Abstract: In an information providing system, a condition notifying part is provided by a providing part to the user terminal with information that is in accordance with a request of the user terminal, is activated in a user terminal connecting to the information providing system via a network and notifies of a condition of the user terminal. In addition, a session management part manages session information in accordance with the condition of the user terminal notified by the condition notifying part activated in the user terminal. A session between the information providing system and the user terminal is established when the user is authenticated in accordance with authentication information from the user terminal and the session information managed by said session management part.

Abstract: A processor executive (PE) handles an operating system executive (OSE) in a secure environment. The secure environment has a fused key (FK) and is associated with an isolated memory area in the platform. The OSE manages a subset of an operating system (OS) running on the platform. The platform has a processor operating in one of a normal execution mode and an isolated execution mode. The isolated memory area is accessible to the processor in the isolated execution mode. A PE supplement supplements the PE with a PE manifest representing the PE and a PE identifier to identify the PE. A PE handler handles the PE using the FK and the PE supplement.

Abstract: An apparatus and method for embedding additional information embeds plural pieces of additional information on a signal as electronic watermark information. In detail, plural pieces of additional information to be embedded on a signal are generated, the additional information is converted into electronic watermark information, the sizes of embedding parts for respective electronic watermark information are defined under control, and the electronic watermark information is embedded on the signal based on the control signal. Therefore, the additional information are embedded so that additional information having a higher significance degree can be more reliably and rapidly detected.

Abstract: The present invention provides permutation instructions which can be used in software executed in a programmable processor for solving permutation problems in cryptography, multimedia and other applications. The permute instructions are based on an omega-flip network comprising at least two stages in which each stage can perform the function of either an omega network stage or a flip network stage. Intermediate sequences of bits are defined that an initial sequence of bits from a source register are transformed into. Each intermediate sequence of bits is used as input to a subsequent permutation instruction. Permutation instructions are determined for permuting the initial source sequence of bits into one or more intermediate sequence of bits until a desired sequence is obtained. The intermediate sequences of bits are determined by configuration bits. The permutation instructions form a permutation instruction sequence, of at least one instruction.

Abstract: A stream cipher is provided with one or more data bit generators to generate a first, second and third set of data bits. The stream cipher is further provided with a combiner function having a network of shuffle units to combine the third set of data bits, using the first and second sets of data bits as first input data bits and control signals respectively of the network of shuffle units. In one embodiment, the shuffle units are binary shuffle units and they are serially coupled to one another.

Abstract: A processor executive (PE) handles an operating system executive (OSE) in a secure environment. The secure environment has a platform key (PK) and is associated with an isolated memory area in the platform. The OSE manages a subset of an operating system (OS) running on the platform. The platform has a processor operating in one of a normal execution mode and an isolated execution mode. The isolated memory area is accessible to the processor in the isolated execution mode. A PE supplement supplements the PE with a PE manifest representing the PE and a PE identifier to identify the PE. A PE handler handles the PE using the PK and the PE supplement.

Abstract: A system, method and article of manufacture are provided for secure operation of a network device. A digital certificate is assigned to a network user. A command for operation of a network device and the digital certificate are received from the network user. A cryptographic key stored in the network device is utilized to authenticate the digital certificate of the network user. Operation of the network device is enabled if the digital certificate of the network user is authenticated. According to another aspect of the present invention, a system, method and article of manufacture are provided for secure identification of a network device. A digital certificate is assigned to a network device. A command for operation of the network device is received from a network user. The digital certificate is sent to the network user. The network user utilizes a cryptographic key to authenticate the digital certificate of the network device.

Abstract: The present invention provides an interactive library system having a computer in telecommunication link with at least one user computer and computer of at least one content provider requiring payment for information access. The interactive library system provides information from the content provider to the user by the following steps: Receiving, by the library system computer, user identification and password from the user computer. Comparing, by the library system computer, the received user identification and password with authorized user identifications and corresponding passwords stored in the library system to determine whether to grant access to the interactive library system. If the comparison results in grant of access, then the interactive library system provides the following steps: Receiving, by the library system computer, input from the user computer specifying type of information desired by the user.

Abstract: A system, method and article of manufacture are provided for password protecting user access to a computer system. One or more images are displayed to a user. The user is then required to perform a sequence of actions involving the images. The performed sequence of actions is compared with a predefined sequence of actions. If the performed sequence of actions matches the predefined sequence of actions, user access is permitted.

Abstract: A network file access appliance operates as a secure portal for network file access operations between client computer systems and network storage resources. The file access appliance terminates network file access transactions, identified by packet information including client system, mount point, and file request identifiers, between client systems and mount points supported by the access controller. A policy parser determines, based on the packet information, to selectively initiate network file access transactions between the access controller and network storage resources to enable completion of selected network file access transactions directed from the clients to the network file access appliance. The network file access transactions directed to the network storage resources are modified counterparts of policy selected client network file access transactions modified to reference mapped network storage resource mount points and support the secure transfer and storage of network file data.

Abstract: The present invention provides permutation instructions which can be used in software executed in a programmable processor for solving permutation problems in cryptography, multimedia and other applications. The permute instructions are based on a Benes network comprising two butterfly networks of the same size connected back-to-back. Intermediate sequences of bits are defined that an initial sequence of bits from a source register are transformed into. Each intermediate sequence of bits is used as input to a subsequent permutation instruction. Permutation instructions are determined for permitting the initial source sequence of bits into one or more intermediate sequence of bits until a desired sequence is obtained. The intermediate sequences of bits are determined by configuration bits. The permutation instructions form a permutation instruction sequence of at least one instruction.

Abstract: A computer-based system providing for the electronic approval of documents in parallel. An electronic document is issued for approval by a user at one point in time at some location. It can subsequently be accessed by other users, who can then electronically approve the documents simultaneously or serially. The technology alerts users to any unauthorized modifications which may have been made to the document during subsequent approvals. A document authentication code (DAC 0) is generated, linked to the original document. Subsequent approvals of the document generate a DAC x related to that specific approval as well as approval information such as an individual's handwritten signature as well as any other identifying information (Name, date and time of signing, biometrics, voice, fingerprint, picture, etc.) which may be required for the approval process.

Abstract: Systems and methods for verifying the authorization of a server to provide network resources to a client. At selected times, the client asserts an authorization interrupt, which will disable some or all non-essential functions of the client unless the server's authorization is verified within an allotted period of time. The client creates a client message by generating a random number and combining it with a client identifier and a value that specifies the current time. The client message is encrypted and sent to the server. Only authorized servers can decrypt the client message and create an encrypted service message that includes the random number. The service message can also contain an authorization code specifying the services that the client may receive, and an expiration count indicating when the authorization procedure will be repeated. The client receives and decrypts the service message.

Abstract: A method and an apparatus for generating encryption stream ciphers are based on a recurrence relation designed to operate over finite fields larger than GF(2). A non-linear output can be obtained by using one or a combination of non-linear processes to form an output function. The recurrence relation and the output function can be selected to have distinct pair distances such that, as the shift register is shifted, no identical pair of elements of the shift register are used twice in either the recurrence relation or the output function. Under these conditions, the recurrence relation and the output function also can be chosen to optimize cryptographic security or computational efficiency.

Abstract: A scrambling key information piece is periodically changed among a plurality of different key information pieces including first and second key information pieces. An input signal is scrambled into a scrambling-resultant signal in response to the periodically changed scrambling key information piece. The scrambling-resultant signal, the first key information piece, and the second key information piece are recorded on the recording medium. The first key information piece which is used in the scrambling of a portion of the input signal recorded during a first recording interval is recorded on the recording medium during a second recording interval being longer than the first recording interval and containing the first recording interval.

Abstract: A method and apparatus for creating a secure script. Executable commands in the script are hashed, and the hashed values for the commands are encrypted and appended to the script. Before executing the script, a hashed value for each executable command in a script is computed and the encrypted hashed value appended to the script for each executable command in the script is decrypted to obtain a decrypted hashed value for each executable command in the script. The hashed value and the decrypted hashed value for each executable command is compared, and if the values are the same, the command is executed.

Abstract: A method and apparatus in a data processing system for managing permissions in an application. A user input is received at a container handled by a view controller, wherein the user input requests a change in permissions in the application. This user input, may be, for example, a change in security in an application through a login process. A view event describing the user input is generated. The view event is received at an application mediator. Responsive to receiving the view event, by the application mediator, a request event is generated and a permission corresponding to the user input is received. The permission alters an item, which may be in either of both the view controller and the application mediator.

Abstract: IP security is provided in a virtual private network using network address translation (NAT) by performing one or a combination of the four types of VPN NAT, including VPN NAT type a source-outbound IP NAT, VPN NAT type b destination-outbound, VPN NAT type c inbound-source IP NAT, and VPN NAT type d inbound-destination IP NAT. This involves dynamically generating NAT rules and associating them with the manual or dynamically generated (IKE) Security Associations, before beginning IP security that uses the Security Associations. Then, as IP Sec is performed on outbound and inbound datagrams, the NAT function is also performed.

Abstract: A digital signature system includes a data receiver for receiving an electronic document over a network; an encryption key database, and a signature processor in communication with the encryption key database and the data receiver. The encryption key database includes encryption key records, each being associated with a subscriber of the database and identifying an encryption key uniquely associated with the subscriber. The signature processor is configured for receiving an indicator of one of the subscribers and for deriving a digital signature from the received electronic data and the encryption key associated with the one subscriber. Upon receipt of electronic data and an indicator of one of the database subscribers, the digital signature system derives a digital signature from the received electronic data and the encryption key associated with the one database subscriber.

Abstract: A CPU module, satellite or digital TV tuner, MPEG2 decoder, and DVD-RAM drives have authenticators for making device authentication, key exchange, and the like. These authenticators hold authentication data (authentication formats) of the corresponding function modules. By exchanging the authentication formats between devices which are to authenticate each other, authentication can be done in units of function modules.