Abstract: An image control apparatus in an image display system applies scrambling only to image data which requires content protection and notifies to a display apparatus which pixel or pixels are scrambled. Alternatively, when a plurality of windows are displayed at the same time, the image control apparatus scrambles each window individually using a different key, and notifies to the display apparatus which scramble is applied to each pixel.

Abstract: In a computer telecommunications network, firewalls protect a machine or network from undesired message transmissions. In the case of a firewall employed on a user side of the wireless link, a message rejected by the firewall has already consumed the wireless resources required to transmit. A system for protecting a mobile wireless user via a firewall employed at the wired line, or ISP side, of the wireless link in a wireless network allows a specific user profile to be provided for each user that is indicative of a desired firewall configuration corresponding to the mobile user.

Abstract: In one embodiment, the present invention provides for extended memory protection for memory of a system. The embodiment includes a method for associating a protection indicator of a protection record maintained outside of an application's data space with a memory location, and preventing access to the memory location based on the status of the protection indicator. In such manner, more secure operation is provided, as malicious code or other malware is prevented from accessing protected memory locations. Other embodiments are described and claimed.

Abstract: In a microprocessor, a program key for decrypting a program and a data key for encrypting/decrypting data processed by the program are handled as cryptographically inseparable pair inside the microprocessor, so that it becomes possible for the microprocessor to protect processes that actually execute the program, without an intervention of the operating system, and it becomes possible to conceal secret information of the program not only from the other user program but also from the operating system.

Abstract: This invention relates to an advertisement machine which provides advertisements to a user searching for desired information within a data network. The machine receives from a user, a search request including a search argument corresponding to the desired information and searches, based upon the received search argument a first database having data network related information to generate search results. It also correlating the received search argument to a particular advertisement in a second database having advertisement related information. The search results together with the particular advertisement are provided by the machine to the user.

Abstract: A multiple entity gateway for supporting cellular authentication from a non-cellular network, the gateway comprising a plurality of entities each located at a different one of a plurality of secure zones and having at least one gap between said entities across said secure zones, said gateway being configured to predefine communication signals allowed across said gap between said entities, thereby to filter out non-allowed signals, and provide secure cellular authentication for a communication originating from said non-cellular network. The gateway allows cellular users to connect to a cellular network via a wireless local area network such as a hotspot, use the services of the cellular network, the Internet and the hotspot at will, and be securely authenticated and charged through the cellular infrastructure.

Abstract: Tampering with pieces of software is inhibited. Installation setup protection inhibits tampering during the installation of various pieces of software. Profiles are stored in a central hierarchical database and such profiles are protected from tampering. The obfuscation of a software image so as to becloud the comprehension of hackers in reverse engineering pieces of software comprising the software image is provided.

Abstract: In one aspect, the present invention is directed to a method for detecting spyware activity, the method comprises the steps of: monitoring outgoing communication data sent from a user's computer; searching for predefined keywords within the communication data; indicating spyware activity in the user's computer by presence of at least one of the predefined keywords within the communication data, the keywords are selected from a group comprising: a signature of the spyware, personal information of the user, an addressee to where the communication data is sent. The method may further comprise: upon detecting a spyware activity in the user's computer, blocking communication from the computer. The method may further comprise removing the spyware. The blocking can be carried out at the user's computer, at the gateway to which the user's computer is connected, etc.

Abstract: A method for distributed management of phrase-based security policy, the security policy applied with respect to a digital medium, the method comprising: storing at least one phrase together with accompanying security policy; assigning an owner to at least one of the stored phrases; scanning and analyzing the digital medium in order to locate and identify the at least one stored phrase; upon locating the at least one phrase within a digital item in the digital medium: applying the security policy with respect to the digital item, and notifying the owner.

Abstract: An authentication code for a diagnostic code is generated. In one aspect, the authentication code includes a timestamp indicating when the diagnostic generating the diagnostic code was run. In a further aspect, the authentication code includes a serial number for a computer system running the diagnostic. In a still further aspect, the authentication code includes a serial number for a component being diagnosed. The authentication code may be generated on the system being diagnosed, or it may be obtained from a server communicably coupled to the system being diagnosed. Additionally, the diagnostic code may be obtained from a file residing on the computer system begin diagnosed, or on a server.

Abstract: Tampering with pieces of software is inhibited. Hardware protection prevents hackers from forcing various pieces of software from running on unauthorized pieces of hardware. The obfuscation of a software image so as to becloud the comprehension of hackers in reverse engineering pieces of software comprising the software image is provided. Image verification ensures the originality of the pieces of software to be installed.

Abstract: A system for external monitoring of networked digital file sharing to track predetermined data content, the system comprising: at least one surveillance element for deployment over said network, said surveillance elements comprising: surveillance functionality for searching said digital file sharing and identification functionality associated with said search functionality for identification of said predetermined data content, therewith to determine whether a given file sharing system is distributing said predetermined data content.

Abstract: Methods and apparatus for performing content inspection using multi-pattern packet content inspection mechanisms employing tagged values. Pattern data structures are employed to facilitate multi-pattern searches via corresponding string-search algorithm machines. The pattern data structures include tagged values defining search offsets and depths for corresponding search patterns. Incoming packets are classified to flows, and stored in corresponding flow queues. Flow table entries are used to identify the pattern data structure for a given flow. During content inspection, the algorithm machine employs the tagged values to effectively skip portions of a data stream up to the offset for each search pattern and to cease searching for a pattern upon reaching the depth for the pattern.

Abstract: Stream cipher encryption and message authentication. Stream cipher encryption is performed by generating a keystream at the transmitting end from a state value, applying the keystream to plaintext to generate an encrypted message block having at least a portion of the plaintext converted to ciphertext, and updating the state value as a function of said at least a portion of the plaintext. Stream cipher decryption is performed by generating a keystream at the receiving end from the same state value, applying the keystream to the encrypted message block to convert the ciphertext to plaintext, and updating the state value as a function of the plaintext. Message authentication techniques are also described.

Abstract: A method for using a policy for software distribution to computer systems on a computer network is disclosed. A first policy for software distribution is created. Software is provided on a first computer system to be distributed to a second computer system. The first policy to be used in distributing the software is identified. The software to be distributed is identified. The software to computer systems or groups is distributed.

Abstract: A data communicating method is disclosed for use with a user terminal, the method preventing both members of a given group including the terminal and nonmembers from intercepting, tampering with or falsifying data communicated between the members without recourse to a plurality of encryption keys. In a first step, validity verification data is generated by the terminal. In a second step, the validity verification data and an attestation identity public key certificate are sent from the terminal to a group management device. In a third step, the group management device determines whether the terminal is valid. If the terminal is found valid, then a group name, a member ID and a group-shared key are supplied to the terminal in a fourth step, and a member ID list is further supplied in a fifth step. Thereafter the terminal is allowed to communicate with other members of the same group. The disclosed method can be applied advantageously to video game machines for network-based games.

Abstract: Techniques for generating an access control list to block traffic from a network device infected by malware.

Abstract: Systems and methods for verifying the authenticity of a graphics chip or other hardware chips or hardware devices by performing a hardware functionality scan.

Abstract: Systems and methods generate an account recovery key for a protected system. The account recovery key may comprise a plurality of words that may be supplied to regain access to an account on a protected system if the account has been lost due to the actions of a malicious user or if the password to the account has been forgotten by the user.

Abstract: A method and system for authorizing communications sent from a sender to a recipient. The authorization system receives a communication sent from a sender to a recipient. The authorization system determines whether that sender is authorized to send communications to that recipient. If the authorization system determines that the sender is not authorized, then the authorization system sends an authorization communication to the sender. The authorization communication requests authorization information from the sender. When the authorization system receives the authorization information, it determines whether the information is correct. If correct, then the authorization system indicates that the sender is authorized and forwards the communication to the recipient. When a subsequent communication sent from the sender to the recipient is received, the authorization system may automatically determine that the sender is authorized and forward the communication to the recipient without re-contacting the sender.