Abstract: A system and method for providing access to data stored in encrypted form in a physically non-secure database without compromising security of the data in the physically non-secure database is disclosed. A representation of at least some of the data from the database in unencrypted form is stored in volatile memory associated with the server. The wildcard search is performed on the representation. Search results are displayed to the user to allow the user to select database contents to be retrieved. The user's selection is retrieved from the database and decrypted. Finally, the unencrypted selection results are provided to the user.

Abstract: A key identifier for an encryption key repository is stored with customer data on a logical device. When the customer data is compressible, the key identifier is stored in space freed by compressing the customer data. When the customer data is not compressible, a portion of the customer data is copied to a key record in the key repository identified by the key identifier, and the key identifier overwrites the copied customer data.

Abstract: A processor connected to a memory device includes a random number generator that generates random numbers identical to random numbers generated in the memory device; an XOR logic unit that performs a XOR operation of the random numbers and an address in the memory device to be accessed; and an after-operation-address sending unit that sends an after-operation-address indicating a result of the XOR operation.

Abstract: A virtual authentication proxy server includes an authentication request acceptance unit, a terminal authentication program transmission unit and an authentication result transmission unit. When an application server which cannot use an authentication server accepts a user ID and a password together with a use request from a terminal, the authentication request acceptance unit accepts the authentication request. The terminal authentication program transmission unit transmits a terminal authentication program to a terminal device. The authentication result transmission unit causes the terminal device to execute the terminal authentication program so as to cause the authentication server to execute authentication. The authentication result transmission unit receives the received authentication result from the terminal device and transmits the authentication result to the application server.

Abstract: A method for providing an indication of authenticity of an electronic image of a document comprises generating a signal corresponding to a profile of at least one of a number of surfaces of the document, converting the signal into a profile signature, and correlating the profile signature with the electronic image of the document. A method for authenticating an electronic image of a document comprises receiving the electronic image of the document and a profile tracing signature of a surface of the document that is associated with the electronic image, and comparing the profile tracing signature with an exemplar profile tracing signature associated with the document. A document processing system comprises a pickup, a signal processing circuit, and a scanning module and is used for producing a profile tracing signature and electronic image of a document and for correlating the profile tracing signature with the electronic image.

Abstract: A certification system connected to a radio communication system which includes a device configured to perform a first certification based on first information received via the radio communication system from a radio terminal. A first access server is connected to a first network and to the radio network and the first access server is configured to acquire the first information and to perform a second certification based on second information received via the radio network from the radio terminal. The first access server also selectively provides information requested by the radio terminal to the radio terminal based on the second information.

Abstract: Disclosed is a DDoS attack detection and response apparatus. The DDoS attack detection and response apparatus comprises: a receiver unit receiving HTTP requests from a client terminal which is characterized as an IP address; a data measuring unit computing the number of HTTP requests by IP and the number of URIs per HTTP over a certain time period; a DDoS discrimination unit comparing the number of HTTPs per URI with a threshold value and defining an access of the client terminal having the IP address as a DDoS attack when the number of HTTPs per URI is larger than the threshold value; and a blocking unit blocking packets from the IP address when the DDoS discrimination unit detects a DDoS attack.

Abstract: A security processor integrated within a system may be securely shut down. The security processor may receive shut down requests, and may determine components and/or subsystems that need be shut down during shut down periods. The security processor may determine when each of the relevant components is ready for shut down. Once the relevant components are shut down, the security processor may itself be shut down, wherein the shut down of the security processor may be performed by stopping the clocking of the security processor. A security error monitor may monitor the system during shut down periods, and the security processor may be powered back on when security breaches and/or threats may be detected via the security error monitor. The security error monitor may be enabled to power on the security processor by reactivating the security processor clock, and the security processor may then power on the system.

Abstract: A system for preventing on-line violations of open meeting regulations and similar laws, in which one or more special classes of users are defined for an electronic communication system. Special class definitions include the number of group members that make a quorum for each special class. If a user is a special class member, a determination is made as to whether posting or sending a message being composed would violate any legal restrictions associated with that special class such as a serial quorum based on a total number of special class members that would be participants in the communication to which the message would be added, if the message were in fact conveyed. If the number of special class members that would be participants in the communication if the message were conveyed reaches the special class quorum, the message is rejected, and prevented from entry into the communication system.

Abstract: The invention relates to an electronic circuit comprising: a first random-access data storage element, a processing module designed to delete the first storage element, and an access terminal which is connected to the processing module and receives a first power signal supplied by a first power source external to the electronic circuit. The circuit also includes a second random-access storage element in which a key is stored, said key being used to encrypt the data and a second power source which is built into the electronic circuit and supplies a second power signal to the processing module. The processing module is designed to detect an unauthorized access attempt by comparing the first and second power signals and to delete the key when the processing module is powered by the second power source.

Abstract: A method, system, and computer program product for corporate portal security are provided, wherein security information corresponding to an external object imported into the corporate portal is automatically mapped from the object's native security system into the corporate portal system. For each external object imported, the corporate portal maps external users and external groups identified by the native security into corresponding portal users and portal groups according to a predefined mapping process, and stores the results in a manner that associates the external object with those portal users and portal groups. A plurality of database tables and maps determines the outcome of the predefined mapping process. Advantageously, when new external users or groups are added, they are detected by a synchronization agent which then automatically updates the database tables and maps.

Abstract: A data managing device with a single chip that includes: first hardware that authenticates security of communication performed by a data processing apparatus that houses the data managing device; second hardware that performs different processing from processing performed by the first hardware; and third hardware that receives an update program for a program executed by any one of the first hardware and the second hardware, from a data providing apparatus with which security of communication is authenticated by the first hardware, and updates the program by the update program.

Abstract: The gravity centered coding shall be improved with respect to false contour effect disturbances on plasma display panels for example. Therefore, there is provided a GCC code (gravity center coding) and a motion amplitude of a picture or a part of a picture. Furthermore, there is provided at least one sub-set code of the GCC code. The video data are coded with the GCC code or the at least one sub-set code depending on the motion amplitude. Thus, it is possible to reduce the number of coding levels if the motion increases. A further improvement can be obtained by using texture information for selecting the GCC code.

Abstract: A device and method for a secure execution of a program. The program includes a sequence of program commands including use and checking commands. A checking value is generated according to a setup regulation when executing a checking command. A control value is generated according to the setup regulation and the checking value is compared to the control value. An insecure execution of the program is indicated when the checking value and the control value do not match.

Abstract: Embodiments of the invention provide for efficiently implementing security features over HTTP communications. In some embodiments, a security feature, such as a digital signature, can be efficiently implemented over HTTP communications. The HTTP communications are conducted in parts. The first part contains the payload data of the message. The second part, if appropriate, contains information for the digital signature, such as the digital signature itself or the result of a signature verification.

Abstract: For digital rights management (DRM), a method for performing authentication between a device and a portable storage, which is performed by the device, includes transmitting a first key to the portable storage, receiving a third key and a first encrypted random number obtained by encrypting a first random number using the first key from the portable storage and decrypting the first encrypted random number using a second key related with the first key, generating a second encrypted random number by encrypting a second random number using the third key and transmitting the second encrypted random number to the portable storage, and generating a session key using the first random number and the second random number. The technique guarantees secure authentication between the device and the portable storage for DRM.

Abstract: A cryptographic device that will actively clear its memory even in the absence of external power when a security breach is detected is provided. The memory cell clusters of the cryptographic device are provided with an internal power source that provides sufficient energy for the memory cell clusters to perform a clearing operation. If the external power source for the memory is removed and a physical security breach is detected, the power from the internal power source will allow the memory cells to actively clear their contents, thereby rendering any attempt to obtain the contents of the memory cells fruitless.

Abstract: An efficient and safe group signature scheme is provided. According to the present invention, an open unit is provided to not an issuer but an opener, and a data required for operating the open unit does not include a key pair of the issuer, so that it is possible to accurately operate the open unit even if the issuer generates the public key in an illegal manner. In addition, it is possible to prove that a key pair of a member cannot be counterfeited. It is possible to implement from a discrete logarithm assumption a feature that a cipher text, that is, a portion of a signature text can be decrypted only by the opener in a method which is the same as a method representing that an ElGamal crypto scheme is safe. In addition, it is possible to implement from a random oracle assumption a feature that a knowledge signature has an extractability in a method which is the same as a method proving that a Schnorr signature is safe.

Abstract: A digital signature system includes a database holding access control rules that identify documents authorized users are allowed to have electronically signed and a signing system capable of receiving signature requests from a plurality of authorized users, each signature request including a document to be signed, wherein the signing system parses the document to be signed and compares information obtained thereby to the access control rules stored in the database to determine whether the authorized user is authorized to have the document signed, and wherein if it is determined that the authorized user is authorized to have the document signed, the signing system signs the document using authentication information unique to the signing system.

Abstract: When a cryptographic communicating part 208 of the communication support server 20 exchanges information with the information processing units 14, if the term of validity of a first key stored in a cryptographic key storing part 200 and corresponding to the identification information of the information processing unit 14 does not expire, the cryptographic communicating part 208 performs the cryptographic communication with the information processing unit 14 using the first key, without performing a process of authenticating the information processing units 14. When the term of validity of the first key expires or the first key corresponding to the identification information of the information processing units 14 is not stored, the key sharing part 202 shares the first key with the information processing units 14, and the cryptographic communicating part 208 performs the cryptographic communication with the information processing units 14 using a newly shared first key.