Abstract: A method and system for providing a client (102) with a copy of the authorization data that can be accessed and used by the client. The method is well-suited to key management protocols that utilize the concept of tickets. Two copies of the authorization data, a client copy and a server copy, are included within and forwarded to the client where the client is requesting a ticket for a specific application server (106). The client is capable of accessing the client copy of the authorization data such that the client can verify requests, and determine authorization of use for content and/or services requested.

Abstract: The invention relates to a cryptographic method with at least one computing step containing a modular exponentiation E according to E=xd(mod p·q), with a first prime factor p, a second prime factor q, an exponent d and a number x, whereby the modular exponentiation E is calculated according to the Chinese Remainder Theorem.

Abstract: A remote control system for one or more semiconductor manufacturing apparatuses is provided which is capable of displaying at a remote operation device the same screen as that in a host device and performing through the remote control device the same operations as those carried out by the host device. The remote operation device includes a LAN system having one or more semiconductor manufacturing apparatuses (D) and a host device (H) on the semiconductor manufacturing apparatus side, and a remote operation device (L) having a communication element (Com) accessible to the host device (H) on the semiconductor manufacturing apparatus side through a communication line. The host device (H) implements an IP routing function and a necessary protocol for achieving remote operations from the remote operation device (L), and also a communication element (Com) with a message incoming function of messages incoming from the communication line.

Abstract: When having been set into, for example, a mode for registering a Bluetooth device address (BD_ADDR) in accordance with the Bluetooth Standard or a mode for registering a Personal Identification Number (PIN) code in accordance with the Bluetooth Standard, a wireless communication device of the present invention can be link-connected with a partner device without performing authentication on the partner device, to receive and register information from the partner device. Furthermore, if a BD_ADDR of a partner device is already registered, the wireless communication device of the present invention can be link-connected with the partner device without performing authentication of the partner device.

Abstract: A security system involving a user includes a token attachable to the user. The token is associated with the user while attached to the user. The association is automatically discontinued when the token is detached from the user.

Abstract: A method for encrypting data comprising deriving a public key using a first data set that defines an instruction; encrypting a second data set with the public key; providing the encrypted third data set to a recipient; providing the public key to a third party such that on satisfaction of the instruction the third party provides an associated private key to the recipient to allow decryption of the encrypted second data set.

Abstract: A wireless cryptographic fill system includes a fill device and a host portion. The fill device is configured to store one or more cryptographic keys and related data in memory therein. The host portion is coupled to a host processor, such as a secure radio configured to perform secure operations utilizing the cryptographic key. The fill device and the host portion are configured to communicate wirelessly with each other. Wireless communications may be accomplished optically, magnetically, inductively, capacitively, via radio frequency, or via bar codes. In one embodiment, the fill device is stylus-shaped, and is inserted into (or positioned proximate) the host portion to achieve wireless communications. In another embodiment, the cryptographic fill device is card shaped, and is inserted (or swiped) into a slot on the host portion to achieve wireless communications.

Abstract: Techniques for efficient KASUMI ciphering are disclosed. In one aspect, one KASUMI round for generating a fractional portion of the KASUMI cipher is deployed with appropriate feedback such that eight sequential rounds produce the KASUMI output. In another aspect, one third of the FO function is deployed with appropriate feedback such that three successive cycles produce the FO output. In yet another aspect, the FI function is deployed with appropriate feedback such that two subsequent cycles produce the FI output. In yet another aspect, a sub-key generator comprising two shift registers produces sub-keys for each round and sub-stage thereof in an efficient manner. These aspects, collectively, yield the advanced benefits of low area and low cost implementations of KASUMI with a simple user interface. Various other aspects of the invention are also presented.

Abstract: Theft of decompressed digital content as the content is being rendered is prevented. A requested slow-down of the rendering of the content is detected. Transfers of relatively large amounts of data are detected. A re-compressor-based requested slow-down of the rendering of the content is detected. A re-compressor re-compressing the content is detected. In each situation, the detected activity is presumably initiated by a content thief attempting to steal the content. In each situation, the detected activity is responded to in a manner designed to frustrate the presumed attempt of the content thief to steal the content.

Abstract: A modular radio includes a chassis holding a network infosec unit module; a power amplifier module; and at least one transceiver module. Each of the modules include a separate housing and is removable and replaceable. The modules communicate via a bus and are reconfigurable along the bus. The transceivers support a channel that may be reprogrammable by the network interface.

Abstract: A system and method are diminish the use of an automated program in a networked environment. A server can provide access to a service. In addition, a software module provides a client computer with a visual test upon a request transmitted through a network by the client computer for the service. The visual test requires the client computer to perform a predetermined action on a shaped object displayed on a video display in order to gain access to the service. A validation software module receives a request from the software module for the shaped object to be displayed on the video display. Further, the validation software module randomly selects a shaped object to be transmitted to the software module. The validation software module provides the software module with the shaped object. An access software module receives an access instruction from the validation software module if the client computer passes the visual test.

Abstract: A secure biometric authentication method, comprising communication of biometric data to a verification module. The invention is characterized in that it consists in encrypting the biometric data with a cryptographic algorithm and in introducing for each cryptographic operation carried out a different diversification value.

Abstract: A method of performing numerical computations in a mathematical system with at least one function, including expressing the mathematical system in discrete terms, expressing at least one variable of the mathematical system as a fixed-point number, performing the computations in such a way that the computations include the at least one variable expressed as a fixed-point number, obtaining, from the computations, a resulting number, the resulting number representing at least one of at least a part of a solution to the mathematical system, and a number usable in further computations involved in the numerical solution of the mathematical system, and extracting a set of data which represents at least one of a subset of digits of the resulting number, and a subset of digits of a number derived from the resulting number.

Abstract: For cryptographically processing data, data (X) and a key (K) are fed to a cryptographic process (P), which may be a known process. In order to veil the nature of the process (P), auxiliary values as fed to the process, such as a supplementary key (K*), using which a supplementary process (P*) generates the key proper (K). The combination of the original process (P) and the supplementary process (P*) provides an unknown process, hence, the relationship between the supplementary key (K*) and the processed data (Y) is unknown. As a result, improved cryptographic security results.

Abstract: Theft of decompressed digital content as the content is being rendered is prevented. A requested slow-down of the rendering of the content is detected. Transfers of relatively large amounts of data are detected. A re-compressor-based requested slow-down of the rendering of the content is detected. A re-compressor re-compressing the content is detected. In each situation, the detected activity is presumably initiated by a content thief attempting to steal the content. In each situation, the detected activity is responded to in a manner designed to frustrate the presumed attempt of the content thief to steal the content.

Abstract: A method for protecting a portable card, provided with at least a crypto algorithm for enciphering data and/or authenticating the card, against deriving the secret key through statistical analysis of its information leaking away to the outside world in the event of cryptographic operations, such as power-consumption data, electromagnetic radiation and the like. The card is provided with at least a shift register having a linear and a non-linear feedback function for creating cryptographic algorithms. An algorithm is applied to the card, which is constructed in such a manner that the collection of values of recorded leak-information signals is resistant to deriving the secret key from statistical analysis of those values. Advantageously, after the key has been loaded into the shift register, the shift register clocks on, using at least the linear-feedback function. A suitable alternative is loading only the key into the shift register in the event of a fixed content of the shift register.

Abstract: A method involves blocking unsolicited e-mail being transmitted from a remote server when a roaming customer of the ISP logs onto the Internet through the foreign NAS. The roaming customer first logs onto the ISP through the foreign NAS by providing a user identification (USERID) and password, which are sent to the ISP. The ISP uses the USERID and the password to authenticate the roaming customer as a valid subscriber of the ISP. An IP address is assigned by the foreign NAS to the roaming customer and is dynamically added to a pool of IP addresses used by the mail server. The roaming customer can then log onto the mail server to send and receive email messages. Once the roaming customer terminates the session, the IP address assigned to the roaming customer is removed from the pool of valid IP address that can be used to access the mail server.

Abstract: A method and system for authenticating and authorizing requesters interacting with content servers. A message including a request is forwarded from an upstream device and received by an intermediate device. The intermediate device authenticates the upstream device. Then, if the intermediate device is authorized to make decisions as to which sender may access the content server, the intermediate device determines whether the sender of the message has authority to access the content server as requested in the request. Otherwise, the message is forwarded towards the content server with an indication that the intermediate device authenticated the upstream device.