Abstract: A method and apparatus for controlling the performance of a mount operation changing the logical association of a first file system with a second file system of an information handling system by a user who may not have general authority to perform such a mount operation. In response to a request by a user to perform a requested mount operation on the first file system, a determination is made of whether the user has general authority to perform the requested mount operation, either because the user has general superuser authority or because the user has superuser authority for mount operations. If the user has general authority to perform the requested mount operation, the requested mount operation is performed. If the user does not have general authority to perform the requested mount operation, the requested mount operation is performed only if the user has a predetermined access authority to the first file system.

Abstract: In a network connected to a printer and a registration server, a network registration protocol for registering the printer on the network includes the steps of installing a secret unique identifier and public unique identifier in non-volatile memory in the printer and in a database of the registration server, before the printer is connected to the network; then, when the printer is connected to the network, authenticating the printer to the server by comparison of the secret unique identifiers installed in printer and server, using a secure transmission between the two over the network. Also a network registration signal for transmission over a network from a printer to a registration server to register the printer with the server, where the signal is transmitted at the first occasion the printer is connected to the network.

Abstract: The essence of the invention is in that when making a digital blind RSA-signature a new technique for blinding an initial data by a RSA-encryption and corresponding technique for unblinding the signed blinded data are employed, which gives the possibility to use an unlimited number of kinds of the signature in electronic systems of the mass scale service. The untraceability is ensured by a corresponding choice of the randomized exponent R, RSA-key used in RSA-encryption the initial data, and by the public module N properties verified in an arbitrary time moment. In so doing, N=P·Q, where P and Q are secret prime factors, and R is multiple to N?1. In other variants of the invention the diversity of kinds of the signature is set by limitings on multiplicities of public exponents, said limitings being chosen prior to blinding the initial data.

Abstract: A limited tracking system and associated method that enable the use of personal encoded identification media to limit access to tracking information. The tracking system provides concurrent time-limited access to a large number of people, objects, information, services, and other resources, and has particular applicability to credit cards, dining cards, telephone calling cards, health cards, driver's licenses, video store cards, car access cards, building access cards, computer access cards, and like identification badges or cards. The tracking system includes a transmitter module incorporated in a badge, and a receiver module incorporated in a secure server. The transmitter module contains an encryptor and a watch crystal that keeps track of time, such that the encryptor encrypts the current time with the user's private key, and periodically transmits the encrypted current time to the receiver module, as a code list.

Abstract: A first unit collects and stores data (bar codes 12) and reports to a second unit. The first unit keeps and communicates a first unit current record, for storage, of its (random and unpredictable) activities since last connection and a first unit past record for comparison, of its (random and unpredictable) activities up to last connection. Matching between its previously stored first unit current record and the received first unit past record makes the second unit grant access to the first unit and store the received first unit current record. The same can be done for the second unit by the first unit. Non-coupling invokes provision of extra identification, renewed coupling involving a common default set of records. Records can generate encryption keys. Random data and encryption prevent illegal access.

Abstract: A graphics processor receives a compressed encrypted video stream. The graphics processor decrypts the compressed encrypted video stream and stores a decrypted version (i.e., a decrypted compressed video stream) in a protected portion of an on-chip or off-chip video memory. The graphics processor then permits processors and other bus masters on the graphics processor to access the on-chip video memory, but conditionally limits access to other bus masters that are located off-chip, such as a central processing unit located off-chip and coupled to the graphics processor via a bus.

Abstract: After a key pair with a public key and a corresponding private key has been determined on the basis of an initial value, the initial value is made available to a user. The private key can then be erased. When the user wishes to carry out a cryptographic operation based on the “Public-Key-Technology”, the user enters the initial value into a computer and, upon utilization of the initial value, a regenerated private key is formed, which corresponds to the private key that had been previously formed but was then erased.

Abstract: Methods and systems of screening input strings that are intended for use by a Web server are described. In the described embodiment, an attack pattern is determined that can be used to attack a Web server. A search pattern is defined that can be used to detect the attack pattern. The search pattern is defined in a flexible, extensible manner that permits variability among its constituent parts. An input string that is intended for use by a Web server is received and evaluated using the search pattern to ascertain whether the attack pattern is present. If an attack pattern is found that matches the search pattern, then a remedial action is implemented.

Abstract: A cryptographic processing method in which dependence of cryptographic processing process and secret information on each other is cut off; and in which, when a scalar multiplied point is calculated from a scalar value and a point on an elliptic curve in an elliptic curve cryptosystem, a value of a bit of the scalar value is judged; and in which operations on the elliptic curve are executed a predetermined times and in a predetermined order without depending on the judged value of the bit.

Abstract: A method of automatically tracking a certificate pedigree is provided, in which a new user is provided with a piece of hardware containing a predetermined pedigree certificate stored therein, the predetermined pedigree certificate having a level of trust bearing a relationship to a category of hardware of which the provided piece of hardware is a member. An automated registration arrangement is provided which can be accessed only by users having a piece of hardware containing a predetermined pedigree certificate having a specified level of trust stored therein. When the new user accesses the automated registration arrangement using the provided piece of hardware, the automated registration arrangement provides the new user with an individual signature certificate having a level of trust commensurate with that of the pedigree certificate.

Abstract: The present invention relates to a firewall for use in association with real-time Internet applications such as Voice over Internet Protocol (VoIP). The firewall applies an application proxy to the signaling and control channels and a packet filter to the bearer channels. One of the features of hybrid firewall is that the application proxy can instruct the packet filter as to which bearer channels to enable and disable for the duration of a real-time Internet application session. The hybrid firewall can also intelligently perform network address translation (NAT) on Internet protocol packets incoming and outgoing to the firewall.

Abstract: An image encoding/decoding system and method for producing a computer-generated security device which can be printed onto a document, such as a passport, to secure the document against data alteration. Deflection encoding means comprises means for applying a selected software lens to a source image and producing a deflected image. Encryption encoding means comprises means for applying an encryption function to the deflected image or a source image and producing an encrypted image. Overlaying means is provided for overlaying the deflected and encrypted images and producing therefrom the security device image. The deflected image may be detected from the security device image both by means of a manual lenticular lens corresponding to the software lens applied to a printing of the security image and by means of computer decoding processing applying the software lens.

Abstract: The integrity of a dynamic data object that comprises one or more dynamic data items is ensured by storing the dynamic data object and dynamic authorization data in a memory. The dynamic authorization data may, for example, be a count of how many failed attempts to gain authorization have previously been made, and this is modified at least whenever another failed attempt is made. Whenever the dynamic data object or the dynamic authorization data is changed, its corresponding hash value is recomputed and stored into the memory. The dynamic data object is considered authentic only if newly-generated values of the two hash signatures match those that were previously stored into the memory. Changes to the dynamic data object are permitted only after the user has executed passed an authorization procedure.

Abstract: The invention relates to a data storage medium storing data material having a data replay order, the stored data material being associated with dummy data material stored on the medium at a different position in the data replay order, in which metadata identifying the data material is encoded as a watermark in the dummy data material.

Abstract: A symmetric key stream processor 60 that encrypts and decrypts text in accordance with the RC4 algorithm has a main processing block 62 and a host interface 64. The main processing block 62 includes an Sbox memory 78 implemented with a synchronous dual-port RAM and an encryption logic block 80 with a finite state machine. The dual port memory architecture is used for efficiency during permutation and message processing.

Abstract: The digital data file management method reads a header of the digital data file stored on an external medium. Based on the read header, the digital data file is selectively uploaded and/or managed.

Abstract: The present invention relates to an optical disc authentication method and apparatus. The method, wherein each disc has a plurality of ways and a plurality of sectors in each way, includes the steps of measuring the quantity of sectors in each of a defined quantity of ways to provide a disc fingerprint comprising way sector quantity values for an original disc and a target disc and authenticating the target disc.

Abstract: The present invention is directed toward using patterns in APDU to perform identification data substitution. According to one or more embodiments of the present invention, a user inserts a smart card into a card reader connected to a client computing device. Then, the user enters a PIN. The PIN is embedded into an APDU which is sent to the card reader and is presented to the smart card. The APDU contains special patterns that specify to the card reader where and in what format the PIN should be embedded into a prototype APDU that is constructed in the card reader and presented to the card for verification.

Abstract: An access control system for an electronic entertainment device includes a processor and a memory comprising access control instructions for execution by the processor. The instructions periodically present a set of working queries during execution of an entertainment software application, accept answers to the working queries, and allow access to, or terminate, the entertainment software application based on the answers. Access is allowed for a supervisor configurable time period for each user and each entertainment software title.

Abstract: A security protocol entity (20) is provided that includes a mechanism for enabling a first party (11) to communicate securely with a second party (60) through an access-controlling intermediate party (13) by nesting within a first security session (64) established with the intermediate party (13) a second security session (65) with the second party (60). The protocol data units, PDUs, associated with the second security session (65) are encapsulated in PDUs associated with the first security session (64) when sent out by the first party, the intermediate party extracting the encapsulated PDUs for sending on to the second party (possibly with a change to the destination address included in the PDU to be sent on). Each PDU includes a message type field explicitly indicating to the intermediate party (13) if a received PDU encapsulates another PDU intended to be sent on.