Abstract: A circuit and a method are provided for securing a coprocessor dedicated to cryptography. The disclosed circuit includes a scrambling register and an accessory input register to convey scrambling information in the form of electrical signals that disturb the visibility of certain electrical signals associated with confidential information such as digital keys.

Abstract: An unimpeachable chain of custody system and method includes a confirmation authentication system that facilitates receiving and storing a communication signal that is indicative of an evidentiary item captured at a determined location and at a determined time. The confirmation authentication system and method further facilitates generating and transmitting a chain of custody confirmation signal to a transportable input system that the communication signal has been authenticated and stored for subsequent retrieval. The transportable input system includes a positioning device and a communication device that cooperate to facilitates generating and transmitting the communication signal in response to receiving the chain of custody confirmation signal.

Abstract: A processing unit includes a read-only encryption key. Loader code image is loaded into system memory from non-volatile storage. Loader code image includes a prefix value and a suffix value. The prefix value is combined with the master key from the processing unit to create a random value that is the seed for a hashing algorithm. The hashing algorithm uses the seed value with a signature formed from the blocks of code to form a result. During the hashing algorithm, intermediate key values are generated and stored in a memory area inaccessible by the user. The intermediate key values are used by the loader code after the loader has been authenticated and loaded. The loader combines one or more of the intermediate key values with prefix and suffix values that correspond to other software modules to authenticate the software, using a hashing algorithm, and load the software upon authentication.

Abstract: An apparatus and method for generating multiple scrambling codes in an asynchronous mobile communication system.

Abstract: A system (100) and method (400, 500) for data encryption and decryption are disclosed. The encryption system is operable at encryption rates in excess of 10 Mbps and is expandable to over 200 Mpbs. For encryption, plain characters are received, and a key block (120) includes key characters corresponding to the plain characters is accessed. A current key character corresponding to a current plain character is located. A next key character corresponding to a next plain character is located. An offset between the current key character and the next key character is determined to encrypt the plain characters. Aliases are used to facilitate the encryption and decryption. Vector distances of offsets are utilized for the encryption and decryption, using many variables and many dimensions, such as using coordinates.

Abstract: A method of performing a search of a numerical DOM (document object model), includes the steps of receiving a query. When the query is a fully qualified query, the target string is transformed to form a fully qualified hashing code. An associative lookup is performed in a map index using the fully qualified hashing code. A map offset is returned. The map offset points to a couplet that can be converted into a standard portion of a structured data document. Finally, a data couplet is returned.

Abstract: A system, method, and article of manufacture is provided for updating content stored on a portable storage medium. Upon input of a portable storage medium into a machine by a user, the content stored on the portable storage medium is read. After reading the content of the portable storage medium, a separate storage medium is accessed and content is received therefrom. The content from the separate storage medium is an update of the content of the portable storage medium. This content of the separate storage medium is then displayed.

Abstract: A fluid separation conduit cartridge that is operative to encrypt, decrypt, transmit and receive information is disclosed. The conduit cartridge encrypts information sent to an analytical system or an operating facility in communication with the conduit cartridge and can decrypt encrypted information received from an analytical system or an operating facility in communication with the conduit cartridge.

Abstract: The access time for the use of an electronic device, for example a chip, is prolonged after each unauthorized access attempt. The access time is determined by the time for the matching of the turn-on voltages of two floating gate cells. Before an access attempt, the turn-on voltage of one cell is set to a predefined initial value and the turn-on voltage of the other cell is set to a value which is higher in comparison and which is increased after each unauthorized access.

Abstract: An accessing technique includes a first networked entity having a first security level and a search engine having a second security level. Access is allowed to the first networked entity upon the second security level being equal to or higher than the first security level. Access to the search engine by a user having a third security level is allowed upon the third security level being equal to or higher than the second security level. The search engine and the user may present a digital signature certificate in attempting access of the first networked entity and the search engine respectively. The first networked entity may query a second networked entity to determine the security level of the search engine relative to the first networked entity and the search engine may query the second networked entity to determine the security level of the user relative to the search engine.

Abstract: A first enterprise official desires to recover an encryption certificate of a user. The user may be a current member of an enterprise or a former member of the enterprise. The first enterprise official convinces a second enterprise official to designate the encryption certificate of the user as approved for recovery, where the second enterprise official has authorization to designate the encryption certificate as approved for recovery. The encryption certificate is designated as approved for recovery. The first enterprise official convinces a third enterprise official to execute recovery of the encryption certificate. The third enterprise official has authorization to execute recovery of the encryption certificate. The encryption certificate is recovered by the third enterprise official and provided to the first enterprise official.

Abstract: An approach is provided for maintaining a write barrier during an assignment operation between a source object and a target object. A source tag is obtained from a first reference to the source object, and a target tag is obtained from a second reference to the target object. The source tag and the target tag are compared, such that if the source tag is in a predetermined relationship with the target tag, then a data structure (e.g., a remember table or exit table) associated with the write barrier is updated in accordance with the assignment operation. In one embodiment, the routine to update the data structure is dispatched from a function table based on a tag value in a header associated with the source object.

Abstract: To prevent copying of a design implemented in a programmable logic device (PLD), the PLD itself stores a decryption key or keys loaded by the designer, and includes a decryptor for decrypting an encrypted configuration bitstream as it is loaded into the PLD. The PLD also includes logic for reading header information that indicates whether the bitstream is encrypted, and can accept both encrypted and unencrypted bitstreams. The encryption keys may be stored in non-volatile memory or backed up with a battery so that they are retained when power is removed.

Abstract: A method of directly reading addresses from flash memory using an object tracking table is described. Some applications such as K-Java typically require their data to be stored contiguous in memory. In order to achieve contiguous memory space, free memory is compressed during reclaim. The data compression may alter the address locations within the application files. The object tracking table helps enable direct flash access to modify and update flash object data.

Abstract: A computer system processor incorporates a special S-latch which may only be set by secure signals. One state of the S-latch sets the processor into a secure mode where it only executes instructions and not commands from an In Circuit Emulator (ICE) unit. A second state of the S-latch sets the processor into a non-secure mode. A non-volatile random access memory (NVRAM) is written with secure data which can only be read by boot block code stored in a BIOS storage device. The boot block code is operable to read the secure data in the NVRAM and set the S-latch to an appropriate security state. If the boot block code cannot set the S-latch, then remaining boot up with BIOS data is stopped. On boot up the boot block code reads the NVRAM and sets the S-latch into the appropriate security state.

Abstract: The present invention provides a virtual network, sitting “above” the physical connectivity and thereby providing the administrative controls necessary to link various communication devices via an Access-Method-Independent Exchange. In this sense, the Access-Method-Independent Exchange can be viewed as providing the logical connectivity required. In accordance with the present invention, connectivity is provided by a series of communication primitives designed to work with each of the specific communication devices in use. As new communication devices are developed, primitives can be added to the Access-Method-Independent Exchange to support these new devices without changing the application source code. A Thread Communication Service is provided, along with a Binding Service to link Communication Points. A Thread Directory Service is available, as well as a Broker Service and a Thread Communication Switching Service. Intraprocess, as well as Interprocess, services are available.

Abstract: Despite advances in recent years in the area of mandatory access control in database systems, today's information repositories remain vulnerable to inference and data association attacks that can result in serious information leakage. Without support for coping against these attacks, sensitive information can be put at risk because of release of other (less sensitive) related information. The ability to protect information disclosure against such improper leakage would be of great benefit to governmental, public, and private institutions, which are, today more than ever, required to make portions of their data available for external release. In accordance with the invention, a solution to the problem of classifying information by enforcing explicit data classification as well as inference and association constraints is provided.

Abstract: Systems and methods are disclosed for providing secure electronic archiving of customer (120) data over a network (110). Electronic postmarks are used to track archival of the data, access request for the archived (101) data, and fulfillment of the access requests.

Abstract: An object oriented framework mechanism for data transfer between a data source and a data target provides an infrastructure that embodies the steps necessary to perform the data transfer and a mechanism to extend the framework to fit a particular data transfer environment. Certain core functions are provided by the framework, which interact with extensible functions provided by the framework user. The architecture of the framework allows a developer to determine the conditions and parameters that apply to the data transfer while allowing a user to interact with the framework with an interface that is consistent regardless of the specific combination of data source, data target, connection type, or protocol. The extensible functions allow new data transfer environments to be easily implemented using the framework.

Abstract: A method and apparatus of performing active update notification. Components of an application are able to specify interest in a data object or set of data objects by registering an interest object with an update management component of the application. The interest object specifies the interested application component, as well as the identity of one or more data objects or an attribute value or range of values to associate with data objects. When modifications are made to data objects corresponding to the registered interest objects, the interested application component or components receive an update notification from the update management component. In one embodiment, active update notification is performed within a multi-tier application. An update management component exists at the application server on the application tier, as well as at each client in the client tier.