Abstract: A single point of control is provided for all IPSec tunnels and also for VPN connections at a node within a virtual private network. The control of the connections include the ability to start and stop manual and dynamic VPN connections, to delete connections that might have had errors associated with them, to query VPN connection status information on these connections, to manage such things as connection lifetimes, and the refresh of keying material, that is the re-negotiation of dynamic Security Associations (SAs), and to create VPN connections when this system is acting in a responder role, that is the opposite endpoint of an initiated connection.

Abstract: When encoding software, two or more encoding algorithms are employed. Conversely, for software decoding processing, decoding algorithms are prepared that correspond to these two or more encoding algorithms. Then, in software encoding processing, encoded algorithm combination identification information is transferred to the software decoding processing along with the encoded software. During software decoding processing, opposite algorithms possessed by the decoding means are selected based on the previously mentioned algorithm combination identification information, and the previously mentioned encoded software is decoded.

Abstract: A method and system for managing electronic distribution of digital movies to commercial exhibitors at warp speed is made ultra secure by utilizing synchronized and concurrent digitally bifurcated data transmissions via both satellite up-links/downlinks and compressed digital data sent and retrieved from secure restrictive sites on the world wide web. All transmitted data received is interlocking and co-dependent upon each other for functional deciphered translation thereby considerably reducing the odds of piracy over present methods.

Abstract: A relation between the data process contents in an IC card chip and the consumption current of the IC card chip is reduced. Prior to executing an input data process of the IC card chip, the input data is transformed to thereby reduce the relation between the process data and the consumption current of the IC card chip. After the transforming process, the transformed data is untransformed to obtain a correct process result.

Abstract: An apparatus for simulating keypad entry of an access code into a security system controller. The apparatus comprises at least one electronic key encoded with a electronic key identifier, at least one electronic key reader adapted to electronically interface with the electronic key to electronically transfer data signals therebetween, a security system controller having memory for storing at least one security code therein and operably connected to a keypad for entering access codes thereon, and simulator circuitry electrically connected to the electronic key reader and operably electrically connected to the security system controller, whereby upon presentation of the electronic key to the electronic key reader, the simulator circuitry interrogates the electronic key then translates the electronic key identifier into an access code.

Abstract: A method for controlling and tracking access to disseminated information involves encrypting data using a key that is maintained in a key repository. A user requests a message ID and key from the key repository. The key repository issues a message ID and key to the user. The user generates an encrypted message using the key. The encrypted message is then distributed with the message ID to one or more recipients. To read the encrypted message, a particular recipient obtains the key for the message from the key repository by providing the message ID to the key repository. The particular recipient then decrypts the message using the key provided by the key repository. Messages are deleted, in the sense of becoming unusable, by deleting the corresponding key from the key repository. A log is provided to track key repository activity including the issuance of keys and key requests from message recipients.

Abstract: A method of identifying previous drives that have accessed a data storage medium. Preferably, compatible drives have an electronically readable identifier, that includes, for example, a unique manufacturer code, drive model number, and drive serial number. Alternatively, a drive identification may be generated by a host computer software device driver. A portion of the medium is dedicated to an Access Audit Table that lists the drive identifiers for the drives that have recently accessed the medium. In addition, a portion of the medium may be dedicated to a Unique Drive Table, which stores the drive identifiers of the most recent distinct drives that have accessed the medium. Any time a writable medium is accessed, the drive must automatically write the drive identifier to the Access Audit Table and, if appropriate, to the Unique Drive Table. Compatible drives must also reject any external commands to write to the Access Audit Table or to the Unique Drive Table.

Abstract: A computerized method is provided for certifying a digital object. The digital object is uniquely identified with an identification. The identification is registered with a certification authority using a first public/private key exchange to receive a certificate of the digital object. Authenticity of the object is addressed by means of certification of the supplier's identity, in conjunction with integrity validation of the object. The digital object is tested to receive a compliance label using a second public/private key information exchange. The digital object is then distributed along with the certificate, and the label using a third public/private key information exchange. Ongoing confidence in object compliance is sustained by re-affirmation and/or notification mechanisms.

Abstract: A rule based biometric user authentication method and system in a computer network environment is provided. Multiple authentication rules can exist in the computer network. For example, there may be a default system-wide rule, and a rule associated with a particular user trying to log in. There may be other rules such as one associated with a remote computer from which the user is logging in, one associated with a group to which the user belongs, or one associated with a system resource to which the user requires access such as an application program or a database of confidential information. An order of precedence among the rules is then established which is used to authenticate the user.

Abstract: A relation between the data process contents in an IC card chip and the consumption current of the IC card chip is reduced. Prior to executing an input data process of the IC card chip, the input data is transformed to thereby reduce the relation between the process data and the consumption current of the IC card chip. After the transforming process, the transformed data is untransformed to obtain a correct process result.

Abstract: As part of a security infrastructure based on public-key cryptography, a first digital certificate (200) is issued by a first certification authority (104) to a first subscriber (102) and binds the first subscriber (102) to a first public key (210). The first public key (210) corresponds to a first private key held by the first subscriber (102), and the first public key and the first private key form a key pair for use in public-key cryptography. The first digital certificate (200) is digitally signed by the first certification authority (104) and includes subscriber information (206) pertaining to the first subscriber (102) and related certificate information (216) at least partially identifying a second digital certificate (200). The second digital certificate (200) is issued by a second certification authority (104) to a second subscriber (102) and is digitally signed by the second certification authority (104).

Abstract: In a method for checking the authenticity of a data medium, in particular a smart card, the encrypted form of a physical feature of the data medium is stored in the data medium. The encrypted form of the feature is transmitted to a terminal, which also measures the physical feature itself. The physical feature is encrypted using a secret key, and is decrypted in the terminal using a public key. Authenticity is confirmed if a comparison of the decrypted feature and the measured feature match. Since the secret key is not contained in either the data medium or the terminal, a high level of security is provided.

Abstract: A user authentication method and system which maintains reliable security using a low cost storage medium in place of cryptocards, wherein the system comprises control equipment and an operating section connected to the control equipment, and wherein the method comprises the steps of the operating section reading a storage medium that stores specific parameters, creating a user authenticaly code using a specific function from the specific parameters and other parameters provided by the control equipment, and supplying the created user authentication code to the control equipment, wherein the user authentication code sent from the operating section is compared with another code computed using a specific function generated by the control equipment, and when both codes are found to coincide, the control equipment causes information to be interchanged between the control equipment and the operating section. Advantageously, the invention method provides reliable security combined with low cost.

Abstract: An apparatus, system, and method to provide an initial and an on-going authentication mechanism with which two executable entities may unilaterally or bilaterally authenticate the identity, origin, and integrity of each other. In one instance, the authentication mechanisms are implemented within a dynamically loaded, modular, cryptographic system. The initial authentication mechanism may include digitally signed challenge and possibly encrypted response constructs that are alternately passed between the authenticating and authenticated executable entities. A chain of certificates signed and verified with the use of asymmetric key pairs may also be part of the initial authentication mechanism. Representative asymmetric key pairs include a run-time key pair, a per-instance key pair, and a certifying authority master key pair. The on-going authentication mechanism may include a nonce variable having a state associated therewith.

Abstract: In a system such as a computer system, and in a power controlling method for the system, power applied to the overall system is controlled according to correctness or incorrectness of a password in starting up the system. The password is received from a user. Power is applied to the overall system only when the input password is identical to a preset password, and the power is shut off if not. If the password is correct, the applied power is automatically shut off, thereby prohibiting unauthorized use of the system. In starting up the system, only the minimum power necessary for inputting the password and controlling the power is applied to the system, thereby advantageously preventing unnecessary power consumption.

Abstract: The present invention is a device for and method of accessing an information network by initializing a database, an ATM approved list, an IP approved list, and an IP disapproved list; receiving a datagram; discarding the datagram if it is not on the ATM approved list; determining the datagram's type; allowing access to the network and comparing the connection request, if any, to the database if the datagram is ATM signaling; discarding the datagram if the datagram is ATM signaling and the database denies the request; adding the request to the ATM approved list if the datagram is ATM signaling and the database allows the request; allowing access to the network if the datagram is ATM data that excludes IP data and the request is on the ATM approved list; computing a flow tag if the datagram is ATM data that includes IP data; discarding the datagram if the flow tag is on the IP disapproved list; allowing access to the network if the flow tag is on the IP approved list; comparing the flow tag to the database

Abstract: In a security card check type computer security method, it is determined whether a predetermined check condition for checking a right of a security card to use a computer, which stores at least security information enabling the identification of the right of use of computer, is satisfied and a combination key requiring checking is generated. When the combination key is received, check result data with respect to the security card is waited for. The security information of the security card is checked to obtain the check result data. The right of use of computer is controlled depending on the check result data.

Abstract: An escrowed key distribution system for over-the-air service provisioning of cellular telephones and other wireless communication devices provides a secure and efficient authentication key distribution method for wireless communications networks. To ensure security, an authentication key used to activate the wireless device is never transmitted over the air. In addition, mutual authentication is performed between the wireless communication device and the service provider using an embedded private-key algorithm to ensure proper authentication key transfer.

Abstract: A data processing system and method including a docking station and a portable computer capable of being coupled to the docking station are disclosed for securing the docking station, the portable computer, and for securing the attachment of the docking station to the portable computer. The portable computer is coupled to the docking station. A disconnection password is established. When the portable computer is disconnected from the docking station, a user is prompted for the disconnection password. The portable computer is disabled in response to a failure to correctly enter the disconnection password, wherein the portable computer is inoperable without a correct entry of the disconnection password. When a portable computer is connected to the docking station, a correct entry of a connection password is required. In response to a failure to correctly enter the connection password, access to the docking station is prohibited.

Abstract: A double firewalled system is disclosed for protecting remote enterprise servers that provide communication services to telecommunication network customers from unauthorized third parties. A first router directs all connection requests to one or more secure web servers, which may utilize a load balancer to efficiently distribute the session connection load among a high number of authorized client users. On the network side of the web servers, a second router directs all connection requests to a dispatcher server, which routes application server calls to a proxy server for the application requested. A plurality of data security protocols are also employed. The protocols provide for an identification of the user, and an authentication of the user to ensure the user is who he/she claims to be and a determination of entitlements that the user may avail themselves of within the enterprise system.