Abstract: A system for increasing realized secure sockets layer (“SSL”) encryption and decryption connections is disclosed. The system combines monitoring of server load with adjustment of static SSL parameters to optimize a system of devices. The system monitors parameters of the servers that affect the ability of the servers to process SSL connections. An “SSL capacity” value for each server is calculated which represents the capability of that server to process SSL connections. This value is used to calculate an SSL threshold for that server, which is then applied to the SSL device to determine how many SSL connections the SSL device should process for that server. Since the connection threshold for an SSL device is a function of the device's load and each server's SSL capacity, and these values are dynamic, the connection threshold values are recalculated periodically to ensure increased SSL performance without impact to client response.

Abstract: A method for authenticating animation, the method comprises the steps of capturing an image; converting the captured image into a wire mesh data for permitting animation of the image; providing movement data, which directs movement of the wire mesh data, and texture data indicating the covering for the wire mesh; electronically transmitting the wire mesh data, texture data and movement data; encrypting the movement data; and electronically transmitting the encryption the movement data for verifying that the animation is unaltered during transmission from its source.

Abstract: A method for the encryption and decryption of digital images based on cyclotomic polynomials and radiometric expressions comprising the steps of generating an encrypting transform, partitioning the digital images into data blocks, along with encrypting, transmitting, and decrypting the data blocks. Three common radiometric expressions are fundamental metamers, black metamers, and radiometric functions. In one embodiment, the mathematical equation that represents the encrypting transform is a cyclotomic polynomial. In another embodiment, a cyclotomic polynomial is used to calculate the coefficients of the mathematical equation that represents the encrypting transform. In other embodiments, the encrypting transform is generated with a radiometric expression, and the encrypted data blocks are calculated with a radiometric expression.

Abstract: The present invention provides secure communication from one encryption domain to another using a trusted module. In one embodiment, the invention includes receiving a first key for decryption of encrypted content over a secure authenticated channel, receiving a second key for re-encrypting the encrypted content over a secure authenticated channel. The invention further includes receiving the encrypted content, decrypting and re-encrypting the encrypted content using the first key and the second key, and conveying the re-encrypted content to a sink.

Abstract: A method for communicating passwords includes receiving at a server a challenge from a authentication server via a first secure communications channel, the challenge comprising a random password that is inactive, communicating the challenge from the server to a client computer via a second secure communications channel, receiving at the server a challenge response from the client computer via the second secure communications channel, the challenge response comprising a digital certificate and a digital signature, the digital certificate including a public key in an encrypted form, the digital signature being determined in response to the random password and the private key, and communicating the challenge response from the server to the authentication server via the first secure communications channel, wherein the random password is activated when the authentication server verifies the challenge response.

Abstract: One embodiment of the present invention provides a system that facilitates a key exchange that operates with a pre-shared secret key and that hides identities of parties involved in the key exchange. The method operates by establishing a negotiated secret key between a first party and a second party by performing communications between the first party and the second party across a network in a manner that does not allow an eavesdropper to determine the negotiated secret key. Next, the system encrypts an identifier for the first party using the negotiated secret key and a group secret key to form an encrypted identifier. This group secret key is known to members of a group, including the first party and the second party, but is kept secret from parties outside of the group. Next, the system sends the encrypted identifier from the first party across the network to the second party.

Abstract: A computing system and encryption/decryption method realizes assurance of security and improvement of throughput in a remote system. For this purpose, encrypted data is written to a storage system, it is determined whether data in the storage system is ciphertext or plaintext, and encrypted data is read, decrypted and re-written in storage asyncronously with writing encrypted data to storage.

Abstract: Clients that are connected on a private network and which are assigned a private IP address that is not routable on the Internet can connect to the Internet through a router/server that includes a network address translator (NAT). For outgoing packets, the NAT translates the client's private source IP address and generalized port number (GPN) to the NAT's global IP address and GPN. For incoming packets sent to the NAT's global IP address and GPN, the NAT translates the global destination IP address and GPN to the client's private IP address and GPN. For protocols which cannot be directly supported by the NAT, such as those in the IPSec security protocol suite, the NAT is extended by creating in the NAT's translation table an entry that associates, for a specific unsupported protocol, a client's private IP address and GPN, the NAT's global IP address and GPN, and a foreign address on the Internet, that is valid until a specified or default expiration time.

Abstract: An apparatus and method are utilized for transmitting data across an interface between a sender and a receiver. The sender and receiver can be provided with a shared key, a receiver—key and a sender—key. A payload message can be combined with the keys to generate a unique message for transmission across the interface. The payload message can be authenticated utilizing the same input and the same algorithm on the receiving end of the transmission. The resulting confirmatory payload message can be utilized with the authenticating payload message to authenticate the payload message.

Abstract: An electronic authentication method for identifying a user who is going to use a recording medium into which the information for making use of any kind of computerized service has been stored, comprising a step to carry out authentication by comparing the authentication information input by the user who is going to use the recording medium into which the information for making use of any kind of computerized service has been stored with the authentication information recorded on the recording medium and a step to carry out authentication by comparing the authentication information input by the user or the authentication information recorded on the recording medium with the registered authentication information existing in the hub of the networking to provide the service.

Abstract: A cryptographic process permits one to verifiably shuffle a series of input data elements. One or more authorities or individuals “shuffle,” or “anonymize” the input data (e.g. public keys in discrete log form or ElGamal encrypted ballot data). The process includes a validity construction that prevents any one or more of the authorities or individuals from making any changes to the original data without being discovered by anyone auditing a resulting proof transcript. The shuffling may be performed at various times. In the election example, the shuffling may be performed, e.g., after ballots are collected or during the registration, or ballot request phase of the election, thereby anonymizing the identities of the voters.

Abstract: Methods, systems and computer program products are provided which provide for controlling access to digital data in a file by encrypting the data with a first key, encrypting the first key with a second personal key generated from a password/passphrase associated with the file and further encrypting the encrypted first key with a control key which is managed by the system. In certain embodiments, user authentication may also be provided by issuing a ticket which is utilized to create, access and administer the files in the system.

Abstract: A communications system and method for transmitting authorization messages to mobile platforms is provided. The communications system authorizes the mobile platform to continue transmitting data with a single signal rather than multiple signals. Specifically, the authorization signal comprises a unique address for a path of forward link equipment that transmits data to the mobile platform. The unique address informs the mobile platform which equipment is currently being used for data transmission, and the mobile platform then relays this information back to a ground station. The authorization signal further comprises a return link assignment that informs the mobile platform which transponder is to be used for data transmission back to the ground station. Accordingly, a single signal is used to transmit the required data to the mobile platforms.

Abstract: A distributed storage system for storing at least one credential (46), provided by an issuing authority and relating to an identity (42, 44), is described. The system comprises: a plurality of unique identities (42, 44) each having a local store (40). Each local store (40) securely stores credentials (46) relating to the owner of the identity (42, 44). The system also comprises one or more security certificates (66) provided at each identity (42, 44) for ensuring the authenticity of the credentials (46). The security certificates (66) provide secure references to the issuers of the credentials (46) and this can be used in verifying the origin of each credential (46). The identity can be provided a website or a mobile phone for example.

Abstract: Content level filtering or masking of digital content that is broadcast, multicast, or otherwise distributed to receivers in a communications system. Instead of controlling the content only at the location of the broadcaster or at the receiver, the present invention provides the capability to control access to the content, and manipulate the content itself via a masking operation, at any point in the content distribution hierarchy or transmission chain. The present invention provides enhanced customer choice to different versions of the content and content creator control over content deemed to be too objectionable or too sensitive to be transmitted without partial concealment or obfuscation. A mask may be specified to change the content distributed further down the distribution hierarchy.

Abstract: The invention relates to an arrangement and a method for reliably identifying a user in a computer system. The method utilizes a mobile station for communicating with the system. The method comprises generating a first one-time password in the mobile station by utilizing a known algorithm on the basis of the identification number of the user, subscriber-specific identifier, device-specific identifier of the mobile station, and time.

Abstract: Methods and apparatus are provided for transcoding a data message, comprising a plurality of data fields (f1-f10) and an authentication code (Sgn(h1-10)), to produce a transcoded message for transmission to a destination device (4). The transcoding methods can be applied to such a data message which is received from a source device (1) wherein said data fields (f1-f10) have been coded in accordance with a first coding system, whereby respective data field codes (h1-h10) are generated for said data fields (f1-f10) and a message code (h1-10) is derived from said data field codes (h1-h10), and wherein said message code (h1-10) has been coded in accordance with a second coding system to generate said authentication code (Sgn(h1-10)). For each data field (f1-f10) of the received data message it is decided whether to maintain, modify or omit that field. For a field to be maintained, that field is maintained in the transcoded message.

Abstract: In the method for expanding an address for an Internet protocol in an Internet edge router and the record medium capable of being read through a computer having a record of a program to realize the inventive method, an address expanding system of IPv4 used by incorporating public network connection information in an IPv4 address is utilized, thereby, all services of the existing IPv4 can be accepted and an enlargement to a new service can be valid.

Abstract: A system and method for detecting network intrusions using a protocol stack multiplexor is described. A network protocol stack includes a plurality of hierarchically structured protocol layers. Each such protocol layer includes a read queue and a write queue for staging transitory data packets and a set of procedures for processing the transitory data packets in accordance with the associated protocol. A protocol stack multiplexor is interfaced directly to at least one such protocol layer through a set of redirected pointers to the processing procedures of the interfaced protocol layer. A data packet collector references at least one of the read queue and the write queue for the associated protocol layer. A data packet exchanger communicates a memory reference to each transitory data packet from the referenced at least one of the read queue and the write queue for the associated protocol layer. An analysis module receives the communicated memory reference and performs intrusion detection based thereon.