Abstract: A cryptography unit having a cipher unit and a hash unit coupled in parallel for simultaneous ciphering and hashing. The cipher unit implements a cipher algorithm that operates on a data block having a first predetermined size M. The hash unit implements a hash algorithm on a data block having a second predetermined size N. Buffers of a size Q, where Q is an integer multiple of M and N, are employed to receive the input data into the present invention. A security unit that ensures that the cipher unit and the hash unit operate on the same data block of size Q is also provided.

Abstract: A method and apparatus are provided for encrypting a stream of data transmitted within a frame. The method includes determining a first initialization state in a first preselected interval, and determining the first initialization state in a second preselected interval, wherein the second preselected interval is less than the first preselected interval. The method includes generating a key stream in response to determining the first initialization state in the second preselected interval, and encrypting at least one bit of the stream of data with at least one bit of the key stream.

Abstract: The present invention relates to a method and system of making computer software resistant to tampering and reverse-engineering. “Tampering” refers to making unauthorized changes to software, such as bypassing password checks, which are of benefit to the tamperer or of detriment to the provider or vendor of the software. Thus, tampering does not denote arbitrary destructive changes, such as causing the software to fail completely. Broadly speaking, the method of the invention is to increase the tamper-resistance and obscurity of software so that the observable operation of the transformed software is dissociated from the intent of the original code, and so that the functionality of the software is extremely fragile when modified: any modification will, with high probability, produce persistently nonsensical behaviour. These effects are achieved by converting the control-flow of the software into data-driven form, and increasing the complexity of the control-flow by orders of magnitude.

Abstract: A system, method and computer program product are provided for analyzing a network. Initially, network traffic information relating to network traffic is collected. Next, the network traffic information is encrypted. In use, the network traffic information is capable of being analyzed by a network analyzer adapted for decrypting the network traffic information.

Abstract: A method for protecting the video memory on a computer system from being illicitly copied. The invention decrypts a previously encrypted image and displays it on the video screen. During the time the image is displayed, the invention protects it from being copied by other running applications. This is accomplished in multithreaded operating systems by first issuing a multithreaded locking primitive to the video memory resource, and then inserting a pending video hardware request that will take precedence over any subsequent video memory access requests. The pending request serves the purpose of destroying the contents of video memory. The pending request is passive in that it does not execute unless a malicious program has removed the video memory lock.

Abstract: A video source device generates a session key for each transmission session wherein a multi-frame video content is to be transmitted to a video sink device. The video source device uses the session key to generate a successive number of frame keys. The frame keys in turn are used to generate corresponding pseudo random bit sequences for ciphering the corresponding frames to protect the video content from unauthorized copying during transmission. The video sink device practices a complementary approach to decipher the received video content. In one embodiment, both devices are each provided with an integrated block/stream cipher to practice the transmission protection method.

Abstract: A system and method are disclosed that regulate browsing of web content or content labels and that provide selective and multiple programmed settings and passwords for web content labels. In one embodiment, at least some of the web pages accessible to a web browser are assigned content labels. Programmed settings are established for the content labels that are to be password protected. A content password is assigned to each of the programmed settings. Access to web pages without any content labels is strictly denied by the web browser. Access to web pages with content labels that are not being regulated is allowed. Access to web pages with content labels that are password protected is regulated.

Abstract: Provided is a method and system for alerting an Internet service provider (ISP) having a server, or an Internet Connected Computer (ICC), that a potential hacker may be using it to attempt to access a target. The method detects a hacking event at the target, and reports the hacking event to a server located outside the target. The server may then report the hacking activity, including the identity of the hacker, to the target system's administrator, or another party, such as government entities. The system, which may be implemented as software, uses a monitor module and an action module to alert an Internet service provider that a hacker may be using it to attempt access to a target.

Abstract: Ipsec rules are searched in order from rules containing the most specificity to those containing the least specificity of attributes. The static rules include placeholders for sets of dynamic rules. Dynamic rules are searched only if a placeholder is the first matching rule in the static table. Sets of dynamic rules are partitioned into separate groups. Within each group there is no rule order dependence. Each such group is searched with an enhanced search mechanism, such as a search tree. For connection oriented protocols, security rule binding information is stored in association with the connection. This allows the searching of the rules to be performed only when a connection is first established. If a static or dynamic rule is changed during a connection, a search is repeated. For selected connectionless protocols, packets are treated as if they were part of a simulated connection.

Abstract: A method for securing communications within a computer network that includes wireless devices is presented. The method involves the use of a middleware server, which allows ill-performing and potentially insecure communications protocols to be off-loaded onto a more powerful machine running in a more secure environment, e.g., within a company's Intranet. The method can be practiced with any symmetric encryption algorithm, and can be combined with additional security methods, such as asymmetric encryption methods.

Abstract: A Security Management Tool (SMT) is defined and created that solves the problem of efficiently and accurately configuring security attributes for multiple computer systems. SMT executes an automated operation that captures a definition of security attributes on a particular, selected computer system and sets the captured security attribute definition on one or more subsequently-configured systems. In various embodiments, SMT clones security attribute information according to selected security information groupings. Typical security information groupings include User/Group security information, file system security information, registry system security information groupings, and the like. SMT stores security information in a security attribute file that serves as a central security configuration database. SMT accesses the central security configuration database to recreate the setting of security attributes on other computer systems.

Abstract: State information for a call between a calling party and a called party is established without maintaining the state information at a gate controller. A setup request for the call is received at an originating gate controller. The originating gate controller is connected to a trusted network. The calling party is associated with an originating interface unit coupled to an untrusted network. The setup request for the call is authorized. The authorized setup request is sent to the called party. State information for the call is formatted based on a setup acknowledgment message received from the calling party. The state information for the call is sent from the originating gate controller to the originating interface unit without maintaining the state information at the originating gate controller.

Abstract: Encryption and decryption methods for 3-dimensional shape data, especially copyrighted data, useful for detecting unauthorized use or piracy of a 3-dimensional object's shape represented by the 3-dimensional shape data are provided. An alteration is added to 3-dimensional shape data representing a 3-dimensional object by using an encryption key. The encrypted data, having been altered, are distributed. The 3-dimensional object represented by the encrypted data is distorted and different from the original 3-dimensional object. The recipient of the encrypted data can obtain the original 3-dimensional shape data by reversing the alteration of the encrypted data by using a decryption key.

Abstract: The present invention provides a system and method for checking authorization of remote configuration operations. The method comprises generating a request credential manifest to request an update of configurable parameters on a client platform. Furthermore, the method comprises signing the request credential manifest with a manifest digital signature, which was generated using a private key in a cryptographic key pair. In addition, the method further comprises verifying the manifest digital signature using a public key to ascertain that the request credential manifest was generated by an authorized console platform.

Abstract: A method of keyless encryption of messages allows secure transmission of data where data security is not available for some technical or legal reason. The method of data transfer uses a challenge response in which a correct response to a challenge is used to transmit the value “1”, while a deliberately false response is made to transmit the value “0”. Any message can be transmitted as a binary string using successive applications of this method.