Abstract: Techniques for protecting the security of digital representations and of analog forms made from them, including a technique for authenticating an analog form produced from the digital representation, an active watermark that contains program code that may be executed when the watermark is read, and a watermark agent that reads watermarks and sends messages with information concerning the digital representations that contain the watermarks. A watermark agent may be a permanent resident of a node in a network or of a device or it may move from one network node to another. The watermark agent executes code which examines digital representations residing in the node or device for watermarked digital representations that are of interest to the watermark agent. The watermark agent then sends messages which report the results of its examination of the digital representations. If the watermarks are active, the agent and the active watermark may cooperate.

Abstract: A device and method for accelerating functioning of a software application having multi-layer, high overhead protocols, wherein the device has a first processor operating a software application having a multi-layer protocol; a second processor configured to operate at least one layer of the multi-layer protocol; and a memory accessible to each of the processor and the second processor.

Abstract: A computer system configured to authenticate a user and to power-up in response to a single action by the user is described. In particular, the computer system includes a user verification device which interacts with the user. In an embodiment, the user verification device includes a biometric sensor which captures biometric data from the user. The biometric data can be of any type. The user verification device is configured to capture biometric data in response to an action by the user desiring access to the computer system. The user verification device can have a button-shape for receiving the finger, thumb, or any other part of the user.

Abstract: A data transmission method and apparatus for transmitting data, such as encrypted content data. A device that is to be a destination of transmission is authenticated. If the device has not been authenticated, encrypted data read out from a storage unit is decrypted to give decoded data which then is re-encrypted based on innate key data acquired from the device that is to be the destination of transmission to give re-encrypted data. The re-encrypted data is then transmitted to the device that is to be a destination of transmission.

Abstract: The present invention provides a computer implemented method, data processing system, and computer program product to protect a first user from authorization limitation by a second user. The computer may receive an authorization command from the second user, wherein the authorization command targets the first user, and the second user is at least partially authorized to operate the authorization command. The computer determines that the first user is an ancestor user of the second user. In addition, the computer, responsive to a determination that the first user is an ancestor user of the second user, prevents operation of code of the authorization command to change an authorization of the first user.

Abstract: A digital logic circuit comprises a programmable logic device and a programmable security circuit. The programmable security circuit stores a set of authorized configuration security keys. The programmable security circuit compares the authorized configuration security keys with an incoming configuration request, and selectively enables a new configuration for the programmable logic device in response to the configuration request. In another exemplary embodiment, a programmable security circuit also stores a set of authorized operation security keys. The programmable security circuit compares the authorized operation security keys with an incoming operation request from the programmable logic device, and selectively enables an operation within the programmable logic device in response to the operation request.

Abstract: A software protection apparatus and its protection method are disclosed. The software protection apparatus includes a storage unit and a processing unit. The storage unit has a program area and a data area. The program area is used to save an executable. The processing unit generates a reference pointer based on internal information of the executable, and the reference pointer then is saved to the program area or the data area. The processing unit then generates an algorithm based on at least one characteristic of the executable to save the algorithm to a specific position of the program area or the data area through the reference pointer, and employs the algorithm to perform an encoding action for the executable to generate a wrap program that is saved to the program area. When the wrap program is decoded, the reference pointer is obtained through a restore program to take the algorithm out. The wrap program then is restored to become the executable by using the algorithm.

Abstract: A storage area network (SAN) license validator manages data collection policies (DCPs) in deployed SAN agents by identifying data collection policies corresponding to unlicensed features, and disabling the DCPs for the unlicensed features. Thus, the agents need not expend computational and memory resources to gather data for unlicensed features that will not be queried. Agents receive a set of data collection policies (DCPs) for licensed features for which the corresponding data will be gathered and reported to the MODB. DCPs for unlicensed features are disabled in the agents that would have executed them, either by removing or canceling from an active DCP list or by omitting the unlicensed DCPs from the startup sequence of the agent. In this manner, agents operate with only the DCPs for licensed products and corresponding features, and need not gather extraneous data.

Abstract: A scanning optimization manager scans files for malicious code. The scanning optimization manager creates listings of the portions of scanned files accessed during the scanning. The scanning optimization manager proceeds to utilize these listings of accessed portions of files as I/O hints to optimize subsequent scans of the files for malicious code.

Abstract: Methods and software products are disclosed for protecting against software piracy. When a customer purchases software, the seller performs an activation process by identifying a unique computer identifier (ID) for the computer system of the customer, and activating the software based on the computer ID, such as by encoding the computer ID on the media storing the software. When the customer attempts to install the software on a computer system, the computer system executes an installation process. The computer system identifies its own computer ID and the computer ID used to activate the software. The computer system determines if its computer ID corresponds with the computer ID used to activate the software. If the computer IDs correspond, then the computer system is allowed to install the software. If not, the computer system is prevented from installing the software.

Abstract: A method of verifying a digital signature of a first party that was generated using an elliptic curve digital signature algorithm (ECDSA) includes the steps of receiving a public key from the first party; receiving a digital signature from the first party, the digital signature being for an electronic message; identifying domain parameters of an elliptic curve used in elliptic curve cryptography, including identifying a generating point of the elliptic curve; transforming the identified generating point into a second generating point as a deterministic function of shared knowledge known to and between the first party and a second party; and verifying the received digital signature as a deterministic function of the received public key, the electronic message, and the identified domain parameters, in which the second generating point is substituted for the identified generating point.

Abstract: In one embodiment, cryptographic transformation of a message is performed by first performing a table initiation phase. Then an exponentiation phase is performed, wherein the exponentiation phase includes two or more parsing steps, wherein each of the parsing steps includes parsing a part of a cryptographic key into a window of size n, wherein n is a difficult to predict number.

Abstract: A digital logic circuit comprises a programmable logic device and a programmable security circuit. The programmable security circuit stores a set of authorized configuration security keys. The programmable security circuit compares the authorized configuration security keys with an incoming configuration request, and selectively enables a new configuration for the programmable logic device in response to the configuration request. In another exemplary embodiment, a programmable security circuit also stores a set of authorized operation security keys. The programmable security circuit compares the authorized operation security keys with an incoming operation request from the programmable logic device, and selectively enables an operation within the programmable logic device in response to the operation request.

Abstract: Systems, methods and media for verifying the existence of a licensed software installation at the time of an update to the software are disclosed. In one embodiment, a package of files for the update is encrypted with a copy of a key file that is contained in the original installation. The encrypted package of files is stored at a remote location that is accessible by way of a website. When a user seeks to download an update, the user must provide a copy of the key file used to encrypt the data. The user-provided key file is then used to decrypt the encrypted package.

Abstract: The present invention relates to a variable length private key generator. According to one embodiment, the variable length private key generator includes a permuter. The permuter is configured to generate a key stream of a desired length by permuting a plurality of shift registers. The permuter includes the plurality of shift registers, a plurality of clocking modules, and/or an output module. Each clocking module corresponds to a different one of the plurality of shift registers and is configured to generate a clocking signal based on selected bits of the corresponding shift register. The output module is configured to output the key stream based on at least one clocking signal and output of at least one of the plurality of shift registers.

Abstract: The invention relates to a method and a communication system for releasing a data processing unit used for processing project data of a selected project. In order to obtain project-related release of a data processing unit (90), a client requests a user right for the data processing unit (90) used for processing the project data that is part of a predetermined project. A first signature (I) is verified as to the correctness thereof. The data processing unit (90) is released to process the project data that is part of the selected project only if the verification process has established that the first signature (I) is correct.

Abstract: A token device that generates and displays one-time passwords and couples to a computer for inputting or receiving data for generating and outputting one-time passwords and performing other functions is provided. The token includes an interface for coupling to a computer. The token may also be coupled to any network that the computer may be connected to, when coupled to the computer. Data and information may be transmitted between the computer and token, and between the network and token, via the computer and interface. The data and information may include one-time password seeding, file transfer, authentication, configuration and programming of the token. The token must be seeded to generate and display one-time passwords. An original, or seed, value is loaded into the token. One-time passwords are subsequently generated or calculated, or both, from the seed value. Seeding of the token involving a counter, time, or time-related functions, may allow synchronization of the token with such functions.

Abstract: A method for generating a plurality of control words, each control word controlling access to an object. The method includes providing a control word packet (CWP), generating a first control word (CW) from the CWP, providing a second CW generation input and producing a second CW based, at least in part, on both of the following the first CW and the second CW generation input. Control word generating apparatus for generating a plurality of control words is also disclosed.

Abstract: An UNENROLLED adapter responds to an enrollment activation signal by generating an enrollment supplicant signal. The enrollment supplicant signal is received by an ENROLLED adapter, an enrollment provider, which responds by formulating and transmitting an enrollment provider signal, including security management service information, to the UNENROLLED adapter. The UNENROLLED adapter changes a network adapter configuration responsive to the security management service information provided by the ENROLLED adapter, by which the network adapter is configured securely, and secure communications are effectuated. Enrolled adapter can solicit enrollment of an UNENROLLED adapter. The activation signal can be a physical or virtual activation sequence.

Abstract: Methods and arrangements to provide computer security are contemplated. Embodiments include transformations, code, state machines or other logic to provide computer security by receiving over a secure network connection a message to signal physical presence to a trusted platform module (TPM) and by signaling physical presence to the TPM in response to receiving the message. Some embodiments may involve sending the message over a secure network connection. In some embodiments, the receiving may be performed by a platform system management module. In many further embodiments, the signaling may include sending a signal over a secure general purpose input/output (GPIO) line or other hardware signaling mechanism. Other further embodiments may include sending a message pursuant to the intelligent platform management interface (IPMI) or other remote management protocol. In other embodiments, the receiving may be performed by a network stack of a basic input/output system. Other embodiments are described and claimed.