Abstract: A data processing system accepts a removable storage media, which becomes electrically engaged with a system unit within the data processing system, after which the removable storage media and the hardware security unit mutually authenticate themselves. The removable storage media stores a private key of a first asymmetric cryptographic key pair and a public key of a second asymmetric cryptographic key pair that is associated with the hardware security unit, and the hardware security unit stores a private key of the second asymmetric cryptographic key pair and a public key of the first asymmetric cryptographic key pair that is associated with the removable storage media. In response to successfully performing the mutual authentication operation between the removable storage media and the hardware security unit, the system unit is enabled to invoke cryptographic functions on the hardware security unit while the removable storage media remains engaged with the system unit.

Abstract: A system and method for employing a key exchange key to facilitate secure communication is provided. The key exchange key can be employed, for example, to encrypt and/or decrypt dialog session key(s) that are used to encrypt and/or decrypt message(s) that form a dialog between an initiator system and target system. In one example, a key exchange key is unique to a service pair, while a dialog session key is unique to a particular dialog between the service pair. The system can facilitate end-to-end encryption of message data in a dialog—the message data is encrypted at one dialog endpoint and not decrypted until it reaches the other dialog endpoint. The system can be employed to facilitate secure dialog with minimal performance overhead when compared with conventional system(s). Optionally, the system can facilitate load balancing (e.g., among deployed instances of a service).

Abstract: A system and method for facilitating BIOS integrated encryption is provided. An interface is defined between the operating system and the BIOS. The operating system employs this interface to provide BIOS code information to facilitate decryption of data that is encrypted on the system. In the pre-operating system boot phase, the BIOS employs the decryption information provided from this interface in order to decrypt the data. The decrypted information can be employed to facilitate secure rebooting of a computer system from hibernate mode and/or secure access to device(s).

Abstract: A method is disclosed for avoiding the storage of client state on a server. Based on a local key that is not known to a client, a server encrypts the client's state information. The client's state information may include, for example, the client's authentication credentials, the client's authorization characteristics, and a shared secret key that the server can use to encrypt and authenticate communication to and from the client. By any of a variety of mechanisms, the encrypted client state information is provided to the client. The server may free memory that stored the client's state information. When the server needs the client's state information, the client sends, to the server, the encrypted state information that the client stored. The server decrypts the client state information using the local key. Because each client stores that client's own state information in encrypted form, the server does not need to store any client's state information permanently.

Abstract: For an Internet Access Gateway operative between an area network and a public network, managing dynamic network sessions therebetween whereby a primary server on the public network in a primary session with a client of the area network initiates an additional session with an additional server on the public network, for which an unexpected data packet received at the gateway from the additional server is associated with the primary session, and accordingly allowed access to the area network through the gateway, provided the gateway received the data packet at an input port exceeding 1023, the additional session comprises a pre-defined Session Triggering Event, and at least one internal network component of the area network indicates willingness to receive the data packet. Wherefore, a preferred Application Level Gateway is thereby provided for firewall and NAT implementations to enhance network security.

Abstract: Two identity spaces form a federation by agreeing to use a secret key to facilitate secure access of resources between them. When one identity space receives a request for a resource from a user in the other identity space, the first identity space checks to see if the resource is protected. If the resource is protected, the first identity space requests that a mediator in the second identity space authenticate the external user. The mediator verifies the external user's authenticity. Once the external user is authenticated, the mediator securely informs the first identity space, using the secret key, that the external user is authenticated to access the resource. The identity space then grants the user access to the resource if the user is allowed access as per the access control policy of the identity space.

Abstract: An item handling system, comprising: at least one item preparation station for printing machine-readable symbols on items; and at least one item handling station for receiving items from the at least one item preparation station and being operable to machine read and process information contained in the symbols printed on the items; wherein: the at least one item handling station includes a messaging unit for generating messages representative of the readability of symbols read thereby and transmitting the messages to the at least one item preparation station; and the at least one item preparation station includes an indicator for providing an indication of a readability of symbols printed thereby in response to messages received from the at least one item handling station.

Abstract: A threat management domain controller is responsive to a computer-actionable threat management vector that includes a first computer-readable field that provides identification of at least one system type that is affected by a computer security threat, a second computer-readable field that provides identification of a release level for the system type and a third computer-readable field that provides identification of a set of possible countermeasures for a system type and release level. The threat management domain controller processes a threat management vector that is received for use by a domain of target computer systems, and transmits the threat management vector that has been processed to at least one of the target computer systems in the domain of target computer systems.

Abstract: Framing transmit encoded output data begins by determining a scrambling remainder between scrambling of an input code word in accordance with a 1st scrambling protocol and the scrambling of the input code word in accordance with an adjustable scrambling protocol. The processing continues by adjusting the adjustable scrambling protocol based on the scrambling remainder to produce an adjusted scrambling protocol. The processing continues by scrambling the input code word in accordance with the 1st scrambling protocol to produce a 1st scrambled code word. The processing continues by scrambling the input code word in accordance with the adjusted scrambling protocol to produce a scrambled partial code word. The processing continues by determining a portion of the 1st scrambled code word based on the scrambling remainder. The process continues by combining the scrambled partial code word with the portion of the 1st scrambled code word to produce the transmit encoded output data.

Abstract: The invention comprises a secure method and apparatus for the distribution, processing, decryption, and display of combinations of encrypted audio, video, raster graphic still images, vector graphic images, HTML, hyperlinks, textual information, synchronization information, and password and date expiration data combined and encrypted in singular multimedia presentation transmission and distribution files, all of which are represented by binary data files. The invention may be adapted for use with any of the various audio, video, raster graphic still images, vector graphic images, and text data formats and files that represent such information. A specific embodiment of the invention adapted for use on a personal computer and such CPU equipped devices is presented.

Abstract: In the electronic watermark detection device, an electronic watermark detection unit receives input of a DCT coefficient and a picture start from a preprocessing unit to detect an electronic watermark inserted into image data and indicative of copyright information or the like, a detection result adjustment unit receives input of a picture start from the preprocessing unit and input of a detector result and a detector interruption from the electronic watermark detection unit to count the number of pictures, as well as generating and outputting a detection interruption according to the detection result, and an interruption processing unit receives input of a detection result and a detection interruption from the detection result adjustment unit to generate an interruption signal according to a system, as well as outputting the detection result.

Abstract: A method including providing a user with a photo album form printed on a surface, the photo album form containing information relating to a photo album activity and including coded data indicative of an identity of the photo album form and of a plurality of points on the form; receiving, in a computer system, data from a sensing device operated by the user, the data indicating the identity of the photo album form and a position of the sensing device relative to the photo album form; and identifying, in the computer system and from the indicating data, at least one parameter relating to the photo album activity; the method enabling the user to compose and print pages of photos suitable for inclusion in a photo album.

Abstract: The present invention extends to methods and systems for providing a seamless user interface to one or more web-based external systems and applications that monitor and control access to information, products, and/or services provided by such web-based external systems. Accordingly, the methods and systems enable a user to utilize a single web-based graphical user interface to access external systems with minimal input from the user. Further, the invention coordinates the log-on, log-out, and time-out of the user from the external systems so that user has a seamless on-line experience. The user remains logged into each of the external systems so long as the user is logged into a main system and can log out of all the external systems by logging out of the main system. In addition, the user is not timed out of any external system unless the user is timed out of the main system.

Abstract: A customer at a client workstation communicates with access software on a remote server to retrieve data from a database. The client may obtain information, such as available inventory, the status of a pending order, and so on, without contacting the database owner, such as the distributor of the inventory. Reports can be generated automatically by the customer.

Abstract: The present invention provides an apparatus and method for performing cryptographic operations on a plurality of input data blocks within a processor. In one embodiment, an apparatus for performing cryptographic operations is provided. The apparatus includes a cryptographic instruction and execution logic. The cryptographic instruction is received by logic within a processor, wherein said cryptographic instruction prescribes one of the cryptographic operations. The execution logic is coupled to said logic. The execution logic performs the one of the cryptographic operations.

Abstract: An unauthorized access detection device capable of detecting unauthorized accesses which are made through preparation, in real time. When a packet travels on a network, a key data extractor obtains the packet and obtains key data. Next an ongoing scenario detector searches an ongoing scenario storage unit for an ongoing scenario with the key data as search keys. A check unit determines whether the execution of the process indicated by the packet after the ongoing scenario detected by the ongoing scenario detector follows an unauthorized access scenario being stored in an unauthorized access scenario storage unit. Then a report output unit outputs an unauthorized access report depending on the check result of the check unit.

Abstract: A methododology is provided for facilitating authentication of a service. The methodology includes making a request to a first party for authentication of a service, the request including a first alias. A list of aliases associated with the service is then searched enabling a second party making the request to access the service if a match is found between the first alias and at least one alias of the list of aliases.

Abstract: There is a provided a data processing system comprising: a processor operable in a plurality of modes and either a secure domain or a non-secure domain including: at least one secure mode being a mode in said secure domain; and at least one non-secure mode being a mode in said non-secure domain; wherein when said processor is executing a program in a secure mode said program has access to secure data which is not accessible when said processor is operating in a non-secure mode; and wherein said processor is responsive to a switching request to initiate a switch between a secure mode and a non-secure mode under control of a mode switching program starting at a location specified by an exception vector associated with said switching request.

Abstract: A digital signature collection and authentication system includes an ink pen having an ultrasonic transmitter that transmits ultrasonic energy to a plurality of ultrasonic receivers. A computer triangulates the location of the pen versus time to generate the signature shape, and to generate velocity and acceleration data. The pen also includes a pressure sensitive tip to record pressure applied to the pen tip. The pen also includes a higher frequency burst transmitter useful to generate a time reference, and to transmit the pressure information. The computer packetizes the shape, velocity, acceleration, and pressure data with a time stamp and an IP address or phone number, encrypts the packet and sends it to a host computer for authentication.

Abstract: In one embodiment, the invention provides a method comprising storing user authentication information in a hardware structure of a computer system, the hardware structure including a security mechanism to protect the stored authentication information from unauthorized access, and authenticating a user of the computer system by comparing user input authentication information with the stored authentication information.