Abstract: Digital data is provided with a time stamp of an internal time signal of an internal clock. The internal time signal is validated by receiving and evaluating an internal broadcast or a cable signal of an external time source, from which a standard time can be derived, comparing the standard time with the internal time signal of the internal clock, and time stamping the digital data. The digital data is time stamped only if a time difference between the internal and external time signals lies within a given tolerance range. Finally, the time-stamped digital data is encrypted.
Abstract: A method and apparatus for recording audio so that the recording can be authenticated as to both content and time of recording is provided. The system may be implemented as a central server that is accessed via one or more telephone lines, or as a stand-alone unit. The system operates by encrypting audio information, storing the encrypted information, and providing users with a cryptographic key that can be used to decrypt the stored information. Preferably, time stamps are embedded in the stored information. Digital signatures may be used to provide additional security.
Type:
Grant
Filed:
August 19, 1997
Date of Patent:
March 4, 2003
Assignee:
Walker Digital, LLC
Inventors:
Jay S. Walker, Thomas M. Sparico, James A. Jorasch
Abstract: In a public key encryption system where an individual is used as a unit, an idea of “group” is newly introduced. Then, both an encryption process operation of a plain text by an arbitrary member belonging to the group, and a decryption process operation of cryptogram information can be executed by employing such a combination key made from a group public key and a group secret key, which are produced in unit of “group”, and further an individual public key and an individual secret key. With employment of this encryption system, while high secrecies can be maintained inside and outside the group, the cryptogram information can be commonly shared based upon a confirmation of a member among members within the group. Also, an electronic signature can be made by a member belonging to the group.
Abstract: The method provides that a session code (K) can be agreed between a first computer unit (U) and a second computer unit (N), without it being possible for any unauthorized third party to gain access to useful information relating to the codes or the identity of the first computer unit (U). This is achieved by embedding the principle of the El-Gamal code interchange in the method, with additional formation of a digital signature via a hash value of the session code (K) which is formed by the first computer unit (U).
Type:
Grant
Filed:
November 10, 1997
Date of Patent:
February 25, 2003
Assignee:
Siemens Aktiengesellschaft
Inventors:
Günther Horn, Klaus Müller, Volker Kessler
Abstract: A data processing system and method including a server computer system coupled to a client computer system utilizing a network are described for causing an initially powered-off client computer system to power-on only in response to a receipt of an authenticated wake network packet. The client computer system is capable of receiving a wake network packet while the client is powered-off. The client computer system determines if the received wake network packet is a valid wake network packet while the client is powered-off. The client computer system powers-on only in response to a determination that the wake network packet is a valid wake network packet. The client computer system powers-on only in response to authenticated wake network packets.
Type:
Grant
Filed:
February 18, 1999
Date of Patent:
February 25, 2003
Assignee:
International Business Machines Corporation
Inventors:
Daryl Carvis Cromer, Brandon Jon Ellison, Eric Richard Kern, Howard Locker
Abstract: The user mounts a distributed storage medium in his or her terminal unit, selects desired information from stored information, and notifies the host central computer through a network. The host computer generates key information for use in deciphering the selected information by combining the identifier of the selected information, user identification, etc. and sends the key information to a user terminal unit. The user deciphers the selected information according to the transmitted key information, and then accesses the information.
Abstract: A computing system, includes a processor, a cache, a memory system, and a secure cache controller system. The cache stores a plurality of cache lines. The memory system stores a plurality of blocks of encrypted data. The secure cache controller system is situated between the memory system and the cache. When there is a miss of a first cache line of data in the cache and the first cache line of data resides in a first block of encrypted data within the memory system, the secure cache controller system fetches the first block of encrypted data, decrypts the first block of encrypted data and forwards the first cache line to the cache.
Abstract: Methods and apparatuses for level-based network access restriction are described. A user of network resources logs on to the network according to any appropriate security procedure. The user is provided access to a known, trusted resource as a starting point. From the starting point, the user can access other network resources by following links from the starting point or in another manner. The network resources accessed by the user are analyzed to determined whether the resource is a trusted resource. If the resource is a trusted resource, the user is allowed to follow a predetermined number of links away from the trusted resource before access is denied.
Abstract: Arbitrary digital information is embedded within a stream of digital data, in a way that avoids detection by a casual observer and that allows a user to determine whether the digital data have been modified from their intended form. The embedded information may only be extracted as authorized and may be used to verify that the original digital data stream has not been modified.
Abstract: An Open Descriptor demanding an access right is transmitted from a personal computer to a DVD player. In response to this demand, the DVD player transmits either an Accept response or a Reject response. Upon receiving the Accept response, the personal computer transmits a Write Descriptor. The Write Descriptor indicates an instruction that data (da) having a data length (le) is written (AuthDe) into an address (Add) of a sender (SD). Upon receiving this Write Descriptor, the DVD player transmits the Accept Write Descriptor indicating that the writing instruction has been accepted. Thus, in an authentication protocol, data is transmitted in accordance with the size of the buffer for use in an electronic machine.
Abstract: Private user data is securely entered from a public location in a way that the private user data cannot be ascertained by observers. A voice agent generates vocal instructions for a user, instructing the user to enter response data. The vocal instructions are communicated to the user with a telephonic link, in a manner that is secure from observers of entry of the response data. The instructions implement an encryption function, which causes the private user data to be encrypted within the response data. The response data is entered by the user vocally into a telephone, or by pressing buttons on a telephone keypad, or by pressing keys on a computer keyboard. The response data entered by the user is received by a security agent, which ascertains the private user data from the response data, and which also determines the validity of the data.
Type:
Grant
Filed:
August 7, 1998
Date of Patent:
February 11, 2003
Assignee:
International Business Machines Corporation
Abstract: An image processing apparatus separates input image data into low resolution image data and one or more auxiliary image data for interpolating the low resolution image data, and decrypts at least one of the separated auxiliary image data. The image processing apparatus also separates input image data into low resolution image data and at least one auxiliary image data for interpolating the low resolution image data and decodes the image data with at least one of the auxiliary image data being encrypted, and decrypts the encrypted auxiliary image data and synthesizes the low resolution image data with the auxiliary image data.
Abstract: One embodiment of the present invention is a method for processing packets in a computer communication network that includes steps of analyzing a packet stream using at least a first heuristic stage trained to recognize potentially harmful packets; assigning a confidence rating to packets in the analyzed stream in accordance with a level of confidence regarding the harmfulness of the analyzed packets; and selecting packets for further analysis in accordance with their assigned confidence rating. This exemplary embodiment overcomes disadvantages of previous methods for providing firewall security and is able to learn from and adapt to data flowing through a network to provide additional network security.
Abstract: A transmission device including an advanced security system is provided to specify an illegally operated device, inhibit the illegal operations, prevent from forgetting to unlock a log-in status by a maintenance operator, and set permitted user level for each command. The security system for a transmission device in a network is formed with plural transmission devices each including, at least, a port for a control terminal, which controls the transmission devices, when a cable disconnection is detected in a port of one transmission device, a log-in status is unlocked for the one transmission device or the other transmission devices through the port.
Abstract: A method and system for providing limited access privileges with an untrusted terminal allows a user to perform privileged operations between the untrusted terminal and a remote terminal in a controlled manner. The user can establish a secure communications channel between the untrusted terminal and a credentials server to receive credentials therefrom. Once the user receives the credentials, the secure communications channel is closed. The user can then use the credentials to perform privileged operations on a remote terminal through the untrusted terminal. The remote terminal knows to grant the user limited privileges based on information included in the credentials. The effects of malicious actions by the untrusted terminal are limited and controlled.
Abstract: A computer system, bus interface unit, and method are provided for securing certain devices connected to an I2C bus. Those devices include any device which contains sensitive information or passwords. For example, a device controlled by a I2C-connected device bay controller may contain sensitive files, data, and information to which improper access may be denied by securing the device bay controller. Moreover, improper accesses to passwords contained in non-volatile memory connected to the I2C bus must also be prevented. A bus interface unit coupled within the computer contains registers, and logic which compares the incoming I2C target and word addresses with coded bits within fields of those registers. If the target or word address is to a protected address or range of addresses, then an unlock signal must be issued before the security control logic will allow the target or word address to access the I2C bus or addressed device thereon.
Type:
Grant
Filed:
November 20, 1998
Date of Patent:
January 21, 2003
Assignee:
Compaq Information Technologies Group, L.P.
Inventors:
David F. Heinrich, Hung Q. Le, Paul B. Rawlins, Charles J. Stancil
Abstract: A computer readable storage medium for providing repeated contact with computer software or a software user to transfer information which may include advertising, promotional, or marketing information includes repeatedly contacting the software manufacturer or third party representative or agent for continued use of the software. The invention provides for automatically obtaining authorization information in addition to marketing, advertising, and/or promotional information prior to expiration of each authorization interval or period. The user and/or software contacts an authorized representative of the software to obtain authorization information which may be downloaded directly to the software or provided to the user for entry. Authorization intervals may vary depending upon the particular application. For example, in one embodiment, the present invention provides authorization information which allows continued use of the software for a period based on value of the software.
Abstract: A method and system for adaptive network security using intelligent packet analysis are provided. The method comprises monitoring network data traffic. The network data traffic is analyzed to assess network information. A plurality of analysis tasks are prioritized based upon the network information. The analysis tasks are to be performed on the monitored network data traffic in order to identify attacks upon the network.
Type:
Grant
Filed:
December 29, 1998
Date of Patent:
December 24, 2002
Assignee:
Cisco Technology, Inc.
Inventors:
Robert E. Gleichauf, Daniel M. Teal, Kevin L. Wiley
Abstract: A system and method for transferring messages securely over a computer network which includes the steps of inputting the message to be transmitted at a first device and then encrypting the message at the first device. An address for a dynamically addressed server is obtained and the first device is connected to the dynamically addressed server. The encrypted message is transmitted from the first device to the server and the message is received at the dynamically addressed server. The message is transmitted from the server to a second device and then the message is decrypted at the second device.
Abstract: A method and computer executable program code are disclosed to verify the source of software downloaded from a remote site to a client computer over a computer network before the software can be executed on the client computer.