Abstract: A method and apparatus for enhancing the security of password security systems. The authorization decision related to passwords is based not only on entry of the correct characters in the correct sequence but also on the keystroke sequence timing associated with the typing habits of an authorized user. The keystroke sequence timing provides an additional security measure to each password similar to signature or fingerprint systems. Particularly, each person has a unique typing style and this uniqueness is captured in the present invention as keystroke sequence timing and used as an additional recognition means.

Abstract: A Method and system are disclosed for accessing personal Web site or executing electronic commerce with security in a smart Java card. A personal Web site which includes personal or private information is stored in a personal smart Java card. Before a user can access the Web site stored in the smart Java card, the user is validated by any one of or in combination of PIN, facial images, hand images, eye image, voice characteristics, and finger prints. In addition, an encryption engine embedded in the smart Java card decodes and compares the entered PIN combined with a secure key or security certificate to verify the identity of the user. Before the bank account can be accessed freely by the user, the bank's computer system checks the combined secure data to ensure the authenticity of the card and the user's identity with multiple check points using Internet security protocols via Web browsers.

Abstract: When information about an encrypting/decrypting method is received, it is complied with a library. A mapping data object that represents the structure of the circuit is generated. The mapping data object is written to a programmable logic device/unit. When the programmable logic device/unit is used for an encrypting/decrypting circuit, an encrypting/decrypting system that can flexibly change an algorithm at high speed can be accomplished.

Abstract: The invention relates to a method and arrangement for ciphering an information transfer connection. The invention can be advantageously applied in a TDMA (Time Division Multiple Access) cellular system offering broadband circuit switched services. An essential idea of the invention is that the information to be ciphered in a transmission burst is divided into at least two blocks (730) and said blocks are ciphered in ways that are not identical with each other (750 to 770). Then the reliability of ciphering is better because the amount of information encoded using one and the same ciphering algorithm and key is smaller. In addition, the reliability of the ciphering can be varied by changing the number and/or size of the information blocks in a burst.

Abstract: A method and system are disclosed for adjusting the resolution or performance of digital media in a reversible manner. A mask component having a length of a predetermined number of bits is extracted from a high-resolution ordinal component of digital data having an initial state. Another non-ordered, randomly generated second component having the same predetermined number of bits is received. A logic operation using the mask component and the second, non-ordered component is performed thereby deriving a third component also having the same predetermined number of bits. The high-resolution ordinal component of digital data is altered using the derived third component, thereby adjusting the initial state of the high-resolution ordinal component to a secondary state that can be reverted to its initial state by virtue of the logic operation being reversible given the correct, corresponding operands.

Abstract: Techniques for protecting the security of digital representations, and of analog forms made from them are presented. The techniques include authentication techniques that can authenticate both a digital representation and an analog form produced from the digital representation, an active watermark that contains program code that may be executed when the watermark is read, and a watermark agent that reads watermarks and sends messages with information concerning the digital representations that contain the watermarks. The authentication techniques use semantic information to produce authentication information. Both the semantic information and the authentication information survive when an analog form is produced from the digital representation. In one embodiment, the semantic information is alphanumeric characters and the authentication information is either contained in a watermark embedded in the digital representation or expressed as a bar code.

Abstract: A system for restricting access to transmitted programming content is disclosed, which transmits a program identifier with the encrypted programming content. A set-top terminal or similar mechanism restricts access to the transmitted multimedia information using stored decryption keys. The set-top terminal receives entitlement information periodically from the head-end, corresponding to one or more packages of programs that the customer is entitled to for a given period. Each program is encrypted by the head-end server prior to transmission, using a program key, Kp, which may be unique to the program. The set-top terminal uses the received program identifier, p, together with the stored entitlement information, to derive the decryption key necessary to decrypt the program. Each of the k-bit program keys, Kp, used to encrypt transmitted programs is obtained by applying one or more pseudo-random hash functions, H, such as a length-doubling hash function, H, to a master key, m.

Abstract: A method for generating a signed manifest includes referencing an object. A metadata name is recorded. A digest algorithm is recorded. An integrity value that belongs to the object that corresponds to the metadata subject name is digested with the digest algorithm.

Abstract: An information processing apparatus and an information processing method are capable of preventing information from being copied illegally. To put it in detail, a hash function and a service key are stored in advance in an EEPROM of a DVD player serving as a source. In an EEPROM of a personal computer (PC) serving as a sink, on the other hand, its ID and a license key are stored beforehand. The DVD player requests the PC to transmit the ID. The DVD player then applies the hash function to data resulting from concatenation of the ID with the service key to generate a license key (=hash (ID ∥ service-key)). Subsequently, the DVD player generates a source side common session key and encrypts the session key by using the generated license key. Then, the DVD player transmits the encrypted source side common session key to the PC.

Abstract: A method and apparatus is described for transforming a key variable used for scrambling mobile data traffic between a terminal and a network in alternate ways based on a value transmitted to the terminal from the network. Transformation is accomplished by passing portions of the key variable through a series of S-boxes, which provide a mapping between inputs and outputs. The method and apparatus is explained also in the context of a satellite communications system, in which a terminal can be located in a different continent/country from the terminal's home location. Enciphered communication is enabled between the foreign satellite gateway and the roaming terminal after the foreign gateway communicates with the terminal's native gateway. The native gateway transmits one or more cipher variables in the communication. Moreover, the value determining which way to cipher the data traffic can be based on numerous factors, including aspects of the satellite communication system.

Abstract: An optical disc (1) has a plurality of sectors each including a header area and a recording area, in which a position where a predetermined amount of data is recorded provides an ID information (medium ID peculiar to the optical disc). The ID information in the optical disc (1) is used by a first encryption circuit (12) to encrypt a disc key to encrypt AV data as a whole, the encrypted disc key is used by a second encryption circuit (13) to encrypt a sector key to encrypt the AV data for each program, and the encrypted sector key is used by a third encryption circuit (14) to encrypt the AV data for each program. The AV data subjected to at least the first to third encryptions is recorded into the recording area of the optical disc (1).

Abstract: One embodiment of the present invention is a method for receiving a secured transmission of information in an ADSL environment using a DMT modulation technique. The order of the frequency orthogonal subchannels used in the DMT technique is scrambled according to a permutation cipher. The key for this scrambling operation is scrambled with the subscriber's public key, and is encoded according to a CDMA technique for transmission through the ADSL channel approximately concurrently with the information. The encoded key and the DMT data subblocks are recovered from the secured transmission. The encoded key is decoded according to the CDMA technique to generate the decoded key. The decoded key is used to assign an order to the subblocks of data.

Abstract: A method and system for maintaining computer network security allows for changeable encryption keys used by each individual work station to be looked up by a server. The server will have numerous logical interfaces corresponding to the active encryption keys, and information is routed through the appropriate interface depending upon which work station is communicating with the server. Each encryption key is encrypted into a transport key for transmission as part of each information packet.

Abstract: A method for combining transfer functions with predetermined key creation. In one embodiment, digital information, including a digital sample and format information, is protected by identifying and encoding a portion of the format information. Encoded digital information, including the digital sample and the encoded format information, is generated to protect the original digital information. In another embodiment, a digital signal, including digital samples in a file format having an inherent granularity, is protected by creating a predetermined key. The predetermined key is comprised of a transfer function-based mask set to manipulate data at the inherent granularity of the file format of the underlying digitized samples.

Abstract: Fragile watermarking for objects is disclosed. In one embodiment of the invention, a system includes an encoder and a decoder. The encoder encodes a watermark into a object, such as a three-dimensional object, in a fragile manner, utilizing a key. The decoder decodes the watermark from the object in which the watermark is encoded in a pubic manner, also utilizing a key. Visualization techniques for detecting alterations using fragile watermarking are also disclosed.

Abstract: A secure environment for entering and storing information necessary to conduct encryption processes. In a computer system according to the invention, session keys, passwords, and encryption algorithms are maintained in a secure memory space such as System Management Mode (SMM) memory. In one disclosed embodiment of the invention, a user password is entered via a secure keyboard channel. The password is maintained in a secure memory space that is not accessible during normal computer operation. In addition to the user password, optional node identification information is stored in secure memory. The node identification information is appended to the user password, and both are subsequently encrypted by an encryption algorithm and encryption keys that are also stored in secure memory. Following the encryption process, the encrypted password and node identification information are communicated directly from secure memory to network interface circuitry for communication over a network.

Abstract: Two network entities allocate the performance of encryption and compression algorithms amongst each other in a controlled and coordinated manner so as to avoid unnecessary duplication of encryption and compression at different protocol layers and an associated waste of CPU power. For example, a first network entity performs both encryption and compression at the IP layer, and instructs the second network entity to disable PPP-layer encryption and compression. In a wireless networking example of the invention, the first network entity is a home agent (e.g., a router) for a wireless communications device and the second network entity is a foreign agent (e.g., a network access server) providing network access for the communications device. The foreign agent terminates a Point-to-Point Protocol (PPP) session with the communications device, but implements (or does not implement) PPP-layer compression and encryption algorithms under the supervision and control of the home agent.

Abstract: A computer implemented process for data encryption or data decryption using a computer is disclosed.

Abstract: A method and apparatus for protecting computer software from unauthorized execution or duplication using a hardware key is disclosed. The apparatus comprises a means for communicating with the computer to receive command messages from the computer in the hardware key and to provide response messages to the computer, a memory for storing data for translating command messages into response messages enabling software execution, and a processor coupled to the interface port for translating command messages into response messages using the data stored in the memory. The processor further comprises a memory manager, for logically segmenting the memory storing the data into at least one protected segment, and for controlling access to the protected segment.

Abstract: A method and apparatus of encrypting optical images using binarization or phase only information is presented with a number of ways to secure the image also being provided. An image to be encrypted is first multiplied by a random phase function. The Fourier transform of the product of the image and the random phase function is then multiplied by another random phase function in the Fourier (or Fresnel) domain. Taking the inverse Fourier (or Fresnel) transform, an encrypted image in the output plane is obtained. Alternatively, the image to be encrypted can be phase encoded and then encrypted to provide an extra level or security. The image can be secured using one key in the Fourier or Fresnel domain followed by phase extraction. This encrypted image may then binarized, which may include binarizing the phase-only part of the encrypted image. The use of binarization enables ease of implementation and data compression while still providing recovery of images having good quality.