Abstract: A method for creating an embedding node. The method includes creating a first hash-based directed acyclic graph (“HDAG”) having a first node, which includes data, and creating a second HDAG having a second node that includes one or more data fields that store the first node.

Abstract: A file that has been encrypted using a symmetric key and that has a corresponding access control entry with the symmetric key encrypted using the public key of a public/private key pair can be accessed. An encrypted key cache is also accessed to determine whether an access control entry to symmetric key mapping exists in the cache for the access control entry corresponding to the file. If such a mapping exists in the cache, then the mapped-to symmetric key is obtained form the cache, otherwise the encrypted symmetric key is decrypted using the private key of the public/private key pair. The encrypted key cache itself can also be encrypted and stored as an encrypted file.

Abstract: An encryption/decryption method and devices for protecting data in a memory device from unauthorized access is provided. First, obtaining a specific code from a memory device and then encrypting the specific code and original data for obtaining encrypted data during a write cycle. Finally, writing the encrypted data to the memory device according to an access address. The access address can be also encrypted to generate the encrypted data. The encryption level increases by this way so that the valuable information is under protection.

Abstract: Content processing is disclosed. An indication that a sender desires to send encrypted content to a destination is received. An agreement is obtained from the sender to provide an access key to a node other than the destination and to encrypt content sent to the destination using an encryption key selected such that the access key is usable to decrypt the content.

Abstract: A system and method transfers information relating to quality or standards of an organization from a server to a wireless handheld computing device and from the wireless handheld computing device to the server in real-time or near real-time. Each member of an organization can have the same policies and procedures as soon as any of the policies and procedures are updated. The inventive system can allow an organization to also measure compliance and conformance with the distributed policies and procedures. With the handheld computing devices, each member of an organization can complete tests that are closely tied to the distributed policies and procedures. The results of these tests can be transmitted in real-time or near real-time from the handheld computing devices to a central computer server so that an organization can track current performance of all its members relative to the policies and procedures and relative to each other.

Abstract: A system and a method for providing a secured transmission through an authenticated encryption for each ONU in downlink transmission of an OLT in GPON are provided. The GPON system includes an OLT for generating a GTC downlink frame by receiving data from an external service provider and ONUs for receiving the GTC downlink frame from the OLT and processing the received GTC downlink frame. The OLT performs the authenticated encryption for the generated GTC downlink frame according to the ONU by including an authentication generator and the ONU determines whether the GTC downlink frame is allowed to be processed or not by checking the authentication of the received GTC downlink frame through an authentication checker.

Abstract: Software is licensed for use on a particular computing device, such as a gaming console or a multimedia console. An unlocking code is provided from a distribution service to the computing device (either directly or via a user), which in turn, unlocks the appropriate software or portion of software for use with the associated computing device. The software may reside on a computer-readable medium, such as a CD-ROM or DVD disk, that is being used in conjunction with the computing device. The unlocking code may be provided directly to the user in private (e.g., via email or a mobile phone) or in public (e.g., published on a website). Portions of the software that may be unlocked include a particular level of a game or other features (such as additional characters or weapons), or a working or more advanced version of an application that was otherwise provided as a demo or older version.

Abstract: An on-line diagnostic system and method enable equipment information stored in each piece of industrial equipment to be safely disclosed to maintenance personnel to the extent permitted by the user of the industrial equipment. The on-line diagnostics systems comprises industrial equipment and a maintenance apparatus for the maintenance of the industrial equipment, which are connected via the Internet. Equipment information indicating the state of the industrial equipment is encrypted using a specific common key, and the encrypted equipment information is transmitted to the maintenance apparatus in response to a request therefrom. The fact that the common key has been transmitted from the industrial equipment to the maintenance apparatus is outputted. After receiving the encrypted equipment information and the common key that have been transmitted, the encrypted equipment formation is decrypted using the common key, and the decrypted equipment information is outputted.

Abstract: Two data units are selected from main information, such as MIDI data, into which additional information is to be incorporated, to calculate a difference between respective values of the two data units. A particular data segment to be incorporated into one of the MIDI data units is selected from a group of data of additional information. The size of the data segment to be incorporated into one of the data units may be either one bit or two or more bits. Substitute data to replace the content of one MIDI data unit is generated on the basis of a predetermined function using, as variables, the data-related value and a value of the particular data segment, and the content of the data unit corresponding to a predetermined one of the two MIDI data units is replaced by the generated substitute data. Thus, through such an electronic watermarking technique, any desired additional information can be incorporated into the MIDI data without changing the MIDI data format.

Abstract: A method for managing an original executable code downloaded into a reprogrammable computer on-board system such as a microprocessor card. The code includes a cryptographic signature and is executable by the microprocessor once the validity of the signature has been checked. Off the card, a modified executable code corresponding to the original code and adapted to a pre-defined specific use is identified. A software component is calculated, which when applied to the original code, enables the modified code to be reconstructed. The software component is signed, and the signed original code and the signed software component are downloaded into the card. On the card, the signature of the original code and the software component are checked, and the software component is applied to the original code in order to reconstruct the modified code for the execution of the same by the microprocessor.

Abstract: In one embodiment, local software code present in a computer system enables real-time detection of whether the computer system is properly protected against malicious attacks from harmful software. For example, software code such as one or more agents executing in the computer system support real-time protection validation based upon detection of the behavior of the computer system (as opposed to mere detection of the presence of resources or applications in the computer system). In response to detecting that the computer system or an application accesses or provides a particular type of resource and should be protected via one or more appropriate protection policies, if the computer system is not already protected, an agent of the computer system can provide immediate remediation (e.g., a security measure) to temporarily protect the computer system until the appropriate protection policy can be activated to protect the computer system against malicious software threats.

Abstract: One embodiment of the present invention provides a system that decrypts an encrypted column in a row. During operation, the system receives the encrypted column in the row. The system then determines a security domain associated with the encrypted column in the row, wherein the security domain represents a set of columns in rows encrypted using the same key. Next, the system determines a key associated with the security domain. The system then decrypts the encrypted column in the row using the key. Note that using a security domain to represent a set of columns in rows enables the database to grant access to data within the database at arbitrary levels of granularity.

Abstract: This invention relates to a method and apparatus for an encryption system. The encryption system includes a server end and user's ends, in which the whole writable action about information outflow is recorded by the server end. The method of the present invention is used for encrypting the writable file by the user's ends to avoid unauthorized information outflow through out-connecting storing equipment. Therefore, all the files are just used within the Intranet of the company and the security system. Thus, the purpose of protecting information is achieved.

Abstract: Techniques are disclosed for centralized control of one or more attributes associated with a communication session in a network containing firewalls. By way of example, a technique for controlling an attribute associated with a communication session in a data communication network includes the following steps. The attribute associated with the communication session is monitored at a first computing device, wherein the first computing device includes a functionally centralized controller. The first computing device determines which computing devices in the data communication network are to be made aware of the monitored attribute. At least one of the computing devices to be made aware of the monitored attribute includes a firewall. The first computing device sends a message to each computing device identified in the determining step.

Abstract: A cryptographic method and apparatus is provided in which a first party receives and modifies a public key for which there exists a corresponding private key held by a second party. The public key is modified by exponentiating at least one element of the received public key using as exponent a hash of a string that comprises information concerning at least one action to be taken by the second party. The string is made available to the second party to enable the latter to modify its private key to compliment the modified public key. In a preferred embodiment, the method and apparatus are applied to the use of the ElGamal encryption/decryption scheme, with the second party acting as a trusted authority that only releases the decrypted message to a third party if the latter satisfies an identity condition specified in the string.

Abstract: Aspects of the invention provide a method and system for securely managing the storage and retrieval of data. Securely managing the storage and retrieval of data may include receiving a first disaster recovery code and acquiring a first password corresponding to the first disaster recovery code. A first disaster recovery key may be generated based on the first disaster recovery code and the first password. Another aspect of the invention may also include generating the received first disaster recovery code based on said first password and the first disaster recovery key. The generated disaster recovery code may be securely stored on at least a portion of a storage device or a removable media. Data stored on the storage device may be encrypted using the first generated disaster recovery key. Additionally, data read from the storage device may be decrypted using the generated first disaster recovery key.

Abstract: The present invention provides a mobile equipment for non stationary use. The mobile equipment includes a real time clock (RTC) integrated in the mobile equipment for generating a real time information, a system time generator integrated in the mobile equipment for generating a system time information by adding an offset to the real time information given by the RTC, a non-volatile memory for the permanent storage of data and an input means for inputting instructions for changing the system time information. The possible changes of the system time information generated by the system time generator may be limited to a preset time range and the possible reset value of the RTC may be limited according to the data stored in the non-volatile memory.

Abstract: The present invention is a platform of software which is a single, customizable, complete distributed computing security solution designed to be integrated into an enterprise computing environment. Digital Network Authentication (DNA) is the centerpiece of the system of the present invention. It is a unique means to authenticate the identity of a communicating party and authorize its activity. The whole mechanism can be thought of as a trusted third party providing assurances to both clients and servers that each communicating entity is a discrete, authenticated entity with clearly defined privileges and supporting data. Furthermore, the level of trust to be placed in the authorization of every entity communicating within the system is communicated to every entity within a distributed computing environment.

Abstract: A client-server relational database system, wherein data from the client computer is encrypted by the client computer and hosted by the server computer, the encrypted data is operated upon by the server computer, using one or more operators selected from a group of operators comprising: (a) inequality logic operators, (b) aggregation operators, and (c) wildcard matching operators, to produce an intermediate results set, the intermediate results set is sent from the server computer to the client computer, and the intermediate results set is decrypted and filtered by the client computer to produce actual results. The group of operators is limited because the encrypted results set, when decrypted, includes inaccuracies therein. The client computer applies a set of correction procedures to the decrypted results set to remove the inaccuracies therein.

Abstract: A clock signal of a master clock of a sender is transmitted to a receiver through a classical channel and is returned from the receiver. The clock signal is transmitted with strong light from a sender-side quantum unit to a receiver-side quantum unit through a quantum channel. A sender-side synchronization section establishes phase synchronization between the clock signal returned from the receiver and the clock signal detected by the sender-side quantum unit, and generates a calibration clock signal. At the receiver as well, a receiver-side synchronization section establishes phase synchronization between the clock signal detected from the classical channel and the clock signal detected by the receiver-side quantum unit, and generates a calibration clock signal.