Abstract: The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node.

Abstract: A facsimile system and method provides authentication of transmitted image information, which authentication may be in the form of a signature page. An authentication device computes authentication information at a sending device, a receiving device, both, or at a remote location during transmission. The signature page may also be transmitted with the document. The sending and receiving devices may each generate signature pages or acknowledgement of receipt in response to receiving a signature page. The authentication information may be encrypted with a public/private key pair. The authentication information may be in the form of a checksum, and may be prepared based on separate regions of the document. A previously generated signature page is compared to a newly generated signature page to verify the document content or authenticity. Document authentication signatures may include machine-readable symbols to represent the authentication information.

Abstract: A method of operating a headend system for a downloadable conditional access service, the method including: receiving, by an Authentication Proxy (AP) server, basic authentication information from a Downloadable Conditional Access System (DCAS) host, the basic authentication information being required to authenticate the DCAS host; transmitting, by the AP server, the basic authentication information to an external trusted authority device which authenticates the DCAS host; generating, by the AP server, a session key for encrypting/decrypting a secure micro client using a session key sharing factor; obtaining, by the AP server, download-related information of the secure micro client from a DCAS Provisioning Server (DPS); and commanding, by the AP server, an Integrated Personalization System (IPS) server to download the secure micro client to the DCAS host based on the download-related information, the secure micro client being encrypted by the session key.

Abstract: Provided are an apparatus and method for preventing falsification of black box data. The apparatus for preventing falsification of black box data includes a driving information storage module and a falsification prevention module. The driving information storage module stores a driving information data which is collected by a black box. The falsification prevention module encrypts the driving information data to generate a falsification determination data through a predetermined encryption mechanism, and stores the falsification determination data.

Abstract: A method and system for session modification are provided. The method includes these steps: A home policy and charging rules function (h-PCRF) sends a policy and charging control (PCC) rule providing message to a policy and charging enforcement function (PCEF) b according to a received PCC rule request message, an application layer service message, or an h-PCRF self-trigger event; and the h-PCRF sends a PCC rule providing message to the PCEF a according to a PCC rule response message received from the PCEF b. With this present disclosure, session modification may be implemented when two or more PCEFs are included in the PCC architecture of a system architecture evolution (SAE) system.

Abstract: An image forming device is provided with a use permission determining portion, an authentication process requesting portion and a job executing portion. The use permission determining portion performs determination whether or not use of the image processing device should be permitted for a user who wants to use the image processing device. The authentication process requesting portion requests the authentication server via a network to act for the determination when the use permission determining portion cannot perform the determination. The job executing portion performs the image processing of process specifics designated by the user when a determination result indicating that the user can use the image forming device is obtained.

Abstract: Provided is a method of protecting a content consumer's privacy. The method includes classifying contents into content groups, encrypting the contents using different encryption keys, generating a plurality of decryption keys each of which can decrypt all contents in each of the content groups, and provides the generated decryption keys to authorized clients, wherein each client is provided with a different decryption key.

Abstract: Meeting originators grant permission to update (i.e., add, change, and/or delete) a field or fields of a meeting invitation that corresponds to a calendar entry on an electronic calendar, enabling a meeting invitee to update a meeting invitation and to thereby communicate updates that can be reflected in the corresponding electronic calendar entries of other people who are invited to the meeting. Update permission may be granted to one meeting invitee, to all meeting invitees, or to a selected subset of the meeting invitees. Update permissions are associated with the particular meeting invitation, and preferably expire once the meeting time and date have passed. For recurring meetings, a particular update permission may be granted for a single instance of the meeting, or to all instances, and this permission preferably expires after the last instance of the recurring meeting has ended.

Abstract: A system and method for efficiently enabling local security connectivity between electronic devices over multiple bearers. Electronic devices are configured to advertise, over each bearer, their respective configuration parameters for each bearer. After a connection has been established between the electronic devices over a first bearer, the two electronic devices use the first bearer to establish connections over the other bearers using the configuration parameters contained in the advertisements and advertised over the first bearer. Shared keys are established for the other bearers either using keys derived from the first shared key or by using the first secure connection as an out-of-band channel. The present invention also provides for the creation of an ad hoc WLAN connection once a Bluetooth connection has been established.

Abstract: A computer system for high-availability virtualization environment includes an originating host machine hosting several virtual machines. Anti-malware scanning on a virtual machine may be initiated in the originating host machine. Prior to completion of the anti-malware scanning, the virtual machine may be migrated to another, destination host machine. The anti-malware scanning on the virtual machine may be resumed in the destination host machine based on a scan state of the virtual machine. The anti-malware scanning of the virtual machine may be suspended and scheduled for execution in the destination host machine. A scan cache of the virtual machine may be preserved depending on information from the scan state. For example, the scan cache may be preserved and employed in the destination host machine when the originating and destination host machines use the same scan engine and pattern version.

Abstract: Apparatus, systems, and methods may operate to authenticate a desktop client to an identity service (IS), to receive a request, from an application, at the IS via the desktop client for a virtual service internet protocol (IP) address associated with a service. The IS may operate to build a routing token that includes an original physical IP address associated with the service when a policy associated with the IS permits access to the service by a user identity associated with the desktop client. After the routing token is validated, the application may be connected to the service via the desktop client. The application may comprise an e-mail application or a remote control application, such as a virtual network computing (VNC) application. Additional apparatus, systems, and methods are disclosed.

Abstract: A system and method that regulates the various operations between computing stations and storage or content. Any operation that involves or may lead to the exchange or accessing of content (data) between storage or hosting content container and computing station may be regulated by means of a policy which comprise a set of rules. Rules may be defined according to specific criteria, including the type of storage, the type of content, the attributes of the content, and other attributes associated with the storage device and/or the content. The policy will be dynamically installed/updated upon a computing station for specific User(s) and will regulate the data operations that may take place between the computing stations and storage or content based on evaluation of the policy. Based on the evaluation of the policy, the requested operation is permitted, restricted in some areas, or denied.

Abstract: A system for identifying malicious messages transmitted over a mobile communication network includes: sentinel modules associated with respective mobile terminals in the network for monitoring messages passing therethrough, wherein the sentinel modules identify as a candidate malicious message, any message passing through the mobile terminals and failing to comply with a first set of patterns and issue a corresponding sentinel identification message; a set of probe modules for monitoring messages transmitted over the network, wherein the probe modules identify as a candidate malicious message any message transmitted over the network and failing to comply with a second set of patterns and issue a corresponding probe identification message; and preferably at least one client honeypot module for receiving and processing any messages sent thereto to produce corresponding processing results, wherein the client honeypot module identifies as a candidate malicious message any message producing a processing result fai

Abstract: A software defined radio device and a download server store a plurality of common keys in common key data. The download server arbitrarily determines a common key from the common key data and conveys information identifying the common key to be used to the software defined radio device. An authenticator of the software defined radio device identifies a common key from the common key data using the information identifying the common key, authenticates using the common key, and performs subsequent communications using the common key. When sending software, a hash value is attached for confirming the security. A device ID of the software defined radio device is also attached to data for confirming which software defined radio device receives the software. The software is securely downloaded by a common key encryption having smaller processing requirements than those of a public key encryption.

Abstract: A technique to verify firmware. One embodiment of the invention uses a processor's micro-code to verify a system's firmware, such that the firmware can be included in a trusted chain of code along with the operating system.

Abstract: A method and system for restricted service access is described. To access adult content, the user has to enter an administrator personal identification number into a mobile device. Upon receipt of the administrator personal identification number, an access code is generated, which is provided to a content provider. The content provider can calculate a valid time window and/or request an acknowledge message from a central server. If the current usage is within the valid time window or otherwise verified, access to the content is allowed. Thus, children are prevented from accessing adult content, while adult access is permitted.

Abstract: A control system and a security checking method thereof is used in an embedded system. The control system includes a process module and a first memory module. The first memory module is used to store a pre-loader code and a first secure key. The security checking method includes the following steps: loading the pre-loader code and the first secure key; executing the pre-loader code to download a first program from an in-system programming module; determining whether the first program corresponds to the first secure key or not; if yes, then downloading a second program from the in-system programming module; and programming an internal program and a second secure key by the second program.

Abstract: An operating system and method for use include a core function module, or basic kernel, providing fundamental operating system support and one or more add-on modules that allow customization of the operating system as desired. Add-on modules may provide support or extended capability to the computer including hardware, applications, peripherals, and support. A digital signature may be used to confirm the integrity of an add-on module prior to installation. Certification may be verified to determine if installation of the add-on module is authorized. By withholding certification, a service provider may manage illegal or undesired modifications to a provided computer. Digital rights management may be used to enforce terms of use of the add-on module in keeping with licensing arrangements.

Abstract: A revocation examination method and apparatus for a device are provided. The method includes: storing information regarding revoked nodes; receiving from the device an identifier (ID) of the device and a revocation examination request message including an ID of a leaf node corresponding to the device; examining whether the device corresponding to the ID of the leaf node is revoked with reference to the information regarding revoked nodes; and transmitting a response to the revocation examination request message based on a result of the examining.

Abstract: The present invention discloses a method for quickly and easily authenticating large computer program. The system operates by first sealing the computer program with digital signature in an incremental manner. Specifically, the computer program is divided into a set of pages and a hash value is calculated for each page. The set of hash values is formed into a hash value array and then the hash value array is then sealed with a digital signature. The computer program is then distributed along with the hash value array and the digital signature. To authenticate the computer program, a recipient first verifies the authenticity of the hash value array with the digital signature and a public key. Once the hash value array has been authenticated, the recipient can then verify the authenticity of each page of the computer program by calculating a hash of a page to be loaded and then comparing with an associated hash value in the authenticated hash value array.