Abstract: Methods and systems of rendering content on a device having a native digital rights management (DRM) system are described. A device, such as an end-user device capable of executing or playing content, acquires content in a common content format file having standardized locations for specific types of data. A generic digital rights token associated with the content is obtained by utilizing one of the standardized locations in the content format file, where the rights token contains information sufficient to allow retrieval of the rights associated with the content. Utilizing data in another of the standardized locations, it is then determined whether the device is registered in a domain. A license server directory may be accessed utilizing data in another of the standardized locations in the common content format file and a domain identifier, a device identifier, or both are transmitted to the license server directory.

Abstract: A user password is obfuscated using a first obfuscation algorithm and stored. A security module receives a password from a user a first time and, in response thereto, obfuscates the password using a second obfuscation algorithm and stores the obfuscated password. The security module subsequently receives the password from the user a second time. In response thereto, the security module obfuscates the password using the second algorithm a second time and compares the results of the obfuscation with the stored password obfuscated using the second algorithm. If the results of the obfuscation and the stored password obfuscated using the second algorithm match, the security module replaces the stored password obfuscated using the first algorithm with the password obfuscated using the second algorithm. The operations are performed transparently to the user associated with the password.

Abstract: Recommending network object information to a user includes, for each of a plurality of network objects, a respective plurality of behavior frequencies by the user is determined; a network object among the plurality of network objects that is of interest to the user is identified, the identification being based at least in part on the respective plurality of behavior frequencies that corresponds to each of the plurality of network objects; and additional information relating to the identified network object is provided to the user.

Abstract: The invention relates to a method of executing a secure application in an NFC device, the method comprising steps during which: a contactless link is established between first and second NFC devices, the first NFC device transmits by the contactless link an identifier of a secure processor of the first NFC device, the second NFC device transmits by the contactless link an application identifier, the secure processor transmits by the contactless link first authentication data allowing the authentication of the secure processor of the first NFC device, the second NFC device transmits to an application server the first authentication data, the application server transmits to an authentication server the first authentication data and second authentication data) to authenticate the application and authorizes the two NFC devices to execute the application only if the secure processor and the application are authenticated.

Abstract: Technologies are generally described for secure digital signatures that employ hardware public physically unclonable functions. Each unique digital signature generator can be implemented as hardware such that manufacturing variations provide measurable performance differences resulting in unique, unclonable devices or systems. For example, slight timing variations through a large number of logic gates may be used as a hardware public physically unclonable function of the digital signature unit. The hardware digital signature unit can be parameterized such that its physical characteristics may be publicly distributed to signature verifiers. The verifiers may then simulate randomly selected portions of the signature for verification.

Abstract: A method for validating a road traffic control transaction. The method includes: storing a cryptographic key assigned to a transaction receiver, in the transaction receiver; recording an image of a vehicle; reading an identification of the vehicle in the recorded image by OCR and generating a control transaction thereof in the control station; generating a random key and encrypting the recorded image into authentication data with the random key and the cryptographic key in the control station; transmitting the recorded image, the control transaction, the random key and the authentication data to the transaction receiver; in the transaction receiver, encrypting the received recorded image into nominal authentication data with the received random key and the stored cryptographic key; and comparing the received authentication data with the nominal authentication data. The received control transaction is then validated when the received authentication data and the nominal authentication data are identical.

Abstract: The present disclosure generally provides techniques for establishing a unique, ephemeral home address (hoa)/home agent address (ha?) address pair that may be limited to use in a session having a defined lifetime. Limiting the use of this dynamic address pair to a session lifetime and by preventing a mobile node from knowing the static address of a home agent may help protect the home agent from attacks.

Abstract: The present invention provides a method of allowing a user to obtain a service using a processing system. The method utilizes components each of which corresponds to a respective service portion provided by a respective entity. The method includes causing the processing system to determine a combination of components defining a sequence of service portions, in accordance with input commands received from the user. The processing system then implements the components in accordance with the component combination, thereby causing the sequence of service portions to be performed, such that the desired service to be performed.

Abstract: An embodiment of a method is disclosed for protecting sensitive data from discovery during an operation performed on input data with the sensitive data. This embodiment of the method includes performing the operation on a first quantity of random data with the sensitive data using a circuit arrangement before performing the operation with the sensitive data on the input data using the circuit arrangement. After performing the operation with the sensitive data on the first quantity of the random data, the operation is performed with the sensitive data on the input data using the circuit arrangement. After performing the operation with the sensitive data on the input data, the operation is performed with the sensitive data on a second quantity of random data using the circuit arrangement.

Abstract: A technique optimizes routing of application data streams on an Internet Protocol (IP) backbone in a computer network. According to the novel technique, a client router learns of server states (e.g., number of pending requests, etc.) of a plurality of application servers and also determines metrics of intermediate links between the application servers and the client router (intermediate link metrics), e.g., particularly link metrics in a direction from the application servers to the client router. Upon receiving an application request from an application client (“client request”), the client router determines to which of the application servers the client request is to be sent based on the server states and intermediate link metrics, and sends the client request accordingly.

Abstract: Methods and systems for cryptography use a reconfigurable platform to perform cryptographic functions. Where a reconfigurable platform is use the configuration may be used as a key or secret. The function schema may be maintained as public. The reconfigurable platform may be implemented in a manner to provide desirable families of functions, including reconfigurable functions which are pseudo one-way and pseudo random. An electronic device may include a reconfigurable platform adapted to perform cryptographic functions wherein a configuration of the reconfigurable platform is used as a secret.

Abstract: A computer system and method are provided that facilitate permitting temporary access to a website or other computer application in which temporary access is given to a generic virtual character and its corresponding user. Temporary access is made available through a temporary user account that is set up by the user. The temporary user account is active for a limited time and allows the user to learn about the website, for instance, via the generic virtual character. The generic virtual character has limited access to the website and in particular to various activities or areas on the website. After a temporary account expires, it is purged from the system and associated virtual currency and virtual items are no longer accessible. Users who have purchased a real world item and have created a premium user account have full ongoing access to the website via their corresponding premium virtual characters.

Abstract: A cipher device having a number of data bits in an input register corresponding to a data unit element, a sudoku filter coupled with the input register, and a data selector coupled with the sudoku filter and the input register. A fob cipher device has a FPGA programmed to perform encrypting of a plaintext with a transposed Sudoku to form a first ciphertext and encrypting the first ciphertext with pseudorandom mixing bits to form a second ciphertext. A reversible encryption method includes encrypting plaintext with a transposed Sudoku forming a first ciphertext, encrypting the first ciphertext with pseudorandom mixing bits forming a second ciphertext, and outputting the plaintext-corresponding second ciphertext.

Abstract: An apparatus and method is provided for managing a communication device using Simple Network Management Protocol (SNMP). When a developer creates an SNMP interface header file through an application program at a compile time, an extractor generates a management information base (MIB) file and object identifier information (OIDInfo) on the basis of the interface header file. When a manager makes an SNMP request at a run time, an agent sends the OIDInfo included in the SNMP request message to an OIDInfo processor. The OIDInfo processor refers to an OIDInfo memory and delivers general message service (GMS) information to the agent. A GMS request/response process between the agent and the application program is then performed on the basis of the GMS information.

Abstract: The present invention relates to a secure method for reconstructing a reference measurement of a confidential datum on the basis of a noisy measurement of this datum. The method proposes a phase of enrolling a reference datum w having n digits, comprising at least the following steps: selecting an error correcting code C of a length L greater than n; generating an extended datum we by increasing the size of the reference datum w with L-n digits making up a key Sk; choosing a word c of the selected error correcting code C; generating the reconstruction datum s by combining the said word c with the said extended datum we. The invention applies notably to the authentication of individuals and to the generation of cryptographic keys, using for example biometric data or the physical characteristics intrinsic to an electronic component.

Abstract: Systems, methodologies, media, and other embodiments associated with provisioning an Internet Protocol (IP) core network services multimedia subsystem (IMS) are described. One exemplary system embodiment includes a Home Subscriber Server (HSS) logic operably connectable to components including, a user database, an application server (AS), and a permissions database. The HSS logic may be a component of an IMS that facilitates communications between application servers and users. Thus, the HSS logic may be configured to receive an AS-to-user-database-interface-message (AUDIM) and to selectively update the permissions database based, at least in part, on the AUDIM. The user database may store user data concerning IMS users and the permissions database may store information for controlling AUDIM initiated interactions between an AS and the user database.

Abstract: A system, apparatus, and method for improving the user experience when accessing web pages containing embedded objects over a network. In one embodiment, information regarding the contents of a locally accessible cache is added to a request directed to a web server. The information is used to control certain aspects of a pre-fetch process that is designed to reduce network latency affects and improve network resource utilization, thereby improving a user's experience. The cache contents information may be provided to an intermediate server via a modification to an existing request-response protocol, with the information being encoded or compressed if desired to reduce data transport requirements. The information is used by the intermediate server to determine whether to request an embedded object referenced in the requested resource or web page, and to determine if a browser having access to the cache will request the object or access the object from the local cache.

Abstract: Some embodiments of the invention relate to a method of managing a distributed compression system comprised of a plurality of compression modules.

Abstract: A method and system of interaction between a requesting entity and a responding entity on a communication network based on the session initiation protocol (SIP). A machine-readable service description includes specifications of interaction between the requesting entity invoking a service at the responding entity and the responding entity offering the service. The specifications include at least a set of rules including abstract input/output message formats and SIP protocol binding rules so that the requesting entity may invoke the service to a SIP uniform resource identifier by means of SIP invocation message patterned according to the service description and it may interpret the response provided by the responding entity according to the service description.

Abstract: Systems and methods for effectively protecting data against differential fault analysis involved in Rivest, Shamir, and Adleman (“RSA”) cryptography using the Chinese Remainder Theorem (“CRT”) are described herein. A CRT RSA component facilitates modular exponentiation of a received message, and a verification component reconstructs the received message. An exponentiation component performs a first modular exponentiation and a second modular exponentiation of the received message. A recombination component performs a recombination step utilizing CRT computation as a function of the first and second modular exponentiations. A modular exponentiation component performs first and second public exponent derivations as a function of a private exponent. The verification component can reconstructs the received message as a function of the first and second public exponent derivations. The verification component calculates the received message utilizing Chinese Remainder Theorem computation.