Abstract: A system and method are disclosed for providing security for a computer network. Content is generated for a computer associated with the network. It is determined whether a user should be routed to the generated content. If it is determined that the user should be routed to the generated content, the user is so routed.

Abstract: A method and system for enabling wireless devices distributed throughout an enterprise to be efficiently initialized for secure communications. The method and system utilize well known public key cryptography and machine unique identifiers to establish a secure channel and initialize the wireless devices.

Abstract: An external module loads into an entity's memory and is transformed by two functions. These are namely, the STOMP function and the UNSTOMP function. One or both of these functions is based on the actual code that is found in a legitimate version of the external module. The STOMP-UNSTOMP pair produces an external module that works differently if even a single byte of code in the external module has been changed by an attacker. The STOMP transforms the external module and makes it temporarily unusable whilst conversely, the UNSTOMP repairs the damage and makes it workable again. Thus, if the module is not authentic, the pairing between the STOMP and UNSTOMP is broken. Therefore, a patched module from a hacker remains unusable since the STOMP and UNSTOMP transformations do not produce a working external module. Because of the STOMP and UNSTOMP technique, an application is secure because if an external module is free from tampering then the application executes normally.

Abstract: A system and method for distributing digital content is capable of preventing illegal use of digital content and leak of user information. A creator terminal 110 forwards content, copyright information and conditions for quotation to a content distribution server 120. A user terminal 130 forwards an application for using the content to the content distribution server 120. The content distribution server 120 embeds copyright information in the content to which the user terminal 130 has forwarded the application for using the content and the user information is embedded in the content to which the user terminal 130 has forwarded the application for using the content. The relation among a content size Sq which is permitted to be quoted according to conditions for quotation, a content size Sc in which the copyright information is embedded and a content size Su in which the user information is embedded is expressed by Sc<Sq<Su.

Abstract: The correctness of an exponentiation operation or other type of operation associated with a multi-party cryptographic protocol is verified using first and second proofs based on a randomized instance of the operation. A prover generates signals corresponding to information representative of the first and second proofs based on the randomized instance. The first proof is a so-called “blinded” proof that the operation has been correctly performed, configured so as to prevent leaks of information relating to the cryptographic protocol. The second proof is a proof that the first proof has been correctly performed by the prover. The proof information signals are transmitted from the prover to a verifier, and the verifier uses the signals to determine if the operation associated with the cryptographic protocol is valid.

Abstract: A method, system, and computer program product for selectively encrypting one or more elements of a document using style sheet processing. Disclosed is a policy-driven augmented style sheet processor (e.g. an Extensible Stylesheet Language, or “XSL”, processor) that creates a selectively-encrypted document (e.g. an Extensible Markup Language, or “XML”, document) carrying key-distribution material, such that by using an augmented document processor (e.g. an augmented XML processing engine), an agent can recover only the information elements for which it is authorized. The Document Type Definition (DTD) or schema associated with a document is modified, such that the DTD or schema specifies a reference to stored security policy to be applied to document elements. Each document element may specify a different security policy, such that the different elements of a single document can be encrypted differently (and, some elements may remain unencrypted).

Abstract: The present invention provides methods and apparatus for authorizing a temporary or permanent increase in the performance of a data processing system while providing little or no down time. This is accomplished by including extra or additional computer resources in the data processing system when, for example, it is provided to the customer. However, only those resources required to achieve the performance level purchased by the customer are enabled for use during normal operation. To temporarily or permanently increase the performance level of the data processing system, the customer purchases an authorization key. When the customer desires increased performance, the authorization key is registered on the data processing system, which enables the use of additional hardware resources. The authorization key may be used akin to an insurance policy that allows selective increases in performance level to accommodate unplanned increases in performance requirements.

Abstract: A system and method for implementing adaptive cryptographically synchronized authentication is disclosed. The authentication system includes a controller that dynamically selects one of a plurality of authentication mechanisms to be used in providing authentication for an exchange of message data. The variation in the level of authentication assurance can be based on one or more factors such as the current security conditions and the available CPU utilization.

Abstract: One embodiment of the present invention provides a system that facilitates a key exchange that operates with a pre-shared secret key and that hides identities of parties involved in the key exchange. The method operates by establishing a negotiated secret key between a first party and a second party by performing communications between the first party and the second party across a network in a manner that does not allow an eavesdropper to determine the negotiated secret key. Next, the system encrypts an identifier for the first party using the negotiated secret key and a group secret key to form an encrypted identifier. This group secret key is known to members of a group, including the first party and the second party, but is kept secret from parties outside of the group. Next, the system sends the encrypted identifier from the first party across the network to the second party.

Abstract: The present invention is directed towards a method, device, and network for providing secure communication environments. In one form, a communication network operable to provide a secure communication environment is disclosed. The communication network includes a communication device operable to request the secure communication environment. The communication network further includes a communication server operable to be coupled to the communication device to enable the secure communication environment.

Abstract: Numerical values are calculated for each sentence in a document being checked for plagiarism and compared to numerical values determined for archive documents. If the numerical values match or are within a predetermined range of each other, a note is made and a reviewer can closely review the submitted document to make a determination whether plagiarism has been committed.

Abstract: A certification authority generates certificates in response to respective certification requests. The certification authority generally includes a computer that is bootable from a removable medium and a removable medium. The removable medium includes a machine readable medium having encoded thereon an operating system module configured to enable the computer to boot from the removable medium and a certificate generation module configured to, after the computer has been booted, control the computer to facilitate the generation of at least one certificate in response to an associated certificate request, the certification authority module being configured to provide that the computer not be remotely controlled during a certificate generation session.

Abstract: A method for scrambling/descrambling an analog signal includes receiving an analog signal and converting the signal into an intermediate frequency signal. A Gaussian pseudo-random noise signal is generated and then multiplied with the intermediate frequency signal to scramble/descramble the received analog signal.

Abstract: Method for determining and cataloguing a digital data file fingerprint. A data file, such as an audio file, is converted into digital format. The file is then sampled using at least one reference value. From the occurrences of the samples in the digital data file being equal to the reference value, a fingerprint is determined. This fingerprint is provided to a digital data file fingerprint database, along with proprietary and other related information. Users may then quickly ascertain the proprietary information from a data file through accessing the database with a fingerprint. Furthermore, users may detect whether or not a data file has been manipulated, such as compressed using modern compression technology, by comparing a fingerprint of the suspect data file with an original fingerprint found in the database.

Abstract: A block encryption method and schemes (modes of operation) that provide both data confidentiality and integrity with a single cryptographic primitive and a single processing pass over the input plaintext string by using a non-cryptographic Manipulation Detection Code function for secure data communication over insecure channels and for secure data storage on insecure media. The present invention allows, in a further aspect, software and hardware implementations, and use in high-performance and low-power applications, and low-power, low-cost hardware devices. The block encryption method and schemes of this invention allow, in yet a further aspect, encryption and decryption in parallel or pipelined manners in addition to sequential operation. In a yet further aspect, the block encryption method and schemes of this invention are suitable for real-time applications.

Abstract: An optical disk comprises a first recording area for recording contents data and data for recording and reproducing the contents data, and a second recording area for recording secondary data on the contents recorded in the first recording area, the secondary data being recorded as stripe marks longer in radial direction. Further, the second recording area comprises a first section for recording control data on the second recording area, a second section for recording data not to be inhibited to be outputted from a recording and reproducing apparatus for the optical disk, and a third section for recording data to be inhibited to be outputted from a recording and reproducing apparatus. The control data recorded in the first section includes an identifier which shows whether said second recording area includes said third section or not. By using the data to be inhibited to be outputted in the second recording area, a copyright of contents is protected and illegal use of software is prevented.

Abstract: A method, apparatus, and article of manufacture for providing to a signature hash for checking versions of abstract data types. An identifier is constructed for the abstract data type that is substantially unique to the abstract data type, wherein the identifier comprises a concatenation of various attributes for the abstract data type. The constructed identifier is hashed to generate a signature hash value for the abstract data type, which is then stored both in the database and a class definition for the abstract data type. When the class definition is instantiated as a library function, it accesses the abstract data type from the database, and compares the signature hash value from the database and the signature hash value from the class definition in order to verify that the class definition is not outdated. The class definition is outdated when the abstract data type has been altered without the signature hash value being re-generated and re-stored in the database and the class definition.

Abstract: Methods and arrangements are provided verify if a requesting computer application is authorized to change a controlled parameter associated with a computer controlled device and/or function. To accomplish this, one or verification functions are employed to analyze a security code or absence thereof, as identified by a requesting application. If the security code, which may be encrypted, matches a known or calculated valid security code, then the requesting application is deemed to be authorized to change the controlled parameter and/or modify certain limitations associated with an acceptable range for the controlled parameter. If the security code does not match a known or calculated valid security code, then the requesting application is deemed to be unauthorized to change the controlled parameter outside of a previously established acceptable range for the controlled parameter.

Abstract: A customer prints a ticket that includes customer security features that appear on the printed ticket. The features, such as a digital photograph of the customer, are checked by the merchant when the ticket is presented. If the security features do not match a ticket holder's features, the merchant denies admission to the ticket holder. The background area of the printed ticket contains a pattern to make it difficult for someone to insert other security features onto the ticket. The printed ticket includes a barcode that can be scanned by the merchant for fast retrieval of the purchaser's security features previously provided by the customer to the merchant. The retrieved security features are compared to both the ticket holder's features and the security features that appear on the printed ticket. A discrepancy during any of these comparisons enables the merchant to identify the imposter and deny admission.

Abstract: A document server residing on a network behind a firewall provides secure access to documents or services residing thereon. A first user outside the firewall communicates with the document server over an established first secure session to generate a token in a database of tokens on the document server. The first user digitally signs the public key of a second user and an identifier of the token. The first user transmits a URL token to the second user that identifies the location of the document server and the token identifier. When the second user outside the firewall redeems the URL token at the document server, the document server and the second user establish a second secure session. The document server authenticates the URL token against the second secure session before providing the second user with access to the document or service.