Abstract: A cipher processing apparatus for arithmetic operations of an FO function and an FL function comprising: an FL function operating unit for generating a 2N-bit output based on a first extension key; a partial function operating unit for generating an N-bit output based on second and third extension keys; an N-bit intermediate register for storing an output of the partial operating unit; a 2N-bit first data register for storing data based on the output of the FL function operating unit; and a controller for making the partial function operating unit perform six cycles, inputting an output of the intermediate register to the FL function operating unit, and storing the data based on the output of the FL function operating unit in the first data register, in a first case in which the FL function uses a result of an arithmetic operation of the FO function.

Abstract: The present invention relates to data rights management and more particularly to a secured system and methodology and production system and methodology related thereto and to apparatus and methodology for production side systems and are consumer side systems for securely utilizing protected electronic data files of content (protected content), and further relates to controlled distribution, and regulating usage of the respective content on a recipient device (computing system) to be limited strictly to defined permitted uses, in accordance with usage rights (associated with the respective content to control usage of that respective content), on specifically restricted to a specific one particular recipient device (for a plurality of specific particular recipient devices), or usage on some or any authorized recipient device without restriction to any one in specific, to control use of the respective content as an application software program, exporting, modifying, executing as an application program, viewing,

Abstract: Apparatus and method for synchronizing objects, e, g., encryption key objects, between pairs of appliances, particularly lifetime key management (LKM) appliances. Each LKM has a local sequence counter where increasing sequence numbers are generated and applied to objects. A peer counter is used to indicate the sequence number of an object synchronized from a peer appliance. When two appliances are synchronized, only those new objects with sequence numbers at least equal to or higher than that within the other appliance are transferred. When synchronized to each other, each appliance will have an up-to-date stored set of objects for all of the appliances in the group. Each object has a unique identification number that are compared to eliminate duplicate objects. During synchronization, if unique identification numbers match between a newly received object and a previously stored key, version numbers may be used to determine which object the receiving appliance should store.

Abstract: A device includes a key store memory that stores one or more cryptographic keys. A rule set memory stores a set of rules for accessing the cryptographic keys. A key store arbitration module grants access to the cryptographic keys in accordance with the set of rules. The device can be used in conjunction with a key ladder. The device can include a one-time programmable memory and a load module that transfers the cryptographic keys from the one one-time programmable memory to the key store memory and the set of rules to the rule set memory. A validation module can validate the cryptographic keys and the set of rules stored in the key store and rule set memories, based on a signature defined by a signature rule.

Abstract: A system and method for analyzing executable files on a computer is described. The method in one embodiment includes initiating, with an operating system of the computer, execution of a loader-process; loading, using the loader-process, code of a first executable file into an executable-memory of the computer; and executing the code of the first executable file, wherein the code of the first executable file unpacks other packed-code to generate unpacked code. In addition, the loader-process executes the unpacked code and stops execution of the unpacked code in response to the unpacked code attempting to make a potentially dangerous system call. The unpacked code is analyzed, in response to the unpacked code attempting to make the potentially dangerous system call, to assess whether the first executable file is a pestware file.

Abstract: Methods, devices, and systems are provided facilitating security within a network managed by a central coordinator. In some embodiments, the exchange of security keys is performed within one or more time slots that are defined by the central coordinator and known to stations exchanging these security keys. Furthermore, security, e.g., association may be initiated by one user action.

Abstract: A method and apparatus that provides information assurance attributes through a data providence architecture is disclosed. The method may include receiving a message having a data provenance wrapper, examining each data provenance record of the message and any attachments for discrepancies, identifying any discrepancies in the examination of each data provenance record of the message and any attachments; calculating a degree of trust based on any discrepancies identified in the examination of each data provenance record of the message and any attachments, and outputting the degree of trust to the user.

Abstract: A method and apparatus for managing digital content are provided. The apparatus for managing digital content generated by applying digital rights management (DRM) includes: a content execution unit executing digital content; and a control unit confirming whether or not digital content is in a first period in which the digital content can be normally executed, and controlling the content execution unit so that, if the digital content is in the first period, the digital content can be executed normally, and if the digital content is in a second period which is not in the first period, the digital content can be executed in a manner which can be distinguished from that of execution in the first period. According to the apparatus and method, execution of digital content, which is close to expiration, can be controlled, thereby managing the expiration of the digital content for a user.

Abstract: A video processing system may include a video deserializer, a video serializer and a programmable video processing device. The video deserializer may have an input for receiving a serial data stream containing video data and a serial to pseudo-parallel converter, coupled to the serial data stream, for generating a plurality of serial output lanes from the serial data stream. The video serializer may have a plurality of inputs for receiving serial data streams and a pseudo-parallel to serial converter, coupled to the plurality of input serial data streams, for generating a single serial data stream from the plurality of input serial data streams. The programmable video processing device may be coupled to the video deserializer and the video serializer, and may have a plurality of interface pins for receiving the plurality of serial output lanes from the deserializer and for transmitting the plurality of serial data streams to the serializer.

Abstract: There is disclosed a device, system, and method for a ROM BIOS based trusted encrypted operating system for use in a gaming environment. The gaming device includes a ROM storing a BIOS, a secure loader, an encrypted operating system, and a decryption key for decrypting the encrypted operating system. The decryption key is partitioned and scattered about the secure loader. The method includes initializing the BIOS, locating the decryption key, decrypting the encrypted operating system with the encryption key, verifying a plurality of check codes, and transferring control to the operating system. The check codes are verified responsive to decrypting the encrypted operating system. The check codes are dispersed about the operating system and are unrelated to the operating system. Control is transferred to the operating system responsive to verifying the check codes.

Abstract: The present disclosure is directed to a method and system for encrypting files based on security rules. In accordance with a particular embodiment of the present disclosure, a request to store a file on a storage device is received. At least one security parameter associated with a security profile of the file is identified. It is determined whether to encrypt the file by applying at least one security rule to the security parameter. The security rule includes selection criteria. The file is encrypted if the security rule indicates the file should be encrypted. The file is stored on the storage device.

Abstract: A motion estimator includes a shape, address and vector generator to produce control signals according to a selected size and shape of a search area comprising scan lines. A variable delay reads reference image data of a frame in which a matching macroblock is sought from a store under control of a variable delay control signal from the signal generator to align a current serial input stream of a current scan line with a serial input stream of an immediately preceding scan line. The aligned reference image pixel data is matched against pixel data of a current macroblock using a vector from the signal generator to produce a score representing a quality of the match. A best score together with the corresponding best vector is recorded and the best vector output.

Abstract: In one embodiment, techniques to validate certificates using authentication, authorization, and accounting (AAA) services are provided. A service receives a request from a requester for validation of a certificate. The request may include the certificate associated with the requester. The servicer creates a AAA request that includes the certificate. The AAA request is then sent to the AAA server. A response is then received from the AAA server that includes a result of the certificate validation and also AAA attributes associated with any AAA services performed. The servicer may then validate the proof of possession of the private key or perform other type of authentication calculations after receiving the response from the AAA server if the response indicates the certificate was validated. The servicer can then perform an action based on the certificate validation and AAA attributes.

Abstract: The present invention relates to an information processing apparatus and method, a recording medium, and a program which make it possible for persons at remote places to enjoy simultaneous playback of various contents while promoting the protection of the copyright or the privacy. A copyright authentication section 112 decides, based on copyright restriction information added to a content and license information stored in a license storage section 62, whether or not utilization of the content is permitted. An accounting processing section 114 is controlled in response to a result of the decision so that it cooperates with an authentication server to perform an accounting process. A privacy authentication section 115 decides, based on privacy restriction information added to the content and privacy information, whether or not utilization of the content is permitted.

Abstract: A method for using a network appliance to efficiently buffer and encrypt data for transmission includes: receiving, by an appliance via a connection, two or more SSL records comprising encrypted messages; decrypting the two or more messages; buffering, by the appliance, the two ore more decrypted messages; determining, by the appliance, that a transmittal condition has been satisfied; encrypting, by the appliance in response to the determination, the first decrypted message and a portion of the second decrypted message to produce a third SSL record; and transmitting, by the appliance via a second connection, the third record. Corresponding systems are also described.

Abstract: When distributing a set 101 of frames 102 each with encoded data 103 from a transmitter 104 to a receiver 105, a dependent frame 108 requires an independent frame 107 for decoding, and the transmitting 111 of the frames 102 from a buffer 110 at the transmitter 104 is reordered such that the dependent frame 108 is sent after the independent frame 107. In particular, a transmission policy wherein buffering 109 a further frame 125 takes into account both: if the further frame 125 requires zero, one or two frames 102 of the set 101 for decoding, and the current frames 102 buffered at the first and the second position 123 of the transmit buffer 110.

Abstract: An exemplary optimistic protocol for a two-party transaction includes a setup sub-protocol that includes an authorized Diffie-Hellman key agreement, an exchange sub-protocol that includes sending a certificate from a sending party to a receiving party and sending a receipt from the receiving party to the sending party and a dispute sub-protocol that includes a dispute resolution mechanism for resolving disputes between the sending party and the receiving party due to sending of an invalid certificate, due to sending an invalid receipt, or due to abortion of the exchange sub-protocol. Other exemplary methods, systems, etc., are also disclosed.

Abstract: A technique for allowing client-driven profile updates in a wireless network uses a shared character password and a shared image that is known by both a client device and a network server. In some embodiments, a random character table is generated by a client device and is used, along with the shared character password and shared image, to calculate a one-time password (OTP). The OTP is then used to both encrypt and sign a new security profile to be delivered to the network server in a profile update request. The server may then generate the same OTP using information within the request and the shared character password and shared image. The new profile may then be decrypted and validated within the server.

Abstract: The invention relates to a personal token (10) for authentication in a network comprising a piece of software for initiating an SSL connection by generating a message authenticating said token to a remote server (30) characterized in that the piece of software controls the processing of the message so as to use of a data (12) which is prestored in the token (10) and which is specifically associated with the remote server (30) so that the message can be interpreted only by the specific remote server (30).

Abstract: A threshold secret sharing apparatus, a threshold secret sharing scheme, a secret information recovery apparatus a secret information recovery method, and a program thereof are provided using XOR computation, thereby offering a general (k,n) threshold secret sharing scheme with high computation speed. Secret information K is divided into (np?1) divided pieces of secret information Kq (np is a prime number which is equal to or greater than a secret distribution number n). Furthermore, dummy secret information K0 is generated. Moreover, random numbers R, which are mutually independent are generated. Then, pieces of shares are created using exclusive-OR (XOR) operations based upon the dummy secret information K0, the divided piece of secret information Kq, and the random numbers R. The pieces of shares thus generated are concatenated so as to generate n shares Si, thereby providing a (k,n) threshold secret sharing scheme.