Abstract: In an apparatus for authenticating a digital signature, a signature generating part encrypts a digital document by using a private key defined by a signer and digest information for checking whether the digital document has been tampered with, and generates a digital signature. A signature synthesizing part creates image information by synthesizing the digital signature and a predetermined mark. And an image embedding part embeds the image information created by said signature synthesizing part into an indicated position in the digital document.

Abstract: There is disclosed a security device for use in a wireless network comprising a plurality of base stations that communicate with a plurality of mobile stations. The security device prevents unprovisioned mobile stations from accessing an Internet protocol (IP) data network through the wireless network. The security device comprises a first controller for receiving from the unprovisioned mobile station an IP data packet comprising an IP packet header and an IP packet payload and encrypting at least a portion of the IP payload. The security device also comprises a second controller for determining that the unprovisioned mobile station is, in fact, unprovisioned. In one embodiment, the first controller comprises a data processor that executes an encryption program stored in a memory associated with the data processor.

Abstract: A secure telecommunication system 10 is provided that allows for communication between a device 14 and a receiving device 16 of encrypted data messages through a data communications network 12. The device 14 utilizes an encryption decryption engine 30 which is operable to execute a plurality of encryption algorithms. The encryption algorithms can be accessed using a key value that is used to access an encryption selection table 28. The encryption selection table 28 can indicate a number of encryption algorithms to be applied in sequence.

Abstract: System for updating an encrypted key, by means of which the WEP of IEEE 802.11 can be applied to a wireless LAN system having plural APs and a large number of STAs. A key management server is LAN-connected to the APs. A set of plural (k) encrypted keys used for wireless communication between the entire APs and STAs is provided and managed monistically. If an encrypted key is updated in the key management server, the updated key is delivered to each of the APs and the STAs.

Abstract: The present invention relates to a communication method that includes an operation of receiving a succession of pages originating from a first site of a computer network. That method further includes an operation of memory storage of information representative of the succession of pages, outside the first site and an operation of associating a certificate of integrity with the memory-stored information representative of the succession of pages. The certificate of integrity is stored in memory in association with the information representative of the succession of pages. The certificate of integrity makes it possible to detect any alteration to the memory-stored information representative of the succession of pages, subsequent to its being stored in memory.

Abstract: A novel and useful mechanism for detecting intrusion and jamming attempts by an imposter node. A time window defined as an emergency window is reserved after the end of a packet and before an acknowledgement window. Nodes that detect the presence of an intruder transmit an emergency packet during the emergency time window to inform the receive node that the packet it received was sent from an imposter node. Attempts to jam the transmission of the emergency packet from the victim node to the receive node are detected by listening during the emergency window time period for carrier signal that indicates that an emergency packet is trying to be sent. An emergency packet request message is sent by the receive node in response which causes the victim node to resend the emergency packet.

Abstract: A computer system includes a remote controller for generating a remote control signal to remotely control operations of the system, a remote control signal receiver for receiving the remote control signal generated from the remote controller, and a shell program for executing various remote control operations by the remote controller. If a security code verification operation is performed when the computer system returns from a stand-by state to a normal state by the remote controller, the shell program serves to automatically input a security code transmitted from the remote controller. This makes it possible to automatically input a security code that a user must directly input using an input device such as a keyboard, when the computer system returns to the normal state. Therefore, user convenience can be enhanced.

Abstract: The present invention relates to a method for enabling strong mutual authentication between two computers in a communication system. A user from a client attempts to gain access to a server. The server transmits a first key encrypted by a second key to the client and a second key encrypted by a user's private key to a verifier. The verifier uses the user's login information to obtain the user's private key, which the verifier uses to obtain the second key. The verifier transmits the second key to the client and the client decrypts the first key with the second key. The client then transmits the second key encrypted by the first key to the server. If the received second key is the same as the generated second key, the client is authenticated to the server.

Abstract: An image indicating a copyright and its related information are set through a setting input means and those settings are stored in a related information storing means in advance. Registration image data is recorded in a detachable registration image data recording medium in advance. When an arbitrary image signal is generated by an image generating means, an image combining control means receives the generated image signal and also receives, via a registration image data input means, the registration image data stored in the registration image data recording medium. Further, the image combining control means generates a registration image signal by referring to the setting information and combines it with the arbitrary image signal. In this state, if no corresponding registration image data exists in the registration image data recording medium, image signal combining is not performed.

Abstract: A method and apparatus provides cryptographic parameters for use in cryptographic applications in response to requests therefor. The method includes the steps of: pre-computing one or more different types of sets of cryptographic parameters, each the type of set being adapted for use by an associated type of cryptographic application; securely storing the pre-computed sets of cryptographic parameters in a memory storage unit; receiving a request for a set of cryptographic parameters having specified characteristics for use in a particular cryptographic application; determining one of the sets of cryptographic parameters stored in the memory storage unit that has specified characteristics; accessing the determined set of cryptographic parameters from the memory storage unit; and providing the determined set of cryptographic parameters with minimal latency.

Abstract: A method and apparatus for securely communicating ephemeral information from a first node to a second node. In a first embodiment, the first node encodes and transmits an ephemeral message encrypted at least in part with an ephemeral key, from the first node to the second node. Only the second node has available to it the information that is needed to achieve decryption by an ephemeral key server of a decryption key that is needed to decrypt certain encrypted payload information contained within the message communicated from the first node to the second node. In a second embodiment the first node transmits to the second node an ephemeral message that is encrypted at least in part with an ephemeral key. The ephemeral message includes enough information to permit the second node to communicate at least a portion of the message to an ephemeral key server and for the ephemeral key server to verify that the second node is an authorized decryption agent for the message.

Abstract: A digital rights management system for the distribution, protection and use of electronic content. The system includes a client architecture which receives content, where the content is preferably protected by encryption and may include a license and individualization features. Content is protected at several levels, including: no protection; source-sealed; individually-sealed (or “inscribed”); source-signed; and filly-individualized (or “owner exclusive”). The client also includes and/or receives components which permit the access and protection of the encrypted content, as well as components that allow content to be provided to the client in a form that is individualized for the client. In some cases, access to the content will be governed by a rights construct defined in the license bound to the content.

Abstract: The present invention is related to systems and methods for adding a signature to circuit design. In one embodiment, a first set of constraints used to specify a functional portion of the circuit design is received. A second set of constraints used to specify the signature is received as well. The circuit design is generated based on at least the first constraints and the second constraints, wherein the signature is embedded in the functional portion.

Abstract: Methods and systems for firewall/data protection that filters data packets in real time and without packet buffering are disclosed. A data packet filtering hub, which may be implemented as part of a switch or router, receives a packet on one link, reshapes the electrical signal, and transmits it to one or more other links. During this process, a number of filters checks are performed in parallel, resulting in a decision about whether each packet should or should not be invalidated by the time that the last bit is transmitted. To execute this task, the filtering hub performs rules-based filtering on several levels simultaneously, preferably with a programmable logic or other hardware device. Various methods for packet filtering in real time and without buffering with programmable logic are disclosed. The system may include constituent elements of a stateful packet filtering hub, such as microprocessors, controllers, and integrated circuits.

Abstract: An approach for establishing secure multicast communication among multiple event service nodes is disclosed. The event service nodes, which can be distributed throughout an enterprise domain, are organized in a logical tree that mimics the logical tree arrangement of domains in a directory server system. The attributes of the event service nodes include the group session key and the private keys of the event service nodes that are members of the multicast or broadcast groups. The private keys provide unique identification values for the event service nodes, thereby facilitating distribution of such keys. Because keys as well as key version information are housed in the directory, multicast security can readily be achieved over any number of network domains across the entire enterprise. Key information is stored in, and the logical tree is supported by, a directory service. Replication of the directory accomplishes distribution of keys.

Abstract: A system for increasing realized secure sockets layer (“SSL”) encryption and decryption connections is disclosed. The system combines monitoring of server load with adjustment of static SSL parameters to optimize a system of devices. The system monitors parameters of the servers that affect the ability of the servers to process SSL connections. An “SSL capacity” value for each server is calculated which represents the capability of that server to process SSL connections. This value is used to calculate an SSL threshold for that server, which is then applied to the SSL device to determine how many SSL connections the SSL device should process for that server. Since the connection threshold for an SSL device is a function of the device's load and each server's SSL capacity, and these values are dynamic, the connection threshold values are recalculated periodically to ensure increased SSL performance without impact to client response.

Abstract: A chipset is initialized in a secure environment for an isolated execution mode by an initialization storage. The secure environment has a plurality of executive entities and is associated with an isolated memory area accessible by at least one processor. The at least one processor has a plurality of threads and operates in one of a normal execution mode and the isolated execution mode. The executive entities include a processor executive (PE) handler. PE handler data corresponding to the PE handler are stored in a PE handler storage. The PE handler data include a PE handler image to be loaded into the isolated memory area after the chipset is initialized. The loaded PE handler image corresponds to the PE handler.

Abstract: A method and apparatus to format and process a Media Key Block so as to reduce latencies when processing the Media Key Block. A new record is generated containing header information for the records comprising the Media Key Block. This new record is read just once and allows a device to skip seeking and reading each record header individually. In addition, the records are adjusted so that individual records or individual fields within a record always fit within a single transfer unit.

Abstract: The present invention is directed to a method for emulating an executable code, whether it is a human-readable code (e.g., macro and script) or a compiled code (e.g. Windows executable). At the design time, one or more content attributes are defined for the variables of the code. A content attribute indicates a property with relevance to maliciousness, e.g. Windows directory, a random value, “.EXE” at the right of a string, etc. A content attribute may be implemented, for example, by a flag. Also defined at the design time, is a list of malicious states, where a malicious state comprises at least the combination of a call to a certain system function with certain content, as the calling parameter(s). When emulating an assignment instruction, the attributes of the assigned variable are set according to the assigned content. When emulating a mathematical operator, a content mathematics is also applied. When emulating a function call, the current state (i.e.

Abstract: In an embodiment of the present invention, a technique is provided for remote attestation. An interface maps a device via a bus to an address space of a chipset in a secure environment for an isolated execution mode. The secure environment is associated with an isolated memory area accessible by at least one processor. The at least one processor operates in one of a normal execution mode and the isolated execution mode. A communication storage corresponding to the address space allows the device to exchange security information with the at least one processor in the isolated execution mode in a remote attestation.