Abstract: A system and method are disclosed for preventing detection of a computer connection to an external device. The external device is connected to the computer via a connectionless port. A key to be used to generate valid authorization information to be included in all valid data packets sent between the computer and the external device is provided. The external device is configured to reply to any packet in which the required valid authorization information is not present with the packet that would be sent if the connectionless port were not in use.

Abstract: A data processing system, method, and product are disclosed for pre-encrypting static information transmitted by secure Web sites. The data processing system includes a server computer system coupled to a client computer system utilizing a network. The server computer system receives a request for a secure Web page that is maintained by the server. The secure Web page includes dynamically-changing information and static information. The server encrypts and transmits the encrypted dynamically-changing information. The server determines whether the static information has been pre-encrypted. If the static information has been pre-encrypted, the server bypasses the encryption step and transmits the pre-encrypted static information.

Abstract: Authentication method for authenticating a mobile node to a packet data network, in which a shared secret for both the mobile node and the packet data network is arranged by using a shared secret of the mobile node and a telecommunications network authentication center. In the method, the mobile node sends its subscriber identity to the packet data network together with a replay attack protector. The packet data network obtains authentication triplets, forms a session key using them, and sends back to the mobile node challenges and a cryptographic authenticator made by using the session key. The mobile node can then form the rest of the authentication triplets using the challenges and then form the session key. With the session key, the mobile node can check the validity of the cryptographic authenticator. If the authenticator is correct, the mobile node sends a cryptographic response formed using the session key to the packet data network for authenticating itself to the packet data network.

Abstract: A digital AV data transmitting unit includes a data significance deciding section for deciding the significance degree of digital AV data, and a transmitting-side plurality-of-authentication-rules storing section storing a plurality of types of authentication rules. Also included are a transmitting-side authentication selecting section for selecting one type of authentication rule from the transmitting-side plurality-of-authentication-rules storing means in accordance with a decision result by the data significance deciding section when receiving an authentication request, and a transmitting-side authenticating section for performing authentication in accordance with the selected authentication rule.

Abstract: Disclosed is an optical disk barcode forming method wherein, as information to be barcoded, position information for piracy prevention, which is a form of ID, is coded as a barcode and is recorded by laser trimming on a reflective film in a PCA area of an optical disk. When playing back the thus manufactured optical disk on a reproduction apparatus, the barcode data can be played back using the same optical pickup.

Abstract: An encryption apparatus using a DES encryption algorithm is disclosed. The apparatus for encrypting 64-bit plain text blocks includes: input buffering unit for receiving a plain text block byte-by-byte and outputting a first and a second 32-bit plain text blocks in response to a first clock; encryption unit for performing time multiplexed encryption of the first and the second 32-bit plain text blocks in response to the first clock and a second clock, thereby generating a first and a second 32-bit cipher text blocks; and output buffering unit for receiving the first and the second 32-bit cipher text blocks in response to the second clock and outputting eight 8-bit cipher text blocks.

Abstract: A method and systems are provided for creating an authentication of secure communications between a software video driver and a video display. A video driver transmitting digital video data deemed high-bandwidth digital content, to a display, can perform authentication to determine if a secure connection has been established with a display. The video driver and the display both generate secret keys which are compared to ensure that the display used is authorized for secure communications. The video driver, communicating with a hardware video controller over a peripheral component interconnect (PCI) bus, can establish an encrypted link with the video driver. The video driver occasionally monitors the display to determine if a secure communications link is upheld. If the connection is determined at any time to be insecure, the video controller can alert the video driver, so that transmission of the video data can be terminated.

Abstract: A method is disclosed for amortizing the authentication overhead of data transmissions. The method comprises establishing a first secure transmission of data between a transmitter and a receiver by transmitting at least one token to the receiver during the first secure transmission. There may be any number of senders and receivers, and any receivers may be a sender and vice versa. The method also comprises establishing at least one additional transmission of data between the sender and the receiver and transmitting the data and at least one token during the at least one additional transmission. In addition, the method compares the at least one token transmitted during the at least one additional transmission to the token transmitted during the first secure transmission to guarantee the authenticity of that at least one additional transmission. The method may also include transmitting a preselected number of tokens during the first secure transmission.

Abstract: In a distributed computing environment, a message gate may be the message endpoint for a client or service. A message gate may provide a secure message endpoint that sends and receives type-safe messages. Devices may have a gate factory (e.g. message endpoint constructor) that is trusted code on the device for generating gates based on XML message descriptions. In one embodiment, the gate factory may construct a gate from the XML schema of the service, a URI for the service, and an authentication credential. Access to some services may be unrestricted. For such services, a gate may be constructed without an authentication credential, saving the overhead of running an authentication service and incorporating an authentication credential. Gate construction may also be optimized for certain clients that do not desire to perform checking of messages against a service's XML schema. If verification is not desired, a client may avoid or may chose to avoid building (e.g.

Abstract: The present invention is a system and method for handling personally identifiable information, using a rules model. The invention involves defining a limited number of privacy-related actions regarding personally identifiable information; constructing a rule for each circumstance in which one of said privacy-related actions may be taken or must be taken; allowing for the input of dynamic contextual information to precisely specify the condition for evaluation of a rule; creating a programming object containing at least one of said rules; associating the programming object with personally identifiable information; processing a request; and providing an output. The invention does not merely give a “yes-or-no answer. The invention has the advantage of being able to specify additional actions that must be taken. The invention may use a computer system and network. One aspect of the present invention is a method for handling personally identifiable information.

Abstract: A method and computer program in which a user (132) may have a digital certificate created using a strong authentication technique. Once the user has the digital certificate he may then request the generation of a “single sign-on” certificate that will allow the user (132) access to a foreign computer networks. This is accomplished by the user (132) contacting a registration web server (124) and requesting the generation of “single sign-on” for the foreign computer network. Thereafter, the registration web server (124) may take a public key generated based on the digital certificate and request the creation of a “single sign-on” by simply creating a public key from the digital certificate.

Abstract: A system for preventing accurate disassembly of computer code. Such code masking, referred to as “obfuscation,” is useful to prevent unwanted parties from making copies of an original author's software, obtaining valuable information from the software for purposes of breaking into a program, stealing secrets, making derivative works, etc. The present invention uses assembly-language instructions so as to confuse the disassembler to produce results that are not an accurate representation of the original assembly code. In one embodiment, a method is provided where an interrupt, or software exception instruction, is used to mask several subsequent instructions. The instruction used can be any instruction that causes the disassembler to assume that one or more subsequent words, or bytes, are associated with the instruction. The method, instead, jumps directly to the bytes assumed associated with the instruction and executes those bytes for a different purpose.

Abstract: In a network connected to a printer and a registration server, a network registration protocol for registering the printer on the network includes the steps of installing a secret unique identifier and public unique identifier in non-volatile memory in the printer and in a database of the registration server, before the printer is connected to the network; then, when the printer is connected to the network, authenticating the printer to the server by comparison of the secret unique identifiers installed in printer and server, using a secure transmission between the two over the network. Also a network registration signal for transmission over a network from a printer to a registration server to register the printer with the server, where the signal is transmitted at the first occasion the printer is connected to the network.

Abstract: A method and apparatus for controlling the performance of a mount operation changing the logical association of a first file system with a second file system of an information handling system by a user who may not have general authority to perform such a mount operation. In response to a request by a user to perform a requested mount operation on the first file system, a determination is made of whether the user has general authority to perform the requested mount operation, either because the user has general superuser authority or because the user has superuser authority for mount operations. If the user has general authority to perform the requested mount operation, the requested mount operation is performed. If the user does not have general authority to perform the requested mount operation, the requested mount operation is performed only if the user has a predetermined access authority to the first file system.

Abstract: A first unit collects and stores data (bar codes 12) and reports to a second unit. The first unit keeps and communicates a first unit current record, for storage, of its (random and unpredictable) activities since last connection and a first unit past record for comparison, of its (random and unpredictable) activities up to last connection. Matching between its previously stored first unit current record and the received first unit past record makes the second unit grant access to the first unit and store the received first unit current record. The same can be done for the second unit by the first unit. Non-coupling invokes provision of extra identification, renewed coupling involving a common default set of records. Records can generate encryption keys. Random data and encryption prevent illegal access.

Abstract: A limited tracking system and associated method that enable the use of personal encoded identification media to limit access to tracking information. The tracking system provides concurrent time-limited access to a large number of people, objects, information, services, and other resources, and has particular applicability to credit cards, dining cards, telephone calling cards, health cards, driver's licenses, video store cards, car access cards, building access cards, computer access cards, and like identification badges or cards. The tracking system includes a transmitter module incorporated in a badge, and a receiver module incorporated in a secure server. The transmitter module contains an encryptor and a watch crystal that keeps track of time, such that the encryptor encrypts the current time with the user's private key, and periodically transmits the encrypted current time to the receiver module, as a code list.

Abstract: The essence of the invention is in that when making a digital blind RSA-signature a new technique for blinding an initial data by a RSA-encryption and corresponding technique for unblinding the signed blinded data are employed, which gives the possibility to use an unlimited number of kinds of the signature in electronic systems of the mass scale service. The untraceability is ensured by a corresponding choice of the randomized exponent R, RSA-key used in RSA-encryption the initial data, and by the public module N properties verified in an arbitrary time moment. In so doing, N=P·Q, where P and Q are secret prime factors, and R is multiple to N?1. In other variants of the invention the diversity of kinds of the signature is set by limitings on multiplicities of public exponents, said limitings being chosen prior to blinding the initial data.

Abstract: A graphics processor receives a compressed encrypted video stream. The graphics processor decrypts the compressed encrypted video stream and stores a decrypted version (i.e., a decrypted compressed video stream) in a protected portion of an on-chip or off-chip video memory. The graphics processor then permits processors and other bus masters on the graphics processor to access the on-chip video memory, but conditionally limits access to other bus masters that are located off-chip, such as a central processing unit located off-chip and coupled to the graphics processor via a bus.

Abstract: After a key pair with a public key and a corresponding private key has been determined on the basis of an initial value, the initial value is made available to a user. The private key can then be erased. When the user wishes to carry out a cryptographic operation based on the “Public-Key-Technology”, the user enters the initial value into a computer and, upon utilization of the initial value, a regenerated private key is formed, which corresponds to the private key that had been previously formed but was then erased.

Abstract: An object of the present invention is to provide a marking forming apparatus, a method of forming a laser marking on an optical disk, a reproduction apparatus, an optical disk, and a method of manufacturing an optical disk, capable of providing a greatly improved copy prevention capability as compared to prior known construction. To achieve this object, in the optical disk of the invention, for example, a marking is formed by a laser on a reflective film of a disk holding data written thereon and at least position information of the marking or information concerning the position information is written on the disk in an encrypted form or with a digital signature appended thereto.