Abstract: An object of the present invention is to prevent data from being tampered with, and to prevent operation mistakes, when sending and receiving data between a management software managing storage devices. Encrypting predetermined information by using a first key managed by a first manager when temporarily keeping the predetermined information in a data holding unit; decrypting the predetermined information encrypted with a second key kept in a storage device managed by a second storage manager when moving the encrypted predetermined information to the second storage manager; and arranging the predetermined information in the second manager based on the decryption result.

Abstract: A computer implemented method of video data encoding generates a mask having one bit corresponding each spatial frequency coefficient of a block during quantization. The bit state of the mask depends upon whether the corresponding quantized spatial frequency coefficient is zero or non-zero. The runs of zero quantized spatial frequency coefficients determined by a left most bit detect instruction are determined from the mask and run length encoded. The mask is generated using a look up table to map the scan order of quantization to the zig-zag order of run length encoding. Variable length coding and inverse quantization optionally take place within the run length encoding loop.

Abstract: In an automated data storage library, selective encryption for data stored or to be stored on removable media is provided. One or more encryption policies are established, each policy including a level of encryption one or more encryption keys and the identity of one or more data cartridges. The encryption policies are stored in a policy table and the encryption keys are stored in a secure key server. A host requests access to a specified data cartridge and the cartridge is transported from a storage shelf in the library to a storage drive. Based on the identity of the specified cartridge the corresponding encryption policy is selected from the table and the appropriate encryption key is obtained from the key server. The storage drive encrypts data in accordance with the key and stores the data on the media within the specified data cartridge.

Abstract: A security control verification and monitoring subsystem of a managed computer system performs security control verification operations regularly and for each security control verification operation determines the applicable security benchmark level for use by a given computer. The subsystem assigns security risk categories to groups of computers based, for example, on overall system or group administrator supplied potential impact settings and/or system type and business or information type selections. The subsystem further associates the security risk categories with security benchmark levels based on mapping information supplied by the overall system or group administrator. The subsystem then directs the computer to benchmark definition files based on the assigned security risk category, the associated security benchmark level and attributes of the computer.

Abstract: A BD-ROM stores a disc root certificate that is issued by a root certificate authority and assigned to the disc medium. An application manager acquires a hash value from the disc root certificated and verifies the authenticity of an application by using the hash value. If the authenticity is verified, a virtual machine executes the application. A local storage has a plurality of domain areas. From among the plurality of domain areas, a security manager allocates to the application a domain area that corresponds to the hash value.

Abstract: An authenticating system is provided including a client and a receiver. The client creates a first hash value using a first hash algorithm, and creates a second hash value from the first hash value. The receiver receives a first hash algorithm identifier from a server, transmits the second hash value, and receives an authentication result. The server stores a third hash value created using a second hash algorithm identifier, transmits the first hash algorithm identifier to a PC, receives the second hash value, determines if the second hash algorithm identifier coincides with the first hash algorithm identifier, creates a fourth hash value from the third hash value using the first hash algorithm where it coincides, determines whether the second hash value coincides with the fourth hash value, transmits that the authentication is successful where it coincides, and transmits that the authentication is unsuccessful where it does not coincide.

Abstract: Information, such as audio visual information, is secured by self-decay of the information over time. For instance, a date stamp and decay rate embedded in an encrypted audio or visual digital media file can be applied to decrypt the file to a predetermined decayed state, such as a degraded playback quality. One or more keys can be included with the information to allow undecayed decryption but expire after use or a predetermined time period. In one embodiment, the decayed state can comprise gaps formed at intervals in the information, the gaps having increased length for decreased quality. In an alternative embodiment, the decayed state can be a reduced sample rate for a compressed digital media file.

Abstract: A data file reproduction system has a data file supplying apparatus that extracts video data and audio data from a received data file, compresses the extracted video and audio data and produces a compressed data file containing the compressed audio and video data together with meta data or navigation data determined from the received data file for enabling navigation of the original data file. The compressed data file is then copy-protected. Upon request, the copy-protected compressed data file is communicated to a reproduction apparatus.

Abstract: A method for detecting a disturbance of a calculation, by an electronic circuit, of a result of an integral number of applications of an internal composition law on elements of an abelian group, by successive iterations of different steps according to the even or odd character of a current coefficient of a polynomial representation of said integral number, the degree of which determines the number of iterations, each iteration including: in case of an odd current coefficient, updating at least one first variable intended to contain the result at the end of the calculation; and in case of an even current coefficient, of updating a second variable and a comparison of this second variable with an expected value.

Abstract: A method starts and operates a computer with an operating system held on a replaceable storage medium. The method includes: checking the authenticity of the replaceable storage medium and/or checking a user's authority for executing the operating system held on the replaceable storage medium. The operating system held on the replaceable storage medium is executed if the replaceable storage medium is authentic and/or the user is authorized to use the operating system. Checking the authenticity of the replaceable storage medium and the user's use authority ensures the integrity of the operating system. Thereby, modifications to the operating system and to the computer are made more difficult. The invention also relates to a computer and a replaceable storage medium which are suitable for carrying out the method.

Abstract: A memory device includes a storage unit having a decryption key storage section that stores key information for decryption and a data storage section that stores to-be-read data requested from the exterior, and a decryption control unit capable of decrypting an externally input encrypted read instruction and address based on the key information stored in the decryption key storage section, and causing data corresponding to the decrypted read instruction and address to be output from the data storage section. The decryption key storage section is composed of arrays of a flash memory.

Abstract: A process is described which permits particularly rapid writing and reading of small files, such as e-mails and scanned documents, for legally relevant WORM data storage which preserves evidential integrity. The process is implemented using currently available operating systems and standard hardware, wherein the disadvantages of these operating systems in the processing of many small files and the insecurity of the data storage are overcome by the architecture of the hardware and the implementation of the process. In accordance with the invention there are on a first hard disc (4) an operating system (5) and also WORM server software (6) with an API (12), a second hard disc (7) serves as a work area and cache, wherein the secured data are loaded onto mass memory units (11) in content storage containers (CSCs), using the WORM server software (6) access rights are configured, CSCs are loaded, the number of files is reduced and secure storage is carried out.

Abstract: A secure file service includes a cryptographic processor (302, 602) and a secure file system (301, 601). The cryptographic processor is comprised of a trusted microprocessor and a trusted operating system executing on the trusted cryptographic processor. The cryptographic processor includes hardware and software for accessing at least one classified data file from the secure file system, decrypting the classified data file, and serving the classified data file in decrypted form to a secure user processor (402, 502, 702) that has requested the file. The secure file system can be either a single-level secure file system (301) or a multi-level secure file system (601).

Abstract: Various embodiments of methods and apparatuses for managing authentication key contexts are described herein. In various embodiments, the methods and apparatuses include purging an authentication key context of a supplicant after handing off the supplicant, even the authentication key has not expired.

Abstract: A communication apparatus which starts communication using a power-saving function changes, with its communication counterpart, a key for a confidential mode and performs power-saving communication. When terminating the power-saving function, the communication apparatus returns, with its communication counterpart, the key for the confidential mode to the original one. Then, after returning the key for the confidential mode to the original one, the communication apparatus performs an IP address reassignment process.

Abstract: A BD-ROM stores a disc root certificate 301 that is issued by a root certificate authority and assigned to the disc medium. An application manger 2 acquires a hash value from the disc root certificate 301 and verifies the authenticity of an application by using the hash value. If the authenticity is verified, the virtual machine 3 executes the application. A local storage 5 has a plurality of domain areas. Form among the plurality of domain areas, a security manger 4 allocates to the application a domain area that corresponds to the hash value.

Abstract: An integrated circuit (IC) security apparatus with complementary security traces and a method for producing such an apparatus is disclosed. The security apparatus comprises a pattern generator, and a plurality of security traces. The arrangement of security trace pairs are such that the second trace is arranged substantially parallel to the first trace. The pattern generator produces two signals, a second signal, which is applied to the second trace, is substantially complimentary to the first security trace. The timing and amplitude of the second (complimentary) signal is developed such that any net induced currents are substantially nulled. One or more of the signals is received from the signal generator and compared to the same signal after it is conducted through a security trace. The results are analyzed to determine if the security of the IC has been breached.

Abstract: A content transfer system for transferring content between a source device transmitting the content and a sink device receiving the content, includes a content specifying unit for specifying the content to be transferred between the source device and the sink device, an authentication unit for performing an authentication exchange key process between the source device and the sink device, a content transfer unit for performing a content transfer process by encrypting and transferring the content specified by the content specifying unit from the source device to the sink device using the key exchanged by the authentication unit, and a content transfer finalizing unit for performing a content transfer finalizing process by validating the content at the sink device and invalidating the original content at the source device in response to the end of the content transfer process performed by the content transfer unit, the content thus being moved from the source device to the sink device.

Abstract: A system for accessing a secure area. In response to reading a plurality of security device orientations, the plurality of security device orientations are recorded. The plurality of recorded security device orientations are compared with stored security device orientation data. In response to determining that a match occurs between the plurality of recorded security device orientations and the stored security device orientation data, access is granted to the secure area.

Abstract: A method of protecting a media key including obtaining the media key, obtaining an auxiliary key, calculating a split key using the media key and the auxiliary key, encrypting the split key using a wrap key to generate an encrypted split key, assembling the encrypted split key and a communication key to obtain a data bundle, and sending the data bundle to a token, where the media key is extracted from the data bundle on the token to protect data on a storage device.