Abstract: A content protection data processing system and a playback device determine whether to permit playback of a content recorded in a recording medium, based on a type of the recording medium and a signature type of a signature attached to a program. Additionally, the content protection data processing system and the playback device switch a procedure relating to a digital signature for each signature type of the digital signature, which enables both the protection of the copyright of the content and the efficient manufacturing of commercial ROM media.

Abstract: This invention provides a method for providing network security services, such as those provided by the IPSEC protocol, through network address translation (NAT). The method is based on determining the transformations that occur on a packet and compensating for the transformations. Because only TCP and UDP protocols work through NATs, the IPSEC AH/ESP packets are encapsulated into UDP packets for transport. Special operations are performed to allow reliable communications in such environments.

Abstract: Both a management server and a validation server are installed. Both a terminal and a terminal register setting information which is usable in an encrypted communication in the management server. When carrying out the encrypted communication, the management server searches the registered setting information for coincident setting information. The management server generates keys for the encrypted communications which can be used by the terminals, and delivers these generated keys in combination with the coincident setting information. The management server authenticates both the terminals in conjunction with the validation server. Since the terminals trust such results that the management server has authenticated the terminals respectively, these terminals need not authenticate the respective communication counter terminals.

Abstract: A method and a Mobile Node are provided for authenticating an Advertisement message received from an Access Router through an Access Point. The Advertisement message comprises a Hashed Nonce Value and a Nonce Index corresponding to a Nonce Value held in the Access Router. Upon receiving the Advertisement message from the Access Point, the Mobile Node initiates a process for configuring an IP address, by use of information received in the Advertisement, for having a session with the Access Point and the Access Router. In parallel, either the Access Point or the Mobile Node sends the Nonce Index directly to the Access Router. The Access Router replies with the Nonce Value sent to the Mobile Node. The Mobile Node hashes the Nonce Value received from the Access Router and compares a Result of the hashing with the Hashed Nonce Value. If the Result matches the Hashed Nonce Value, the Advertisement is considered authenticated and the IP address configured according to the Advertisement is kept in the Mobile Node.

Abstract: Systems and methods of securing wireless communications between a network and a subscriber station include inserting a marker denoting an encryption type within a random value used for authentication, calculating a first session key and a first response value as a function of the random value, then calculating a second session key and a second response value as a function of the random value, first session key and first response value. The two levels of session keys and response values may be used by upgraded subscriber stations and network access points to prevent attackers from intercepting authentication triplets.

Abstract: One or more methods and systems of generating pseudo-random numbers that are used as encryption keys in cryptographic applications are presented. In one embodiment, a method of generating pseudo-random numbers is performed by sampling output sequences of a linear feedback shift register with a specified periodicity. In one embodiment, the generating of pseudo-random numbers using linear feedback shift registers is accomplished by periodically switching between iterative outputs generated by multiple linear feedback shift registers. In one embodiment, a method of encrypting a pseudo-random number generated by a linear feedback shift register comprises using a nonlinear operator. In one embodiment, a method of further encrypting a pseudo-random number is accomplished by using a hashing function whose initial value varies over time by way of a function operating on one or more variables.

Abstract: Disclosed are systems, methods and computer program products for detecting unknown security threats. In one example, a system receives from an antivirus application deployed on a user's computer information about an unknown security event associated with a software executing on the computer and a user's verdict indicating that the software is harmful or clean. The system identifies the user of the computer and a role of the user. The role indicates user's level of expertise in the field of computer security. If the user has a high level of expertise in computer security, the system accepts the user's verdict. If the user has a low level of expertise, the system analyzes the information about the security event to verify that the user's verdict is correct. If the user's verdict was accepted or verified to be correct, the system updates an antivirus database associated with the antivirus application.

Abstract: Disclosed are systems, methods and computer program products for dynamically allocating computing resources for processing security information. In one example, the system receives from an antivirus application deployed on a user's computer information about user's actions related to the security of said computer. The system analyzes the received information to determine user's level of expertise in the field of computer security. The system then classifies the user into one of two or more different roles based on the determined level of expertise. The system automatically selects, based on the user's role, configuration setting of the antivirus application for collecting information about security threats detected by the user. The system also automatically allocates and configures, based on the user's role, computing resources and services for processing information collected by the antivirus application deployed on the user's computer about security threats detected by the user.

Abstract: Disclosed are systems, methods and computer program products for controlling access to a computer network. An example network access controller is configured to intercept data transmission to or from a computer and identify a network access policy associated with said computer. If there is no network access policy associated with said computer, the controller deploys on said computer an administration agent configured to collect configuration information from said computer and information about topology of said network. The controller determines a network access policy for said computer based on the collected information. The controller also activates antivirus software on said computer, to detect any malicious activity on said computer. If malicious activity is detected, the controller limits data transmissions to or from said computer until the malicious activity is eliminated by the antivirus software to prevent spread of the malicious activity to other computers in the network.

Abstract: Disclosed are systems, methods and computer program products for classifying users of antivirus software based on user's level of expertise in the field of computer security. In one example, the system receives from antivirus software deployed on a user's computer information about security of the computer and history of user's usage of the software. The system categorizes the received information into categories based on (i) a number of computer threats detected by the user, (ii) a frequency of malware infections of the user's computer, and (iii) a level of user's proficiency with the antivirus software. The system then selects condition-action rules for each category of information and applies the selected rules to the categorized information to determine user's level of expertise in computer security. Finally, the system classifies the user as one of an expert or typical user based on the user's level of expertise.

Abstract: It is intended to achieve a user authentication system capable of forcibly presenting a content to a user. Provided is a content presentation-type authentication system designed to allow a client to perform a content presentation-type user authentication in which user authentication is performed in such a manner that a plurality of pattern elements arranged in a given pattern are presented as a presentation pattern to a user who intends to be authenticated, and a one-time password derivation rule is used as a password of the user and applied to certain ones of the pattern elements located at specific positions in the presentation pattern to create a one-time password, and a content is forcibly presented to the user in connection with the user authentication.

Abstract: An anonymous secure messaging method, system and computer program product for implementation over a wireless connection. The invention allows the securely exchange of information between a security token enabled computer system and an intelligent remote device having an operatively coupled security token thereto over the wireless connection. The invention establishes an anonymous secure messaging channel between the security token and the security token enabled computer system, which allows the intelligent remote device to emulate a locally connected security token peripheral device without requiring a physical connection. A dedicated wireless communications channel is incorporated to prevent several concurrent wireless connections from being established with the security token and potentially compromising the security of the information being sent on concurrent wireless connections.

Abstract: Transport agnostic, secure communication protocol for transmitting host platform posture information to the Network Access Control Server or PDP (Policy Decision Point) and for receiving policy information to be enforced on the trusted host platform and respective applications for data processing and communication are described herein.

Abstract: A method and system of developing electronic performance support systems implemented in a computer system or in a graphical user interface. A method and system determines electronic compliance with a regulatory scheme, includes a compliance standard and using a question and answer prompt in conjunction with a scanning engine to perform an assessment of a computer network's compliance with at least one predetermined standard in addition to a technical assessment of the computer network.

Abstract: A method for storing and updating digital certificates in a flash memory, a flash memory, and an electronic apparatus exploiting the method are disclosed. The method is applicable for a flash memory having predefined erase-write blocks and write-read blocks, for enhancing the tampering proof characteristics of the flash memory. The certificates may be used to authenticate a computer program and may be verified by a verification program associated with the computer program. The method may include defining a plurality of memory slots within at least one erased erase-write block wherein each memory slot have a commencing address comprising a binary “0”- or a binary “1” bit pattern, writing a first and second digital certificate in a first and second one of the memory slots, defining a certificate slot address pointer, and updating the certificate slot address pointer by replacing said “0”- or “1”-bit pattern of the pointer with a “1”- or a “0” bit pattern, respectively.

Abstract: An authentication method for network security includes: configuring a Media Gateway (MG) with an authentication key and setting a security data package on a network protocol by a Media Gateway Controller (MGC); during a security authentication, sending, by the MGC, security authentication request data to the MG using the data package; receiving by the MGC a calculation result obtained by performing an encryption calculation on the request data using the authentication key by the MG; and determining by the MGC whether the MG is legal according to the calculation result.

Abstract: An agent for monitoring a wireless device is provided. The agent compares communications against policy guidelines and determines whether a violation of the policy guidelines has been committed, and communicates information about the violation to an authorized user.

Abstract: A computing system includes data encryption in the data path between a data source and data storage devices. The data storage devices may be local or they may be network resident. The data encryption may utilize a key which is derived at least in part from an identification code stored in a non-volatile memory. The key may also be derived at least in part from user input to the computer. In a LAN embodiment, public encryption keys may be automatically transferred to a network server for file encryption prior to file transfer to a client system.

Abstract: A digital video system including a computer connected via a network to a number of video servers and cameras. The computer includes a program that provides a grid of display windows, each of which displays an image received from the camera associated with that window. The program sequentially polls each camera, accessing and displaying an image from the camera in its associated window. The program can access the cameras at different frame rates. The program stores image streams in a single file, concatenating each successive image onto the end of the file. The file is then indexed using SOI and EOI markers to permit fast access to individual images within the file. The program can monitor received video and automatically start recording upon detecting motion within the video stream. Motion detection is implemented by comparing color component values for pixels from different images.

Abstract: Methods for pre-registering a participant in a program database using a participant smart card and biometric data in a verification process to manage fraud and enhance security and privacy protection are disclosed. The methods include pre-registering, or alternatively registering, individual information including biometric data in the program database, forming a secured registered account for the participant, and assigning the participant smart card to the participant with the secured registered account. The methods continue by determining risk factors for the participant, assigning at least one program with program risk factors to the participant, authenticating identity of the participant at a program access point, receiving eligibility verification or denial of the participant to access and use assigned programs, and updating the database data for exit verification.