Abstract: Encrypted music information or the like and encryption processing information itself employed for the encrypting is transmitted from a set top box (BX) to a recorder (R) via a serial bus (B) after decoded, and the music information or the like is recorded in a DVD-R (1). Upon this recording, the music information encoded by employing an asynchronous transmission region in the IEEE 1394 standard that is a standard with which the serial bus (B) conforms is transmitted at a high speed. On the other hand, encode processing information encoded by employing an isochronous transmission region in the IEEE 1394 standard is transmitted at a 1-fold speed.

Abstract: Enrollment and authentication of a user based on a sequence of discrete graphical choices is described. A graphical interface presents various images and memory cues that a user may associate with their original graphical choices. Enrollment may require the input to have a security parameter value that meets or exceeds a threshold. An acceptable sequence of graphical choices is converted to a sequence of values and mapped to a sequence of codewords. Both a hash of the sequence of codewords and a sequence of offsets are stored for use in authenticating the user. An offset is the difference between a value and its corresponding codeword. Authentication requires the user to enter another sequence of discrete graphical choices that is approximately the same as original. The offsets are summed with the corresponding values before mapping to codewords. Authentication requires the sequence of codewords, or a hash thereof, to match.

Abstract: A locked portal unlocking control system (21) including an encryption device (22) responsive to input of a structure identifier to encrypt a time representation with an encrypting cryptographic key (37) for the structure to produce a cryptogram. At least one structure (32, 32a, 32b, . . . 32n) is remote of the encryption device (22) having a lock mechanism (26) controlling opening of a portal to the structure. Each structure (32, 32a, 32b, . . . 32n) further includes a decryption device (27, 27a, 27b, . . . . 27n) having an unlocking assembly (54) coupled to the lock mechanism (26) with the decryption device (27–27n) being responsive to input of the cryptogram (24) to unlock the lock mechanism (26) if a decrypted time representation produced by decrypting the cryptogram meets a time-based criteria in the decryption device (27–27n).

Abstract: Described is a method and system for controlling usage of software on a computing device. An authorization key is generated as a function of a device string and a software string. The device string is a unique string stored in the device. The software string is a unique string stored in a software authorized for use on the device. The authorization key is encrypted using a private key and stored in the device. Upon a request to use software on the device, the authorization key is decrypted using a public key corresponding to the private key. A test key is generated as a function of the device string and a request software string. The request software string is a unique string stored in the software for which use has been requested. The authorization key is compared to the test key. When the test key matches the authorization key, usage of the software for which use has been requested on the device is permitted.

Abstract: A method and system that ensures system security is disclosed. Specifically, the method and system formulate a finite automaton that corresponds to a number of patterns. Then, as data units are put through the finite automaton, suspected data units are identified. The suspected data units are the ones containing content that collectively matches one or more of the aforementioned patterns. To identify the suspected data units, the dependency relationships among various states in the finite automaton that have been compressed are relied upon. Depending on the result of identifying the suspected data units, different actions are performed.

Abstract: NADO is a process for encrypting and decrypting information in a variety of cryptographic devices. The underlying process is a fast stream-like cipher that can be implemented efficiently in analog or digital hardware or in software. The NADO process makes use of three novel methods in cryptography: 1) A sequence of permutations which scrambles and spreads out the encrypted information; (2) A state generator built with a non-autonomous dynamical system to generate an unpredictable sequence of states; (3) One or more perturbators which perturb both the non-autonomous dynamical system and the sequence of permutations in a non-periodic way.

Abstract: This invention relates generally to a computer-implemented method and system for having anonymous profiling of, and marketing to, anonymous users in a data network, particularly in the Internet. It enables an individual to surf the Internet anonymously as well as enabling third parties to use profiling information to target such anonymous users. The real identity of the individual is never known within the anonymous trust system.

Abstract: A system and method are provided for use in maintaining secure communications between a home network and a mobile client when the client roams outside of the home network to a new location.

Abstract: The present invention provides an interactive library system having a computer in telecommunication link with at least one user computer and computer of at least one content provider requiring payment for information access. The interactive library system performs the following: Receiving, by the library system computer, user identification and password from the user computer. Comparing, by the library system computer, the received user identification and password with authorized user identifications and corresponding passwords stored in the library system to determine whether to grant access to the interactive library system. If the comparison results in grant of access, then the interactive library system provides one or both of the following: (1) Receiving, by the library system computer, input from the user computer specifying type of information desired by the user. Establishing, by the library system computer, telecommunication link with the content provider computer.

Abstract: A method, system, and program product for enabling administrative recovery of a user's lost/forgotten boot-up passwords without compromising the administrative/master password(s). A restricted-use password is dynamically generated from a first hash of a random number generated on a client system and a secret retrieved from a secure device associated with the client system. The restricted-use password operates as a master password but is not the administrative password of the client system. Once the password is generated, it is provided to the user/client system to enable user access to said client system and hardfile and reset of the user passwords.

Abstract: An architecture is described to manufacture console-based gaming systems in a manner that allows them to be authenticated to a remote entity for online participation. The architecture involves placing pre-established secrets on the game console during console manufacturing that may be subsequently used to guarantee the authenticity of the game console during registration time.

Abstract: End-to-end user anonymity is provided in electronic commerce or other types of online transactions through the use of an intermediary. An intermediary machine, which may be implemented in the form of a set of servers or other type of computer system, receives communications from a consumer or other user, and generates and maintains an alias for that user. Connections between the user machine and any online vendor or other web site are implemented through the intermediary using the alias. When the user desires to make a purchase from a given online vendor, the intermediary may present the user with a number of options. For example, the user may be permitted to select a particular payment card number and real destination address as previously provided to the intermediary. The intermediary then communicates with the online vendor and supplies intermediary payment information, e.g.

Abstract: An apparatus for installing a decryption key is initially arranged so that a decryption algorithm received by a control processor is passed via a first interface path to a decryption processor. The algorithm is installed in the decryption processor together with a program decryption key. The apparatus is subsequently arranged so that encrypted working decryption keys received by the control processor are passed on to the decryption processor over the first interface path. The decryption processor decrypts the encrypted keys using the program decryption key. Decryption keys are thus obtained and are transferred via a second interface path to decryptors for use in decrypting encrypted program signals input to the decryptors.

Abstract: A field programmable gate array (70) has security configuration features to prevent monitoring of the configuration data for the field programmable gate array. The configuration data is encrypted by a security circuit (64) of the field programmable gate array using a security key (62). This encrypted configuration data is stored in an external nonvolatile memory (32). To configure the field programmable gate array, the encrypted configuration data is decrypted by the security circuit (64) of the field programmable gate array using the security key stored in the field programmable gate array.

Abstract: Enrolling devices with a clearinghouse server for Internet telephony and multimedia communications. Enrollment can be the process of taking a network device (such as a router, gateway, gatekeeper, etc.) and exchanging encrypted information with the clearinghouse server, so that later communications with that device can be secured. The enrollment is done with levels of security and verification that ensures the devices and clearinghouse server is legitimate.

Abstract: An arrangement to accomplish authentication of end-users (1) and end-points (1) in a packet based network, which includes components that support all or parts of different versions of the H.323 recommended standard, be proposed. Authentication is accomplished by means of an authentication proxy (2), which will support security profiles supported by one or more associated gatekeepers (3). Provision of end-user (1) and end-point information for an authentication proxy (2) may be accomplished by means of standard non-proprietary communication and protocol such as http or https and a simple html form, an applet or a servlet respectively, and for a gatekeeper (3) by means of a RAS message such as gatekeeper request (GRQ).

Abstract: A system and method for representing and maintaining redundant data sets utilizing system DNA transmission and transcription techniques comprising a system of symbolic exchange used for data transmission whose lexicon is based on the provision of unique and consistent identifiers (or symbols) for transmitted data utilizing “sticky byte” factoring. A protocol is provided for determining which entries (comprising unique identifier to corresponding data pairs) in a local lexicon (or “Primordial Data Pool”) are contained in a remote lexicon and can, therefore, be used in a transmission in lieu of the data itself. A mechanism is further provided through which the local lexicon can add newly presented unique identifier to corresponding data pairs to one or more remote lexicons.

Abstract: The user's Bluetooth device substitutes a pseudonym address for the Bluetooth Device Address (BD_ADDR). The pseudonym address is a randomized version of the BD_ADDR. The pseudonym address is used in all the functions of the Bluetooth device that normally use the BD_ADDR, including the frequency hopping sequence, the device access code, the initialization key in link encryption, the authentication code, and the various packet addresses. In this manner, the user's privacy is protected by preventing the user's identity, routes, and activities from being correlated with his/her device's address. In addition to the Bluetooth standard, the technique also applies to other wireless standards.

Abstract: A method for group authentication using a public key cryptosystem that includes a public key and a private key, comprising the steps of providing a Private Key Share to a Tool of each Entity of each Group encompassed by a Boolean Expression of a prescribed Rule based upon the private key, encrypting a random number using the public key of the public key cryptosystem to generate a ciphertext challenge at a Verification Device, conveying the ciphertext challenge to the Tool of each Entity in communication with the Verification Device, generating a response to the ciphertext challenge using the Private Key Share of the Tool of each Entity in communication with the Verification Device, transmitting the response generated by each Entity in communication with the Verification Device to the Verification Device, combining the responses received from the Entities in communication with the Verification Device, determining whether any combination of the responses equals the random number wherein any combination that equ

Abstract: A consistent set of data is supplied to a software application from databases. When a particular set of data is identified, a first process is requested to obtain a snapshot time from a database server associated with the first database. The snapshot time causes all subsequent reads of the first database by the first process to return data that reflects a database state associated with the snapshot time. A first set of data in the first database is locked in order to produce a copy of data from a first database. After locking the first set of data, a plurality of processes are requested to obtain snapshot times from a database server associated with the first database. The snapshot time caused all subsequent reads of the first database by the plurality of processes to return data from the first database as of the snapshot times.