Abstract: A method of verifying a validity of a Secure Micro (SM) is provided. The method of verifying a validity of an SM, the method including: storing and maintaining a validity verification message used to verify the validity of the SM, the validity verification message being generated by a Trusted Authority (TA) based on unique information of the SM, and the SM and the TA sharing the unique information of the SM; and verifying the validity of the SM using the validity verification message and the unique information shared by the SM, when an SM client is executed.

Abstract: A method for unique authentication of a user including federating an identity of said user for said service provider and an identity of the user for an identity provider, the federating including the steps of generating a user alias for that service provider and sending said identity provider a masked alias deduced from said alias, the identity provider associating said masked alias for that service provider with the identity of the user for the identity provider and sending the user elements for calculation by the user of a signature of a message containing the non-masked alias calculating said signature and sending the service provider said message with said signature, and the service provider verifying said signature, authenticating the user, and associating said alias with the user's identity.

Abstract: A system includes a processor. The processor is configured to receive network traffic that includes a data block. The processor will generate a unique identifier (UID) for the file that includes a hash value corresponding to the file. The processor will determine whether the file is indicated as good or bad with the previously-stored UID. The processor will call a file-type specific detection nugget corresponding to the file's file-type to perform a full file inspection to detect whether the file is good or bad and store a result of the inspection together with the UID of the file, when the file is determined to be not listed in the previously-stored UIDs. The processor will not call the file-type specific detection nugget when the file's indicator is “good” or “bad” in the previously-stored UIDs. The processor will issue an alert about the bad file when the file's indicator is “bad”.

Abstract: Methods, program product, and systems for providing tamper-resistant executable software code are provided to enable software code transport, storage, and execution security by formatting all instructions to use operand indirect addressing, resulting in an indirect table for each operand position, or field, in the instruction set. That is, rather than each instruction including an operand, each instruction includes an index to the location of the value of the operand in an indirect table. The methods, program product, and systems can also implement a non-typical instruction fetch associated with a program counter and a sequentially stored vector table, or jump table, to retrieve the next sequential instruction (“NSI”). Following rearranging or scrambling or encoding of the executable code, the code can be loaded and executed directly in scrambled form using the jump table, but cannot be meaningfully disassembled, nor executed properly, without the jump table to resolve the NSI.

Abstract: A method and apparatus are provided for protecting confidential information. The method includes the steps of providing a plurality of files where each file contains at least one item of secret information, password protecting the plurality of files with a master password, detecting entry of passwords into a master password entry field, comparing entered passwords with the master password to identify incorrect master passwords and deleting the plurality of files upon successive entry of incorrect master passwords a predetermined number of times.

Abstract: A method and a device for operating a technical installation using data from a third party are provided, the data being protected against unauthorized use. A first and a second rights object are used for protecting the data, the first rights object specifying an authorized use of the data with a variable not defined in respect of its value and the second rights object defining a value for the variable.

Abstract: A mobile terminal and a method of controlling operation of the mobile terminal may be provided that include outputting a sensing signal corresponding to a detected attempt to make a call, connecting the call when user input indicates that it is allowed to connect the call, and if the user input indicates that it is not allowed to connect the call, shutting down the detected attempt. Accordingly, suspicious operation that may have been caused by a virus may be shut down to prevent damage to a mobile terminal caused by a virus.

Abstract: A method for protecting the integrity of data ciphered by a ciphering algorithm providing at least an intermediary state meant to be identical in ciphering and in deciphering, this intermediary state being sampled during the ciphering to generate a signature.

Abstract: Provided is a system far receiving a initialization packet containing an initial vector for initializing stream encryption algorithm and an identifier of a key for decrypting an encrypted stream, initializing a decryption module, and decrypting the encrypted stream, wherein the system stores an identifier of a key which is needed to decrypt a next program in a initialization packet of a current program and informs a user of whether a desired key has been acquired or not at timing close to start time of the next program.

Abstract: Some embodiments relate to processing a web page requested by a web browser. The requested web page is received, and additional code is inserted into the web page that alters and/or augments the functionality of the web page. The web page is then forwarded to the web browser that requested it. The browser executes the code inserted into the web page, thereby augmenting the functionality of the web page.

Abstract: A secure key distribution server (SKDS) determines identity of a requesting server without use of a shared secret by resolving the fully qualified domain name (FQDN) to a network address and comparing it with the network address of a key request. A credential string may also be used as part of the identification. Once identity is established, keys may be securely distributed. The SKDS may also be implemented in a peer-to-peer configuration.

Abstract: Provided are an apparatus for receiving a quantum cryptographic key and an apparatus for transmitting and receiving a quantum cryptographic key at high speed without polarization drift of an optical pulse signal and phase drift of an interferometer. The apparatus for receiving a quantum key includes: a polarization-insensitive optical phase modulator parts for receiving an optical pulse signal, and modulating and outputting a phase of the optical pulse signal without being affected by the polarization state of the optical pulse signal; an asymmetric Mach-Zehnder interferometer for causing interference in and outputting the optical pulse signal received from the polarization-insensitive optical phase modulator parts; and a photon detectors for detecting the optical pulse signal received from the asymmetric Mach-Zehnder interferometer.

Abstract: In service access networks having different key hierarchies that provide broadcast service to a mobile terminal, when switching from a first service access network, from which the mobile terminal receives the data of the broadcast service in an encrypted manner by a first data content encryption key, to a second service access network, from which the mobile terminal receives the data of the same broadcast service in an encrypted manner by a second data content encryption key, the mobile terminal receives a key of the hierarchy of the second service access network which is encrypted by a user-specific key of the first service access network.

Abstract: A method and apparatus for binding update between a mobile node and a correspondent node is disclosed. The method includes: encrypting, by the correspondent node, a parameter for generating a binding management key with a key, and transmitting the encrypted parameter to the mobile node or a home agent which performs binding update on behalf of the mobile node; obtaining, by the mobile node or the home agent, the parameter via decryption, generating a binding management key with the parameter, generating authentication data with the binding management key, and transmitting a binding update message carrying the authentication data to the correspondent node; and verifying, by the correspondent node, the binding update message based on the authentication data, and returning a binding acknowledgement message to the mobile node or the home agent. With the present invention, the security of the binding update process may be improved.

Abstract: A method and apparatus is provided for generating a masked value from a cryptographically transformed value by using the cryptographically transformed value as a random seed, without decrypting the cryptographically transformed value. A query is evaluated against a set of data to produce a result. The result may be cryptographically transformed or unencrypted. If the result is unencrypted, the result may be cryptographically transformed to produce a random seed. If the result is already cryptographically transformed, then the result is used as the random seed. The random seed is used to generate a masked value, without decrypting the cryptographically transformed random seed value. The masked value conforms to a particular data characteristic such as a data format or a data type, which may be determined from metadata stored in a database, received with a query, or gleaned from unencrypted data. The masked value is returned as a result of the query.

Abstract: An apparatus and a computer-implemented method for protecting confidential knowledge in a software system design which includes a plurality of artifacts. The method includes the steps of calculating a correlation between the confidential knowledge and the software system design, acquiring inter-dependencies between the artifacts in the software system design, and determining protection mechanisms for the respective artifacts according to the correlation and the inter-dependencies. The system includes a correlation calculating section for calculating a correlation between the confidential knowledge and the software system design; an inter-dependency acquiring section for acquiring inter-dependencies between the artifacts in the software system design; and a mechanism designing section for determining protection mechanisms for the respective artifacts according to said correlation and said inter-dependencies.

Abstract: A key creating device creates a first public key and a first secret key of the electronic signature method satisfying the noncounterfeitability and a second public key and the first secret key of the chameleon commitment method. The signature device generates a commitment, a first random number according to the Com algorithm, and a first signature by using the first secret key. The signature device further generates a second random number according to the Cam algorithm by using the message written by adding a first signature to an object message, and creates an electronic signature by combining the first signature and the second random number. A verifying device receives the signed message written by adding the first signature included in the electronic signature to the object message, creates a commitment according to the ComVer algorithm, and performs verification by using the commitment and the first signature.

Abstract: A handheld communications device comprises a display device, and a data processor that is in communication with the display device. The data processor is configured to generate an encryption key, and vary a visual output of the display device in accordance with a bit sequence of the encryption key. The varying visual output comprises a sequence of colors rendered on the display device and/or brightness levels output by the display device.

Abstract: The tweakable block cipher system and method also includes an offset calculation unit that calculates a sum of a value, which is generated by encrypting a constant plaintext using a block cipher, and the tweak and outputs a value which is generated by encrypting the result using a partial block cipher as an offset. Furthermore, an internal encryption unit calculates a sum of the offset and the plaintext, encrypts the sum using the block cipher, calculates a sum of the result and the offset, and outputs the sum as a ciphertext. In addition, the system and method includes an output unit that outputs the ciphertext.

Abstract: An encryption device, a decryption device, an encryption method, and a decryption method effectively perform encryption and decryption by using a packet type judgment result. An encryption/decryption device includes a packet reception unit that acquires a packet, a first encryption engine that is formed by hardware and encrypts or decrypts a packet; and a second encryption engine that encrypts or decrypts a packet by using software. The encryption/decyption device also includes a head data identification unit that judges the real time feature of the acquired packet according to the header information on the acquired packet, and an encryption/decryption process judgment unit that decides the acquired packet encryption destination or decryption destination in accordance with the real time feature from the first encryption engine and the second encryption engine.