Abstract: There is provided a processor operable in a first domain and a second domain, the processor comprising: monitoring logic operable to monitor the processor and capture diagnostic data; a storage element operable to contain at least one control parameter; control logic operable to control the monitoring logic in dependence on the at least one control parameter and the domain in which the processor is operating, to suppress capturing of diagnostic data relating to predetermined activities of the processor in the first domain. In some embodiments the first domain is a secure domain and the second domain is a non-secure domain, the monitoring function being debug or trace.

Abstract: A method and apparatus for preventing the use of data involves creating a first association between a set of labels and a first set of codes, where the set of labels contains information to be displayed on a computer, while each code in the first set of codes is associated with a particular label. An encryption key is linked with the first association. The set of labels, the first set of codes, and the first encryption key are sent to the computer. Later, when codes from the first set of codes and the first encryption key are received back from the computer, the codes returned from the computer are then matched to labels from the set of labels using the first encryption key. Subsequent, different associations between the set of labels and other sets of codes are created, and additional encryption keys are also created to identify the subsequent associations.

Abstract: A data processing apparatus is operable to identify one of a plurality of code words present in a watermarked version of a material item. The marked version is formed by combining each of a plurality of parts of a code word with one of a plurality of units from which the material item is comprised. The apparatus comprises a recovery processor operable to recover at least one part of the code word from a corresponding unit of the marked material item, and a correlator. The correlator is operable to generate for the marked material unit, a dependent correlation value for the part of the code word recovered from the material unit and the corresponding part of at least one of the re-generated code words from the set. A detector is operable to determine whether at least one of the code words is present in the marked material item from the dependent correlation value for the part of the code word exceeding a predetermined threshold.

Abstract: Security rating method and a graphical tool for decision making especially for setting priorities which tool comprises at least one diagram (1) having a first scale (2) which reaches in a first direction along a first axis (3), at least a first (4) and a second (5) potential action fields the identified value of which (4a, 4b) is graphically represented on said first scale (2) in said diagram (1) whereby a second scale (6) is arranged along said first axis. Said second scale (6) reaches in an opposite direction to said first scale.

Abstract: A method embodiment for publishing a PIN for use in establishing a pairing with a printing device, including the printing device generating the PIN in response to a local PIN request. Once the PIN is generated, the printing device prints the PIN. Another method embodiment includes identifying a local request to print a test page as a local PIN request and then printing a test page that includes the PIN.

Abstract: A system is provided that uses cryptographic techniques to support secure messaging between senders and recipients. A sender may encrypt a message for a recipient using the recipient's public key. The sender may send the encrypted message to the message address of a given recipient. A server may be used to decrypt the encrypted message for the recipient, so that the recipient need not install a decryption engine on the recipient's equipment.

Abstract: A system and method for securely delivering installation keys from a key generator to an individualization device at a production facility is presented. Operators, using a production key server at the manufacturing facility, send a request to a key release server for a number of installation keys according to a production run. The key release server verifies the request, and if valid, returns the requested number of installation keys to the production key server in an encrypted format. The production key server then decrypts and delivers installation keys to the individualization device in a just-in-time fashion. The production key server includes various security devices including a hardware decryption device to decrypt the installation keys, a smart card reader for authenticating authorized operators, and a limiting switch to disable the production key server if it is tampered with.

Abstract: For embedding watermark information into an information signal including audio and/or video information, first of all a synchronization sequence with a plurality of synchronization sequence units and a data sequence with a plurality of data sequence units are provided, wherein between the data sequence and the synchronization sequence a time shift is present and wherein a degree of shifting depends on the watermark information. A combination means generates a combination sequence having a plurality of combination sequence units from the synchronization sequence and the data sequence shifted with regard to the synchronization sequence, wherein the combination sequence units are derived from synchronization sequence units and shifted data sequence units. The combination sequence is combined with the information signal in order to embed the watermark information into the information signal.

Abstract: A method and apparatus for encapsulating long messages over limited Fiber Channel ELSs. The method includes ascertaining if the authentication message has a length that exceeds the message length supported by the device with which communication is sought, and either: fragmenting the authentication message into message fragments if the length of the message exceeds the message length supported by that particular device and sequentially sending the message fragments one by one; or sending the authentication message in its entirety if the length of the authentication message is less than the message length supported by that particular device. When the message is fragmented, a fragmentation bit in the message fragment is set except for the last message fragment. The set fragmentation bit indicates that subsequent fragments are to be sent. The fragmentation bit of the last fragment is reset to indicate that it is the last fragment in the authentication message.

Abstract: Detection of code-free files is described. According to one implementation, an input file is parsed to recognize a file format. Contents of the input file are checked according to the recognized file format, if available, in an effort to determine whether executable code might exist within the input file. A status is then sent in response to the checking.

Abstract: A system and method of providing standardized transmission of data by translating non-native requests and or non-native responses to and from a normalized format or to a format needed for processing the request and or response. The system works with trusted and untrusted connections and systems and supports encryption at multiple layers to establish non-repudiation for a security service that integrates and/or aggregates external security applications into a single service that can provide authentication and/or authorization.

Abstract: An apparatus and method for performing cryptographic operations is provided. The apparatus includes a cryptographic instruction, CBC block pointer logic, and execution logic. The cryptographic instruction is received by a pipeline microprocessor as part of an application program executing on the pipeline microprocessor. The cryptographic instruction prescribes one of the cryptographic operations. The one of the cryptographic operations includes a plurality of CBC block cryptographic operations performed on a corresponding plurality of input text blocks. The CBC block pointer logic is operatively coupled to the cryptographic instruction. The CBC block pointer logic directs the pipeline microprocessor to update pointer registers and intermediate results for each of the plurality of CBC block cryptographic operations. The execution logic is operatively coupled to the CBC block pointer logic. The execution logic executes the one of the cryptographic operations.

Abstract: In a content management method, content data is encrypted by a first key, the first key is encrypted by plural types of second keys, the encrypted first key is multiply encrypted by a third key, and the third key is encrypted by a fourth key. These encrypted content data, a medium key which is the first key encrypted by the second key and a move key which is a first key multiply encoded by the second and third keys are recorded in a recording medium, the third key encrypted by the fourth key is recorded in a security region. This management method is managed by the move key and the medium key.

Abstract: An apparatus and method for performing cryptographic operations on a plurality of input data blocks within a processor. In one embodiment, an apparatus for performing cryptographic operations is provided. The apparatus includes a cryptographic instruction, CFB mode logic, and execution logic. The cryptographic instruction is received by a pipeline microprocessor as part of an application program executing on the pipeline microprocessor. The cryptographic instruction prescribes one of the cryptographic operations. The one of the cryptographic operations includes a plurality of CFB block cryptographic operations performed on a corresponding plurality of input text blocks. The CFB mode logic is operatively coupled to the cryptographic instruction. The CFB mode logic directs the pipeline microprocessor to update pointer registers and intermediate results for each of the plurality of CFB block cryptographic operations. The execution logic is operatively coupled to the CFB mode logic.

Abstract: An apparatus and method for performing cryptographic operations on a plurality of input data blocks. In one embodiment, an apparatus for performing cryptographic operations is provided. The apparatus includes a cryptographic instruction, OFB mode logic, and execution logic. The cryptographic instruction is received by a pipeline microprocessor as part of an application program executing on the pipeline microprocessor. The cryptographic instruction prescribes one of the cryptographic operations. The one of the cryptographic operations includes a plurality of OFB block cryptographic operations performed on a corresponding plurality of input text blocks. The OFB mode logic is operatively coupled to the cryptographic instruction. The OFB mode logic directs the pipeline microprocessor to update pointer registers and an initialization vector location for each of the plurality of CFB block cryptographic operations. The execution logic is operatively coupled to the OFB mode logic.

Abstract: Apparatus, and an associated method, for communicating a signaling message, such as a message signaling unit, in secure form, even upon a communication path of an untrusted security level. The signaling message is applied to a signal transfer point. An encryption selector selects whether to encrypt the signaling message and, if so, which parts of the message to encrypt. If a portion of the signaling message encrypts the selected portion and causes the signaling message to be communicated upon a communication path to a destination. Once delivered to a trusted signal transfer point, the selected portion of the signaling message is decrypted, and the signaling message is delivered to the ultimate destination.

Abstract: The present invention relates to a method and apparatus for preventing the use of data transmitted by a computer to a web site by a program operating on the computer. Initially, a first association between a set of labels and a first set of codes is created. The set of labels contains information to be displayed on the computer, while each code in the first set of codes is associated with a particular label. An encryption key is then linked with the first association. The set of labels, the first set of codes, and the first encryption key is then sent to the computer. Some time later, codes from the first set of codes and the first encryption key are received back from the computer. The codes returned from the computer are then matched to labels from the set of labels using the first encryption key. Afterwards, subsequent associations between the set of labels and other sets of codes are created. These associations are different than the association between the set of labels and the first set of codes.

Abstract: A security apparatus and a security method for controlling electric devices by use of electronic mails. A modem receives an electronic mail sent from a sending side and stores the received electronic mail into a RAM of a controller. A CPU extracts certification information encrypted by a secret key of a user of the sending side and decrypts the certification information by use of a public key. Based on the decrypted information, the CPU determines whether the user of the sending side is authentic or not. Only when the user is found authentic, the CPU extracts a control command from the received electronic mail and stores the extracted control command into a RAM. Then, the CPU transmits an electronic mail to the sending side for confirming content of the control.

Abstract: A cryptographic method and a chip card which is used to carry out the method. Before any calculation is performed by a computing means of the chip card, the chip card reads (2) an integral list, in a storage means of a second entity, of identifiers of first proprietary entities of a chip card. Such list is linked to each status assigned to each of the first entities by the second entity. Subsequently, the chip card compares (3) the identifier stored in a storage means of the chip card with the contents of the list, in order to authorize (5) or prohibit (4) any calculation by the computing means depending on the result of the comparison.

Abstract: A system for authorizing smart cards via the Internet is provided, comprising a plurality of user stations (1-1-1-n) connected to a server (3) via the Internet (5) . Each of the user stations (1-1; 1-n) is attached to a card reader (7-1;7-n) suitable for reading data and accessing processing modules on smart cards (8-1-8-m). When a new card is to be issued, initially the server (3) generates and stores a task identifier as a task record (15) on a database (10) connected to the server (3). The task identifier is also dispatched to a user station (1-1; 1-n). A subsequent data submission by the user station (1-1; 1-n) is then required to include signed data incorporating authorization data and the received task identifier. When all the data required for authorization of a smart card (8-1; 8-m) has been received, the server (3) checks the signed data to confirm each data submission comprises data incorporating a correct task identifier utilised for the current authorization procedure.