Abstract: In some embodiments, the invention involves receiving remotely originating data (ROD) and creating a customized identification (CID) which is at least partially created through encrypting the ROD as a function of a platform key (PK) and a random number (RN) of a computer system receiving the ROD. Further, content is received which includes at least one watermark in which at least part of the CID is embedded. Authentication comparison data (ACD) is created which is at least partially created through decrypting data embedded in the watermark. In some embodiments, content includes first and second data sets, wherein the first data set is used to create a watermark key (WK) and the second data set is extracted utilizing the WK and the ACD includes at least part of the second data set.

Abstract: A symmetric-key cryptographic technique capable of realizing both high-speed cryptographic processing having a high degree of parallelism, and alteration detection. The invention includes dividing plaintext composed of redundancy data and a message to generate plaintext blocks each having a predetermined length, generating a random number sequence based on a secret key, generating a random number block corresponding to one of the plaintext blocks from the random number sequence, outputting a feedback value obtained as a result of operation on the one plaintext blocks and the random number block, the feedback value being fed back for using in the operation on another plaintext blocks, and performing an encryption operation using the one plaintext blocks, random number block, and feedback value.

Abstract: A method for certifying that data sent from a computer is free from viruses identified by an anti-virus database. The method includes scanning data for viruses before it is sent from the computer and attaching a certificate identifying the data as being scanned for viruses if no viruses are found during scanning. The data is sent with the certificate from the computer to a recipient computer. A method for certifying that content available on a host site is free from viruses is also disclosed.

Abstract: The present invention provides a method and system for depicting an online map of a route along with any incidents on the route. To create the map, a consumer first provides the origination and destination addresses of the route, then a proposed route is provided for their approval. The consumer may modify the proposed route or accept it. Next, the route is analyzed to determine if any incidents have occurred upon it. This analysis comprises preparing the route by creating regions of interest around segments composing the route, examining if any traffic incidents fall within one or more of the regions of interest, and determining for those incidents if the incident is closer than a threshold value to any segment on the route. The final route along with any incidents on the route is then depicted for the consumer.

Abstract: A system and method for allowing roaming of a subscriber and password authentication a non-LDAP region. A user signs onto a network access server which in turn connects to the regional LDAP RADIUS server. Password authentication occurs by hashing a transmitted password and comparing it to a clear text password from an LDAP database that has been hashed in the same manner as the transmitted password. When the subscriber is in a non-LDAP region, The password proceeds trough a proxy server to a regional RADIUS server which connects to a non-LDAP server. The non-LDAP server connects to and SMS database and retrieve the clear text password associated with the non-LDFSAP user, hashes it according the same method as the transmitted hashed password and formats the password for comparison in the regional RADIUS server. If the hashed passwords compare, the access is permitted.

Abstract: Unwanted electronic messages can be avoided by screening them before they enter a receiving client. Only messages from authorized sending parties are passed to the receiving client while messages from sending parties not previously authorized are discarded or returned. The same arrangement can be used with cellular and conventional telephones, facsimile machines, and other devices.

Abstract: An apparatus for and method of controlling propagation of decryption keys is provided. One embodiment of the present invention includes an encryption key propagation control system wherein a generation number is identified with each decryption key and the generation number is queried each time a request is made to forward the decryption key to another user. The generation number is decremented at each request, and once it reaches zero, further requests are refused by the control system.

Abstract: Each of the embodiments of the present invention supplies date information issued from a third party to a digital signature of a first user apparatus for an electronic document. Originality of the electronic document is ensured by applying the digital signature of the third party to a set of the digital signature and date information. No electronic document is transmitted to the third party apparatus during originality assurance of the electronic document. Accordingly, it is possible to decrease loads to the third party and associated networks even if the third party apparatus is congested with accesses. Since there is registered an undeniable signature for a second user apparatus, it is possible to prevent the second user apparatus from denying the reception.

Abstract: This invention uses network stack information to enforce context-based policies. The combination of policies, user/application context information and packet filtering is used to enable fine-grained control of network resources.

Abstract: A cryptographic communication terminal serving as one of information transmitting and receiving terminals in cryptographic communication includes a cryptographic algorithm storage section for storing one or more types of cryptographic algorithm used for cryptographic communication, and outputting a designated cryptographic algorithm, a key information storage section for storing a key used for cryptographic communication corresponding to the cryptographic algorithm, and outputting a designated key, a control section for designating, with respect to the cryptographic algorithm storage section and the key information storage section, which cryptographic algorithm and key are to be used in the cryptographic communication, and an encryption/decryption section for decrypting received encryption information by using the cryptographic algorithm designated with respect to the cryptographic algorithm storage section and the key designated with respect to the key information storage section, and encrypting information

Abstract: An encryption method and apparatus that provides forward secrecy, by updating the key using a one-way function after each encryption. By providing forward secrecy within a cipher, rather than through a key management system, forward secrecy may be added to cryptographic systems and protocols by using the cipher within an existing framework. A random-access key updating method can efficiently generate one or more future keys in any order. Embodiments are applicable to forward secret ciphers that are used to protect protocols with unreliable transport, to ciphers that are used in multicast or other group settings, and to protection of packets using the IPSec protocols.

Abstract: A method and apparatus for deploying configuration instructions to security devices in order to implement a security policy on a network are disclosed. An address translation alteration performed on packets communicated between a management source and a plurality of security devices, resulting from implementation of a proposed new network security policy, is detected. One or more sets of security devices are identified that would each have one or more configuration dependencies as a result of the address translation alteration. Configuration instructions are sent from the management source to each of the one or more sets of security devices using an order determined by the identified configuration dependencies. The configuration instructions are used to implement the security policy on the network. As a result, firewalls and similar devices are properly configured for a new policy without inadvertently causing traffic blockages arising from configuration dependencies.

Abstract: A method and a system by which to achieve authentication intrusion detection so as to effectively detect and prevent unauthorized access to and use of a local computer system, or the like, and take appropriate measures. The local system authentication process is redirected to an authenticator broker system (i.e. a secondary authentication system) that makes use of the local system authentication process paths and the local system authenticator file. The authenticator broker system includes an authenticator broker system file having stored therein secret authenticators of prospective users, a mapping file to assign a replacement identifier for the identifier entered by a particular user at the local system and redirected to the secondary system, and a decoy authenticator file to assign a decoy authenticator for the secret authenticator entered by the user and originally stored in the local system authentication file.

Abstract: A system for authenticating digital data capable of preventing change or disguise of data by improvement or interchange in case of no confidentiality in the data itself so as to maintain the data. When writing digital data from an input device to a memory and transferring the digital data from the memory to a receiving device, device authentication is performed between the input device and the memory and between the memory and the receiving device respectively. At the same time, when writing digital data to the memory, in the case of implementing on the digital data an electronic signature by a one-way hash function and also reading from the memory and transferring the digital data, the implemented electronic signature is decrypted so as to transfer the digital data after ensuring that it has not been changed since it was recorded. Thus, it is possible to prevent change or disguise of data by improvement or interchange in case of no confidentiality in the data itself so as to maintain the data.

Abstract: A method, system and program product for managing a size of a key management block (KMB) during content distribution is provided. Specifically, a first KMB corresponding to a first subtree of devices is received along with content as encrypted with a title key. If a size of the first KMB exceeds a predetermined threshold, a second subtree will be created. A second KMB corresponding to the second subtree of devices will then be generated. The second KMB contains an entry revoking the entire first subtree of devices and, as such, is smaller than the first KMD. Any compliant devices from the first subtree are migrated to the second subtree.

Abstract: Generally, the present invention monitors and communicates travel data transmitted from vehicles being monitored by the system to users requesting travel information on a particular vehicle. A travel data storage unit receives and stores the travel data. When a user desires to view some or all of this travel data, the user submits a request to a data manager. In response, the data manager retrieves the appropriate information from the travel data stored in the travel data storage unit and transmits this information to the user. The data manager may communicate the information in a variety of mediums and preferably contact information is predefined that enables the data manager to determine which medium is preferable and how to establish communication once the medium is determined.

Abstract: Systems and methods for providing network access, e.g. Internet access, are described. An architecture includes a host organization network through which network access is provided. The host organization network can be advantageously deployed in public areas such as airports and shopping malls. An authentication/negotiation component is provided for authenticating various users and negotiating for services with service providers on behalf of the system users. The authentication/negotiation component can include one or more specialized servers and a policy manager that contains policies that govern user access to the Internet. An authentication database is provided and authenticates various users of the system. An access module is provided through which individual client computing devices can access the Internet. In one embodiment, the access module comprises individual wireless access points that permit the client computing devices to wirelessly communicate data packets that are intended for the Internet.

Abstract: A trust web keying process provides secure peer networking of computing devices on an open network. A device is initially keyed at distribution to an end user or installer with a device-specific cryptographic key, and programmed to respond only to peer networking communication secured using the device's key. The device-specific key is manually entered into a keying device that transmits a re-keying command secured with the device-specific key to the device for re-keying the device with a group cryptographic key. The device then securely peer networks with other devices also keyed with the group cryptographic key, forming a trust web. Guest devices can be securely peer networked with the trust web devices via a trust web gateway.

Abstract: An improved method is provided for identifying road sections in a navigation database. The method includes: receiving a database update identifying at least one road intersection; constructing a logical representation of the road topology surrounding the at least one road intersection; and identifying the at least one road intersection in the navigation database by comparing the logical representation to a logical representation of the navigation database.

Abstract: A method is provided for enhanced spread spectrum watermarking. The improved watermarking method includes: receiving host data which is expressed in a transform domain by a plurality of host transform parameters; reducing variance between the plurality of host transform parameters, thereby forming an enhanced sequence of host transform parameters; and adding a watermark to the enhanced sequence of host transform parameters using a spread spectrum technique. The enhanced sequence of host transform parameters may be formed by arranging the plurality of host transform parameters in at least one of an ascending order or descending order; determining a difference for each pair of consecutive host transform parameters; and alternating the sign of every other difference value, thereby forming the enhanced sequence of host transform parameters.