connected to the multimedia card and controlling the operations of the multimedia card, a retry counter for storing the number of password authentication failures is provided and the upper limit of the number of failures is registered in a register. When passwords are repeatedly entered once, twice, . . . and n times and the retry counter which counts the entries reaches the upper limit of the number of failures, the data is automatically erased so as not to leave the data in the flash memory.

Abstract: A method, system, and computer program product for using biometrics on pervasive devices for purposes of mobile identification. A biometric device of the prior art is attached to, or incorporated within, a pervasive device. This augmented pervasive device may then be used for capturing biometric information from an arbitrary third party in an arbitrary location. The captured information is analyzed to determine the third party's identification, access rights, etc. as needed by a particular application. This solution capitalizes on the portability and functionality of the pervasive device, as well as its built-in communication capability, to provide an extremely flexible, powerful biometric identification technique at relatively low cost.

Abstract: Disclosed herein is a method of analyzing and decrypting encrypted malicious scripts. The method of the present invention comprises the steps of classifying a malicious script encryption method into a case where a decryption function exists in malicious scripts and is an independent function that is not dependent on external codes such as run time library, a case where a decryption function exists and is a dependent function that is dependent on external codes, and a case where a decryption function does not exist; and if the decryption function exists in malicious scripts and is the independent function that is not dependent on the external codes, extracting a call expression and a function definition for the independent function, executing or emulating the extracted call expression and function definition for the independent function, and obtaining a decrypted script by putting a result value based on the execution or emulation into an original script at which an original call expression is located.

Abstract: A system for managing secure network connections among multiple FABs and OEMs is present that comprises: a plurality of VPN devices, one for each FAB and OEM; a plurality of dedicated isolation LANs, each one coupled to one of the plurality of VPN devices; and an e-diagnostic LAN, coupled to the plurality of dedicated isolation LANs, and operative to connect any OEM to any FAB according to authorization rules.

Abstract: A conditional access system is provided wherein digitized data are received in successive data packets at least some of which are scrambled. The digitized data contain content data and access control data. The system has a module with descrambler circuitry and a security device such as a smart card adapted to be coupled to the module to provide descrambling control data to the module as derived from the access control data. Selected ones of the data packets are encrypted in addition to being scrambled, and the access control data include decryption control data.

Abstract: A method for performing data integration between two or more computer systems provided over a network includes extracting data from a first database associated with a first computer system of first type, the extracted data having a first file format and a first character-set format. The data are encrypted using a first security key. The encrypted data are stored in a shared volume provided in a storage system, the storage system being coupled to a plurality of computer systems. The encrypted data are received from the shared volume of the storage system at a second computer system of second type, the first and second computer system being of different computer systems. The received data are converted from the first file format to a second file format, the first file format being suitable for the first computer system and the second file format being suitable for the second computer system. The received data are decrypted using a second security key that is associated with the first security key.

Abstract: A method and apparatus for initializing multiple security modules are provided. The method may comprise the acts of determining if the security module is a controlling security module or a subordinate security module, generating at least one key if the security module is the controlling security module, and receiving at least one key from another security module if the security module is the subordinate security module. The apparatus may comprise a detector that is adapted to determine if the security module is a controlling security module or a subordinate security module, a key generator that generates a key for the security module if the security module is the controlling security module, and a key receiver that receives a key from another security module if the security module is the subordinate security module.

Abstract: The invention concerns a cryptographic method whereby a second entity (B) verifies by means of a public key, a proof provided by a first entity (A), which consists in the generation by the first entity (A) of a first random number r much higher than any first integer s included in a private key kept secret by the first entity (A). The first entity (A) generates a first element of proof resulting from a modulo n exponentiation of a first integer G included or not in said public key and whereof the exponent is the first random number r. In combination with the first element of proof, a so-called common number, is generated so that the second entity (B) and the first entity (A) should have knowledge of the common number. The first entity (A) generates an image y of said private key by linear combination of the first random number r and of at least a first private key integer s. At least a multiplicative coefficient of the linear combination is said common number.

Abstract: A system for integrating security and access for facilities and information systems is provided including a computer server, information systems, and facility protection systems. The information systems and facility protection systems are coupled for communication to the computer server via a network. Facility protection systems represent an access control system for controlling entry/exit to areas of buildings, such as with badges or other ID Credentials and other systems, such as intrusion detection and fire systems, to provide protection in facility environments. Information systems each represent a computer system requiring user authorization, via computers or terminals capable of connecting thereto, to access information resources or network environments protected by the computer system. Information systems may also include information protection systems requiring user authorization for external access to other information systems.

Abstract: A registry architecture for securely sharing personal devices among different users is disclosed. The registry architecture is a distributed architecture that includes at least one registry server communicating over a network with at least one personal device. The architecture provides verification and authorization of users and applications on personal devices registered with the registry server. In addition, secure migration of applications between a first personal device and at least one second personal device may be performed as a function of the registry architecture. Further, the ability to securely share a personal device among different users is provided by identification of potential users of the personal device within the registry architecture.

Abstract: An apparatus, system, and method are directed towards parsing and selectively encrypting different portions of data in real-time, decrypting the encrypted data in real-time, and passing the data to a media player on a client computer or other network capable device. Data in a network packet may be parsed into payload and non-payload portions. The payload portion of the packet data may then be examined to determine whether a predefined type of the data is recognized. For example, in one embodiment, the predefined data type may be media content. If the payload portion is recognized as a predefined data type, then it may be selectively encrypted. The selectively encrypted payload portion and non-payload portion of the packet may then be combined, such that the non-payload portion may be employed by firewalls, proxies, and/or NATs to route the packet towards the client computer or other network capable device.

Abstract: Detecting loss of stream cipher synchronization between a transmitter and a receiver in a video processing system may be achieved by receiving, by the receiver, an encrypted video frame from the transmitter, obtaining an encrypted value for a selected pixel in the encrypted video frame, decrypting the encrypted pixel value using a first portion of the receiver's current key stream, re-encrypting the pixel value using a second portion of the receiver's current key stream, sending the re-encrypted pixel value from the receiver to the transmitter, obtaining, by the transmitter, a plaintext value for the selected pixel from a corresponding original video frame and encrypting the plaintext pixel value using a second portion of the transmitter's current key stream, and comparing the re-encrypted pixel value received from the receiver with the encrypted pixel value generated by the transmitter and detecting a loss of cipher synchronization when the values do not match.

Abstract: A method of controlling information exposure in a multiparty transaction includes an originating transaction participant cryptographically encoding all information for each of the transaction participants such that a unique data content and encryption are used for each of the messages destined to the other transaction participants. The cryptographically encoded messages are transmitted to the transaction participants such that each may decrypt their message and respond to a primary transaction participant with status concerning their portion of the transaction. After reception of affirmative status messages from the transaction participants, the primary transaction participant may transmit messages to the responding transaction participants to execute the multiparty transaction. The originating transaction participant may also be provided an indication that the multiparty transaction is executed.