Abstract: A security management system includes a fusion engine which “fuses” or assembles information from multiple data sources and analyzes this information in order to detect relationships between raw events that may indicate malicious behavior and to provide an organized presentation of information to consoles without slowing down the processing performed by the data sources. The multiple data sources can comprise sensors or detectors that monitor network traffic or individual computers or both. The sensors can comprise devices that may be used in intrusion detection systems (IDS). The data sources can also comprise firewalls, audit systems, and other like security or IDS devices that monitor data traffic in real-time. The present invention can identify relationships between one or more real-time, raw computer events as they are received in real-time. The fusion engine can also assess and rank the risk of real-time raw events as well as mature correlation events.

Abstract: A method and apparatus for maintaining a secure run-time environment in which arbitrary relationships between the subjects and objects of differing sensitivity labels are defined so as to provide for discrete access between arbitrary, normally incomparable sensitivity labels.

Abstract: A system and method for verifying integrity of a system with multiple components includes a plurality of related object components that forms the software system, a signed binary description file manager that generates a signed binary description file (SBDF) to store verification and license information of the plurality of related object components, and a verification agent that verifies itself and the plurality of related object components. The manager associates unique identification (ID) names that represents the related object components with corresponding sets of component license information, and stores the associations in the signed binary description file. The verification agent retrieves license information pertinent to itself and each of the related object components utilizing the SBDF. The verification agent verifies the related object components after verifying its own integrity.

Abstract: Single sign-on process allowing a mobile user with a mobile phone or with a laptop to remote-access a remote server, comprising the steps of: (1) sending a first authenticator over a first communication layer to a first intermediate equipment between said mobile equipment and said remote server, (2) verifying in said first intermediate equipment said first authenticator sent by said mobile equipment, (3) if said first authenticator is accepted by said first intermediate equipment, completing the communication layer between said mobile equipment and said intermediate equipment, (4) repeating steps (1) to (3) with a plurality of successive intermediate equipment and over a plurality of successive communication layers, until a communication has been completed at the last requested communication layer between said mobile equipment and said remote server, wherein at least a plurality of said authenticators are furnished by a smart-card in said mobile equipment.

Abstract: The present invention relates to a gray-level watermarking system, in which sub-band and codebook technique are applied, and the feature of progressive transformation is utilized so as to randomly and evenly distribute the watermark to the entire data with the robustness and the visibility reduced. A four-fold key system is developed with encrypted key to exact the watermark, thus forming a system capable of protecting internet-transmitted multimedia signals such as audio, video ones that are combined with the watermark from being detected or attacked.

Abstract: A video source device generates a session key for each transmission session wherein a multi-frame video content is to be transmitted to a video sink device. The video source device uses the session key to generate a successive number of frame keys. The frame keys in turn are used to generate corresponding pseudo random bit sequences for ciphering the corresponding frames to protect the video content from unauthorized copying during transmission. The video sink device practices a complementary approach to decipher the received video content. In one embodiment, both devices are each provided with an integrated block/stream cipher to practice the transmission protection method.

Abstract: A closed system meter that secures the link between the accounting device and printer utilizing a Linear Feedback Shift Register (LFSR) based stream encryption is provided. The accounting device includes an LFSR that comprises a plurality of stages, with one or more taps that are passed through a logic gate to provide a “feedback” signal to the input of the LFSR, to generate a pseudo-random pattern output. Preferably, a Shrinking Key Generator (SKG) is utilized to further ensure privacy of the data. The output data from the accounting unit is encrypted utilizing the output from the LFSR and sent to the printing device. The printing device includes a similar LFSR, which is utilized to decrypt the output data from the accounting unit and enable printing.

Abstract: Method and system for carrying out secure signing of a person on a data packet sent from a sender to a recipient, the sender and the recipient connected to a data network via network connection means. A biometric sample of the person is sampled and converted to a digital form. A first digital seal produced from the combination of the digital data packet and the biometric sample, or from two or more digital seals derived from the digital data packet and the biometric sample. The digital data packet and the biometric sample and the digital seal are sent to the recipient. A second digital seal is produced from the combinations of received digital data packet and the received biometric sample. The first and the second seals are compared and if the first and the second seals are identical, the authentication of the digital signature is approved. Otherwise, the authentication of the digital signature is denied.

Abstract: A software program is configured in accordance with a software aging process such that one or more files generated by the program are at least partially encrypted using a cryptographic key associated with a current time interval for which the files are generated. The cryptographic key may be a symmetric key used for both encryption and decryption operations, such that cryptographic key used for encryption in a given interval is also required to decrypt files encrypted during that interval. Periodic updates of the software program are provided to a legitimate user of the software program, with a given one of the updates including a different cryptographic key associated with a subsequent time interval. The cryptographic key associated with a particular one of the time intervals may be common to each of a set of legitimate copies of the software program that have received the corresponding version of the periodic update.

Abstract: A communication apparatus capable of reducing the amount of communication with other communication apparatuses is provided, wherein a content signal of a popular program is broadcasted in advance from a broadcast base station to terminals and stored in a memory of each. In a terminal, when a content signal specified by a play instruction signal is stored in the memory, the content signal is read from the memory. On the other hand, when it is not stored in the memory, the terminal requests the specified content signal from the cellular base station via a cellular network and receives the specified content signal.

Abstract: A device and method thereof for packetizing scalably encoded and progressively encrypted data. The device includes a receiver adapted to receive a stream of data from an encoding and encrypting device, in which some or all of the data are scalably encoded and progressively encrypted. The device also includes a packetizer adapted to packetize some or all of the data into secure and scalable data packets. In one embodiment, the device includes a memory unit for storing the data received from the encoding and encrypting device prior to packetization of the data. In another embodiment, the device includes a memory unit for storing the secure and scalable data packets. In yet another embodiment, the device includes a transmitter for transmitting some or all of the data packets to a downstream device.

Abstract: A method and software component for inquiring about security relationships is disclosed. The method and software component perform class instantiations and method invocations necessary to retrieve security relationship information for display to a user. The method and software component may perform various manipulations of the security relationship information. The manipulations may comprise eliminating duplicate security relationship information. The method and software component enable a graphical user interface (“GUI”) to avoid being cluttered with the necessary coding to retrieve the security relationship information. Instead, the GUI may simply invoke a function of the software component to retrieve the security relationship information.

Abstract: A system, method and computer program product are provided for efficient on-access computer virus scanning of files. Initially, a process for accessing files is identified. Thereafter, virus detection actions are selected based at least in part on the process. The virus detection actions are then performed on the files.

Abstract: A virus detection system (VDS) (400) uses a histogram to detect the presence of a computer virus in a computer file. The VDS (400) has a P-code data (410) for holding P-code, a virus definition file (VDF) (412) for holding signature of known viruses, and an engine (414) for controlling the VDS. The engine (414) contains a P-code interpreter (418) for interpreting the P-code, a scanning module (424) for scanning regions of the file (100) for the virus signatures in the VDF (412), and an emulating module (426) for emulating instructions in the file. The emulating module (426) contains a histogram generation module (HGM) (436) for generating a histogram of characteristics of instructions emulated by the emulating module (426) and a histogram definition module (HDF) (438) for specifying the characteristics to be included in the generated histogram. The emulating module (426) uses the generated histogram (500) to determine how many of the instructions of the computer file (100) to emulate.

Abstract: A server architecture for a digital rights management system that distributes and protects rights in content. The server architecture includes a retail site which sells content items to consumers, a fulfillment site which provides to consumers the content items sold by the retail site, and an activation site which enables consumer reading devices to use content items having an enhanced level of copy protection. Each retail site is equipped with a URL encryption object, which encrypts, according to a secret symmetric key shared between the retail site and the fulfillment site, information that is needed by the fulfillment site to process an order for content sold by the retail site. Upon selling a content item, the retail site transmits to the purchaser a web page having a link to a URL comprising the address of the fulfillment site and a parameter having the encrypted information.

Abstract: A method and system is provided for a tamper-proof storage of one or more records of an audit trail in a database. Since the integrity of the database records may be vulnerable to actions taken by a user such as a privileged database administrator, a mechanism is provided to efficiently detect any changes made by him to the database records. The method creates one or more authentication tokens, and generates one or more validation tokens from the authentication tokens through a combination of a hashing process and an encryption process. Once the validation tokens are created, they are further integrated into the records in the database. The authentication tokens are written to a secured information storage in a predetermined format by a writing machine inaccessible by the user but accessible by the auditor.

Abstract: A secure method for sending registered, authenticated electronic documents. The invention validates sender and recipient identities, provides for non-repudiation of authenticated documents by sender and recipient, provides an evidence trail, and protects the integrity of the document. The invention is constructed so that a sender can be supplied with proof that the intended recipient received and opened an authenticated document. A neutral third party acts as a document registration agent, and witness to the transmission and receipt of the authenticated document. In the event of a dispute between sender and recipient, the third party can provide an irrefutable record of the contents of the document and of the history of the transmission and receipt of the document Because the third party never has possession of the electronic document, the method provides maximum privacy for sender and recipient. The method is readily adaptable to both key recovery and key escrow.

Abstract: A relational database system for encryption of individual data elements comprising a encryption devices of at least two different types, the types being tamper-proof hardware and software implemented. The encryption processes of the system are of at least two different security levels, differing in the type of encryption device holding the process keys for at least one of the process key categories and also differing in which type of device executing the algorithm of the process. Each data element to be protected is assigned an attribute indicating the usage of encryption process of a certain security level.

Abstract: A mechanism that allows enterprise authorities to be informed when security-sensitive decisions or actions have been or are attempting to be made by users of untrusted code executing in the trusted computing base. The mechanism may be implemented as an abstract class that is part of the trusted computing base. The class provides a framework abstract enough to permit multiple possible notifications (e.g., providing an e-mail to a system operator, sending an Simple Network Management Protocol (SNMP) alert, making an entry in an online database, or the like) in the event that a given action is taken by a user of untrusted code. The abstract class may provide a default notification, or the class may be extended to enable an authority to provide its own set of customized notifications.

Abstract: The present invention provides a message-oriented middleware solution for securely transmitting messages and files across public networks unencumbered by intervening network barriers implemented as security measures. It also provides a dynamic, dedicated, application level VPN solution that is facilitated by the message-oriented middleware. Standard encryption algorithms are used to minimize the threat of eavesdropping and an Open-Pull Protocol (OPP) that allows target nodes to pull and verify the credentials of requestors prior to the passing of any data. Messaging can be segregated into multiple and distinct missions that all share the same nodes. The security network's architecture is built to resist and automatically recover from poor, slow, and degrading communications channels. Peers are identifiable by hardware appliance, software agent, and personally identifiable sessions.