Abstract: The information management system such as might be used for a source code management system. The information management system is distributed throughout an enterprise and is operated to allow secure communications with remote sites connected to a central site over an unsecured network. A secure channel is created through the unsecured network to transmit encryption and identifier information for one or more artifacts. This information is used to access an artifact from a remote site and decrypt it. Because artifacts, though encrypted, retain an identifiable form, they may be cached throughout the information management system. The ability to cache artifacts significantly reduces the bandwidth required for operating the information management system from remote sites.

Abstract: In accordance with the teachings the present invention, a system and method for transporting video data through a dual-link HD-SDI connection is provided. In a particular embodiment of the present invention, the method includes coupling a digital video projector and a playback server with a dual-link HD-SDI connection, the dual-link HD-SDI connection having four 10-bit subchannels; dividing 12-bit, 4:4:4, RGB video data into four 9-bit sections; mapping each 9-bit section of video data into nine least significant bits of a respective one of the four 10-bit subchannels; setting a most significant bit of each 10-bit subchannel to be a compliment of a next most significant bit of the 10-bit subchannel; and transporting the sections of video data from the playback server to the digital video projector through the dual-link HD-SDI connection.

Abstract: Data application method enabling evaluations to be properly received while content is being protected, enabling content users to use only what they want to use in the amount they want to use it, and enabling advertising providers in certainty to have users use ads. The method includes: a step of converting first data for permitting use based on predetermined conditions, into encrypted first data by means of a predetermined encryption key; a step of generating watermarked second data in which the encryption key is embedded, as an invisible electronic watermark, into second data for permitting use unconditionally; and a step of compositing and distributing the encrypted first data and the watermarked second data.

Abstract: Embodiments of the present invention provide apparatuses, methods, and systems for authenticated distributed detection and inference. In various embodiments, an apparatus comprises an interface configured to communicatively couple a node hosting the apparatus to a network, and a distributed detection and inference (DDI) agent coupled to the interface and configured to receive, via the interface, DDI collaboration parameters from an authentication node is disclosed. Other embodiments may be described and claimed.

Abstract: A method comprises receiving a request for secure network traffic from a device having a private network address at a source node, obtaining the private network address of a requested destination device at a destination node from a route server based on signaling information associated with the request, obtaining the public network address of the destination node associated with the private network address, creating in response to the request a virtual circuit between the source node and the destination node based on the public network address of the destination node, and encrypting network traffic for transporting at least from the source node to the destination node through the virtual circuit. The process is dynamic in that the virtual circuit is created in response to the request. Hence, the process operates as if a fully meshed network exists but requires less provisioning and maintenance than a fully meshed network architecture.

Abstract: A system for detecting an observing program on a computer system is disclosed as including accessing instructions that access observer data that includes data descriptive of the observer program. The system also includes reading instructions that read memory of the computer system to obtain memory data. Further, the system includes comparing instructions that compare the observer data with memory data read in from memory to determine whether the observer program is present on the computer system. The system may also include generating instructions that generate results from the reading and comparing. The results generated indicate whether the observer program is present on the computer system. In addition, the system includes outputting instructions that obtain the results and provide the results for a user.

Abstract: A method for protecting a data entry device from eavesdropping includes masking a signature of entry resulting from entry of data by a user of the data entry device so as to reduce the detectability of the signature by eavesdropping. The signature may include a temperature differential in the data entry device from data entry by the user and the masking may include controlling the external temperature of the data entry device to reduce temperature differentials left in the data entry device by the user. Alternatively, the signature may include sound waves emitted from the data entry device and the masking may include masking sound waves emitted from the data entry device to reduce the detectability of the sound waves. A system may also be employed for protecting data entry to a data entry device from eavesdropping.

Abstract: File management methods are disclosed, in which a host acquires at least one input signal from an input device via a keyboard-video-mouse (KVM) switch having a security key and determines whether the input signal comprises a first request for encrypting or decrypting at least one specific file. When the input signal comprises the first request by the host, the host acquires the security key from the KVM switch and encrypts or decrypts the specific file via the security key.

Abstract: A security management system provides rules for monitoring network activity of applications to groups of host, computers, specifically activity indicating that communications mechanisms have been established (i.e. open TCP ports) but are receiving little or no use (i.e., few connection acceptances). Agents on the hosts utilize monitoring software inserted between the applications and the network protocol stacks. The agents store network activity data gathered during the monitoring in local storage, and periodically upload the data to a centralized server in a compressed and optionally encrypted fashion. The server uses the uploaded data from all hosts to update a security management database reflecting the network activity of all the hosts. Reports may be generated to identify activity that may present security risks, such as open but inactive ports, to enable a network administrator to take remedial action such as de-activating or de-installing applications.

Abstract: Systems and methods for enabling trusted software to monitor and control USB traffic associated with a security extension of a host controller and devices in a USB topology is disclosed. A host controller proxy receives USB-related data from a host controller driver, determines whether the data is of a security interest, and if so, sends the data to a driver for a security extension executing in the trusted execution environment. Likewise, after software executing in the trusted execution environment evaluates and appropriately addresses data sent by the HCD proxy or data retrieved from a hardware security extension, the HCD proxy receives data from the trusted execution environment for further dissemination.

Abstract: Systems and methods are disclosed for enabling a recipient of a cryptographically-signed electronic communication to verify the authenticity of the communication on-the-fly using a signed chain of check values, the chain being constructed from the original content of the communication, and each check value in the chain being at least partially dependent on the signed root of the chain and a portion of the communication. Fault tolerance can be provided by including error-check values in the communication that enable a decoding device to maintain the chain's security in the face of communication errors. In one embodiment, systems and methods are provided for enabling secure quasi-random access to a content file by constructing a hierarchy of hash values from the file, the hierarchy deriving its security in a manner similar to that used by the above-described chain.

Abstract: A distributed Personal Digital Identification (PDI) system and architecture rapidly verifies individuals using biometric data or other tokens prior to approving a transaction and/or granting access to an on-line services and other network services. The architecture that includes a server that has access to template data required to authenticate individuals, and the processing capacity to route authenticated requests to the appropriate downstream entity (Internet Service Provider, Credit Card Company, etc.). The server is connected to requesting users by various network methods to form a client/server architecture. The server and clients each contain discrete subsystems, which provide various levels of authentication services to users of the system.

Abstract: A method of recording scrambled digital data comprising the steps consisting in: (a) receiving a scrambled digital data stream; (b) identifying in the data stream a control packet (ECM) containing at least one key (CW) for descrambling at least a part of the data of the stream; (c) storing the control packet in a table; and (d) recording the data stream and the said table on a data storage medium. A storage medium and a method of reading the recorded data are also proposed.

Abstract: A method of authentication of data to be sent in a digital transmission system, the data being organized in a series of at least three files, involving generating a first authentication value for at least one first file, storing said first authentication value in a second file, generating a second authentication value for said second file, storing said second authentication value in a third file, and transmitting said first, second, and third files to a receiver.

Abstract: An integrated authentication service is described which may receive a bundled request from one or more clients. One or more of the described techniques may be utilized to provide, in response to a single bundled request, a token for proof of identity and a certificate for establishing secure communications.

Abstract: Methods and systems perform authentication based at least in part of the context of the transaction. In one embodiment, the context can be determined and trigger different rules with regard to access to the information or ability to immediately execute the transaction. In another embodiment, a method can include registering a device as a trusted device. The device can include a biometric input module. Biometric data can be used to authenticate a user, and the user may be requested to resubmit biometric data during the same session. In a further embodiment, a hacker may obtain unauthorized access to a victim's account information. The hacker may not be authenticated because he would not have access to a currently valid credential.

Abstract: A method is disclosed whereby separate but interrelated data is checkpointed and reconstructed within a router. In one embodiment, each connection is checkpointed with a unique connection identifier, and critical data is stored by a firewall application in a checkpoint server provided within a router. When an application module within the firewall crashes, the firewall and associated modules may recover and restore the data from the checkpoint server by re-assembling the data according the unique connection identifier, thus recovering the connections through the router without interruption.

Abstract: A method of electronically endorsing a check includes obtaining an electronic image of the check and composing an endorsement data element for the check that includes at least first information identifying a party endorsing the check. The method further includes creating a message data file including the electronic image and the endorsement data element, and creating a signed message data file that includes the message data file and a digital signature of the message data file creating using a private key. The private key may be specific to the party endorsing the check or to an electronic device with which the method is implemented. Also, a method of performing an inquiry relating to a check that was endorsed as described above using the endorsement data element.

Abstract: Systems and methods are disclosed for authenticating electronic messages. A data structure is generated by a computer server which allows for the authentication of the contents and computer server identity of a received electronic message and provides a trusted stamp to authenticate when the message was sent. Data which can authenticate the message, the computer server identity, and the time the message was sent is included into a data structure which is called an Electronic PostMark (EPM).

Abstract: Disclosed is an apparatus for encrypting/decrypting a real-time input stream. The present invention includes a control unit, a key schedule unit, and a block round unit. Accordingly, the present invention realizes the encryption and decryption of AES algorithm in a manner of hardware, thereby enabling to carry out the encryption and decryption of the real-time input stream real-timely. And, the present invention finds the key for encryption or decryption of one block every round when realizing the encryption and decryption of the AES algorithm in a hardware manner, and then outputs the found keys to the block round unit. The present invention reduces the size of the key register required for the encryption/decryption of block data, thereby enabling to reduce a size of hardware as well as cost of product.