Abstract: A method and a circuit for protecting a numerical quantity contained in an integrated circuit on a first number of bits, in a modular exponentiation computing of a data by the numerical quantity, including: selecting at least one second number included between the unit and said first number minus two; dividing the numerical quantity into at least two parts, a first part including, from the bit of rank null, a number of bits equal to the second number, a second part including the remaining bits; for each part of the quantity, computing a first modular exponentiation of said data by the part concerned and a second modular exponentiation of the result of the first by the FIG. 2 exponentiated to the power of the rank of the first bit of the part concerned; and computing the product of the results of the first and second modular exponentiations.

Abstract: An efficient pseudo-random function and an efficient limited number of times authentication system using such a function are realized. A pseudo-random function calculating device comprises a key creating means and a pseudo-random function calculating means. The key creating means creates a public key made of a set of at least a first component and a second component as components constituting an element of a finite group and a secret key made of an integer and secretly saves the created secret key in a secret key memory section but makes the public key public. The pseudo-random function calculating means outputs the element of a finite group as function value of the pseudo-random function upon receiving an integer as input.

Abstract: In a gaming environment, a method of periodically downloading dynamically generated executable modules at random intervals that perform system configuration integrity checks in a secure and verifiable manner is disclosed. The dynamically generated executable modules are created on a server machine and are themselves signed using industry standard PKI techniques, and contain randomly chosen subset from a repertoire of proven hashing and encryption algorithms that are executed on the system to be checked to create a unique signature of the state of that system. The dynamically generated executable module returns the signature to the server machine from which it was downloaded and deletes itself from the system being checked. The next time such an executable module is downloaded, it will contain a different randomly chosen subset of hashing and encryption algorithms.

Abstract: Systems, methods, and computer program products are provided for user authentication required for conducting online financial institution transactions. The disclosed embodiments leverage the capabilities of platforms other than conventional personal computers and laptops, such as gaming consoles and wireless devices. Unique intrinsic user activities, such as controller motions or activities, built-in hardware signatures or other input data associated with a gaming console are used as the authentication mechanism, so as to provide a higher degree of security in the overall authentication process by lessening the likelihood of password replication or interception during network communication.

Abstract: An agent on a network is preconfigured to automatically respond to neighborhood discovery by sending an advertisement having a spoof IPv6 address. A spoof IPv6 address includes a spoof NIC value that is a value that identifies a network interface card not being used on the network. Thus, upon receipt of the advertisement by the infected host computer system, malicious code on the infected host computer system probes the spoof IPv6 address space defined by a network section value of the spoof IPv6 address, the spoof NIC value, and the range of possible values of the assigned host ID value of the spoof IPv6 address. As there are no interfaces within the spoof IPv6 address space except that associated with the agent, propagation of the malicious code is slowed or defeated and connections are directed to the agent.

Abstract: A method for setting communication parameters in a plurality of communication devices includes setting communication parameters without an authentication process being performed for a second communication device in a case where a first communication device has received a request for setting communication parameters from the second communication device within a predetermined period of time from the start of setting communication parameters. The method further includes setting communication parameters after the authentication process has been performed for the second communication device in a case where the first communication device has received a request for setting communication parameters from the second communication device after the expiration of the predetermined period of time from the start of setting communication parameters.

Abstract: A token calculates a one time password by generating a HMAC-SHA-1 value based upon a key K and a counter value C, truncating the generated HMAC-SHA-1 value modulo 10^Digit, where Digit is the number of digits in the one time password. The one time password can be validated by a validation server that calculates its own version of the password using K and its own counter value C?. If there is an initial mismatch, the validation server compensate for a lack of synchronization between counters C and C? within a look-ahead window, whose size can be set by a parameter s.

Abstract: A method for content access control operative to enable authorized devices to access protected content and to prevent unauthorized devices from accessing protected content, the method comprising: providing a plurality of authorized devices; dividing the plurality of authorized devices into a plurality of groups, each of the plurality of authorized devices being comprised in at least one of the plurality of groups, no two devices of the plurality of authorized devices being comprised in exactly the same groups; determining whether at least one device of the plurality of authorized devices is to be prevented from having access to the protected content and, if at least one device is to be prevented, removing all groups comprising the at least one device from the plurality of groups, thus producing a set of remaining groups; and determining an authorized set comprising groups from the set of remaining groups, such that each device of the plurality of authorized devices which was not determined, in the determining

Abstract: A programming interface for a computer platform can include various functionality. In certain embodiments, the programming interface includes one or more of the following groups of types or functions: those related to core file system concepts, those related to entities that a human being can contact, those related to documents, those common to multiple kinds of media, those specific to audio media, those specific to video media, those specific to image media, those specific to electronic mail messages, and those related to identifying particular locations.

Abstract: An identification tag for authenticating a product is associated with the product and has authentication data transmissible to a reader device. The authentication data include source data including a tag identifier that uniquely identifies the identification tag and a signature value that is a result of a private key encryption of a representation of the source data, where the private key encryption uses a private key of a public key encryption method.

Abstract: A system and method are provided for identifying inappropriate content in websites on a network. Unrecognized uniform resource locators (URLs) or other web content are accessed by workstations and are identified as possibly having malicious content. The URLs or web content may be preprocessed within a gateway server module or some other software module to collect additional information related to the URLs. The URLs may be scanned for known attack signatures, and if any are found, they may be tagged as candidate URLs in need of further analysis by a classification module.

Abstract: In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using a symmetric cipher, in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext. In accordance with other aspects, a bit string is received from a calling program. An identifier of the calling program is checked to determine whether the calling program is allowed to access data encrypted in ciphertext of the bit string. The integrity of the data is also verified, and the data is decrypted using a symmetric key. The data is returned to the calling program only if the calling program is allowed to access the data and if the integrity of the data is successfully verified.

Abstract: A method provides for control of access to network resources. A virtual identity machine resides in the network and is pre-authorized to access certain network resources. End users desiring access to those network resources attempt to logically connect to the virtual identity machines. If the logical connection attempt is successful, then the end user assumes the virtual identity of the virtual identity machine and has access to all of the same information that was available to the virtual identity machine.

Abstract: An output system having a data processor and an printer or other output device for outputting data in a specific format, which is sent from the data processor, to which is installed driver software for controlling the output device. Whether the data on output request passes the driver software is determined in sending data to the output device. Data are prohibited from being sent to the output device for output requests on which data bypasses the driver software.

Abstract: A drive preserves a default input password. When there is no password input from the user, the default input password is regarded as a user input password and is compared and collated with a password for access protection, thereby controlling the access protection. In this instance, if the default input password and the password for access protection have the same value, a collation coincidence is obtained. The drive permits the access without needing a password input of the user.

Abstract: A stream cipher cryptosystem includes a keystream generator receiving a key and providing a keystream. A cryptographic combiner combines a first binary data sequence and the keystream with two non-associative operations to provide a second binary data sequence. In encryption operations, the cryptographic combiner is an encryption combiner and the first binary data sequence is a plaintext binary data sequence and the second binary data sequence is a ciphertext binary data sequence. In decryption operations, the cryptographic combiner is a decryption combiner and the first binary data sequence is a ciphertext binary data sequence and the second binary data sequence is a plaintext binary data sequence.

Abstract: A compact, self-contained, personal key is disclosed. The personal key comprises a USB-compliant interface releaseably coupleable to a host processing device; a memory; and a processor. The processor provides the host processing device conditional access to data storable in the memory as well as the functionality required to manage files stored in the personal key and for performing computations based on the data in the files. In one embodiment, the personal key also comprises an integral user input device and an integral user output device. The input and output devices communicate with the processor by communication paths which are independent from the USB-compliant interface, and thus allow the user to communicate with the processor without manifesting any private information external to the personal key.

Abstract: The mobile application security system and method in accordance with the invention increases the overall level of security in using a mobile application. In a preferred embodiment, the system may use a client/server architecture wherein each host of a mobile application is treated as a client and a central computer is treated as the server. In operation, any time that a mobile application is going to jump between hosts, it must first pass through the central computer so that the central computer may perform various security checks. The security checks ensure that the security of the mobile application is not compromised and overcomes the above problems with typical mobile application systems.

Abstract: A process for preventing virus infection of a data-processing system with a startup apparatus is disclosed. The process includes steps of a) comparing a first specific information of the data-processing system with a second specific information of a software virus stored in a software-virus database by the data-processing system prior to executing a startup operation of the data-processing system, and b) allowing the startup apparatus to execute an anti-virus action according to a comparing result of the step a).

Abstract: During power up initialization, security data such as passwords and other sensitive data which are stored in a lockable memory device are read and copied to protected system management interrupt (SMI) memory space, subject to verification by code running in the SMI memory space that the call to write the security data originates with a trusted entity. Once copied to SMI memory space, the security data is erased from regular system memory and the lockable storage device is hard locked (requiring a reset to unlock) against direct access prior to starting the operating system. The copy of the security data within the SMI memory space is invisible to the operating system. However, the operating system may initiate a call to code running in the SMI memory space to check a password entered by the user, with the SMI code returning a “match” or “no match” indication. The security data may thus be employed after the lockable memory device is hard locked and the operating system is started.