Abstract: A vehicle authenticates a component class of a prospective component for use in the vehicle by obtaining from a certification authority a certification that an authentic component of the component class is associated with a second cryptographic key. The certification certifies that the second cryptographic key is bound to information identifying an authentic component of the component class. The vehicle utilizes the second cryptographic key obtained from the certification authority in cryptographic communication with the prospective component, and determines whether the prospective component is an authentic component of the component class based on whether the second cryptographic key is successfully utilized in the cryptographic communication.

Abstract: This invention is directed to a distributed database system for storing and publishing public and private keys of an encryption system. Through the use of a distributed database network, keys can be stored, associated with member's accounts, published, retrieved and utilized automatically without the necessity of the individual member managing the public or private keys. The distributed eliminates the necessity of the public or private keys from being located at a single location allowed the flexibility for a multitude of user to manage public and private keys.

Abstract: A system, method and computer program product for auditing a message in a message stream are disclosed. Messages in a message stream are captured including at least one message in an extensible markup language (XML) format. Each message in the XML format is then extracted from the captured messages and has a timestamp applied thereto. Each timestamped message in the XML format is then stored in a memory.

Abstract: An access control system includes an access control device, a wireless communication device, and a central controller. The central controller issues authorization codes to the wireless communication device. The wireless communication device is used by an authorized party to enable or activate a protected function secured by an access control device. To enable or activate the protected function, the authorized party uses the wireless communication device to transmit an access request to the access control device, which responds by transmitting an authentication challenge to the wireless communication device. The wireless communication device must transmit a valid authentication response based on the authentication challenge and a valid authorization code stored in its memory. If a valid authentication response is received, the access control device enables or activates the protected function.

Abstract: The present invention is a method and apparatus to generates an isolated bus cycle for a transaction in a processor. A configuration storage contains configuration parameters to configure a processor in one of a normal execution mode and an isolated execution mode. An access generator circuit generates an isolated access signal using at least one of the isolated area parameters and access information in the transaction. The isolated access signal is asserted when the processor is configured in the isolated execution mode. A bus cycle decoder generates an isolated bus cycle corresponding to a destination in the transaction using the asserted isolated access signal and the access information.

Abstract: The present invention comprises a novel system for managing changes to a graph of data bearing objects. In one embodiment, an object graph manager object referred to as an editing context is used to identify changes made to data bearing enterprise objects and to notify other interested objects when changes occur. As a result, data bearing objects need not themselves contain code necessary for monitoring changes. In another embodiment of the invention, the editing context is used to provide event-based “undo” capabilities. In another embodiment of the invention, each enterprise object has a primary key that is used to maintain the identification between an enterprise object instance and a corresponding database row. In another embodiment of the invention, multiple levels of editing contexts are used to provide multiple isolated object graphs, each of which allows independent manipulation of the underlying data bearing objects.

Abstract: A method and apparatus for visually indicating whether a hyper-link located in a web page is linked within the current page, other pages within the same site, pages external to the current site, links that open a new browser, links that alter the content of the browser, or lines that have slow connection rates. The visual indication is either indicated by the hyper-link itself and/or a corresponding visual indicator.

Abstract: Challenge-response and probative methods together or independent of each other enable detection of devices participating in denial of service (DOS) and distributed DOS (DDOS) attacks upon a network resource, and upon identification of devices participating in attacks, minimize the effect of the attack and/or minimize the ability of the device to continue its attack by placing the attacking devices in a state of reduced or denied service.

Abstract: A novel and useful virtual private network (VPN) mechanism and related security association processor for maintaining the necessary security related parameters to perform security functions such as encryption, decryption and authentication. A security association database (SAD) and related circuitry is adapted to provide the necessary parameters to implement the IPSec group of security specifications for encryption/decryption and authentication. Each security association (SA) entry in the database comprises all the parameters that are necessary to receive and transmit VPN packets according to the IPSec specification.

Abstract: A data scrambler is capable of scrambling N bits of data in parallel using a 2B?1 bit scrambling sequence. The scrambler may store scrambling values of an m-sequence in a table. The table may be formed into at least two overlapping swaths of N columns, wherein each swath may store the m-sequence and the m-sequence of one swath is shifted from the m-sequence of a second swath. The scrambler may read a current swath N bits at a time and then may scramble N bits of input data in parallel using the N bits of the swath. When the swath is finished, the scrambler may shift to another swath.

Abstract: An improved system and method for network management is presented which facilitates better administration with a more intuitive reflection of the organizational structure with integrated security concerns by introducing novel strategies for grouping users of a network. In particular, a new group, the Universal Group, is introduced to facilitate nested groups with members in more than one Domain. Members of a universal group may be allowed access to resources across Domain boundaries, where Domains reflect a security boundary in the Network. In addition, the nesting of groups, e.g., within Universal Groups, is enabled, subject to some restrictions, in order to reduce the overhead associated with discovering the groups to which a user belongs.

Abstract: Disclosed are an information processing apparatus and an information processing method which execute person authentication and allows various services such as receiving of contents to be received, provided that the authentication is successfully passed. In the information processing apparatus for executing, by a connection to an external server providing various services such as contents transmission, a process such as receiving of contents, person authentication is executed by comparing a template acquired from a person identification certificate storing a template which is person identification data of a user using the information processing apparatus with sampling information input by the user, and a connection to the external server is executed provided that the authentication is successfully passed.

Abstract: Authentication and key exchange functions, such as those conforming to the Digital Transmission Licensing Authority's (DTLA) Digital Transmission Content Protection (5C) Specification, are incorporated into a link-layer access device of a conventional processing system. Because of the suitability of IEEE 1394 for transferring audio/video information, these functions are preferably embodied in an IEEE 1394 compatible link-layer access device. The link-layer access device of this invention is configured to support, for example, the elliptic curve multiplication functions of a Diffie-Hellman key exchange process, as well as digital signature generation and digital signature verification. By incorporating the authentication and key exchange functions into a link-layer access device, the system architecture and devices that are commonly used in conventional processing systems can be used, thereby providing an incremental path toward increased protection of copyright material.

Abstract: Credentials may by issued to virtual tokens of a computing device based upon a credential issued to physical token of the computing device thus tying the virtual token credential to the physical token credential.

Abstract: The invention concerns a chip card receiving fields of compressed data encapsulated in frames including an indication of the expected length of decompressed data and a length of compressed data. The frames are received in a storage unit and the processor of the card decompresses each data field according to a decompression algorithm over a length based on the indication of the expected length and writes the decompressed data in another buffer storage unit. Several algorithms and optionally several decompression models are installed in the card storage unit, and a couple thereof is selected by the number read in the heading of each frame received.

Abstract: The present invention provides a method of managing employment data so as to provide access to the employment data via the Internet (18). The method including the steps of determining whether a web site (22, 24) contains employment data, formatting, parsing and storing the employment data and corresponding URL into a database, automatically searching the database (16) for matching employment data, and contacting the employer representative as to the matched employment data.

Abstract: A storage medium includes a storage device for storing information, information required for encryption and encrypted information, and an I/F device for inputting and outputting information, information required for coding and store encrypted information in a storage device or from an external apparatus other than the storage device, and an encoding device for coding of information and decoding of encoded information. When outputting information stored inside the storage device, information is encoded using encryption key information, and along with obtaining the encoded information and obtaining the encoded encryption key information by using another encryption key. Both the encoded information and encoded encryption key information are output so that decoding the information without the storage medium is impossible.

Abstract: A method and system for backup and restore of a context encryption key (CEK) for a trusted device within a secured processing system maintains security of virtualized trusted device contexts, providing for replacement of a trusted device in the field. The CEK is encrypted along with a system identifier by a random number to yield a first result. The first result is again encrypted with a manufacturer public key. The resulting blob is stored along with the random number. To restore, the system sends the blob and the device ID to a server. The server obtains the first result by decrypting with the manufacturer private key, re-encrypts with the device public key and sends the new result back. The system sends the new result to the device along with the associated random number. The device decrypts the new result using its private key and decrypts the CEK using the random number.

Abstract: Systems and methods to enhance safety of computer file distribution. The system includes a computer network, a server computer connected to said computer network one or more electronic records stored in the server computer wherein each record includes information about a particular file and is indexed by a hash value computed from the particular file and at least one user terminal connected to the computer network. The user terminal is operable to verify the authenticity of a particular file including computing the hash value of the particular file and retrieving from the server computer the electronic record that contains information about the particular file including submitting the computed hash to the server computer.

Abstract: An encryption/decryption method and system. The method comprises the steps of encrypting a plaintext message by dividing the plaintext message into a multitude of plaintext blocks and encrypting the plaintext blocks to form a multitude of cyphertext blocks. A single pass technique is used in the method to embed a message integrity check in the cyphertext blocks. The method further comprises the steps of decrypting the cyphertext blocks to re-form the plaintext blocks, and testing the message integrity check in the cyphertext blocks to test the integrity of the re-formed plaintext blocks.