Abstract: A method and apparatus for producing an enhanced CRL. In response to a request containing an identifier of the most recently owned CRL stored by the requested, a certificate authority generates a CRL spanning from the most recently owned CRL to the current CRL. This CRL is formatted as a delta CRL and transmitted as a reply to the requester. This has the advantage of not requiring transmission of the full CRL even though more than one generation of CRL has occurred since the most recently owned CRL by the requester.

Abstract: According to one embodiment, a network is disclosed. The network includes a server computer and a client computer. The client computer accesses an authentication stack during power on self test (POST) that enables authentication of boot code that is to be downloaded from the server computer prior to control being passed to the operating system.

Abstract: An electronic system embodies a security system which provides varying levels of security based on the location of the system. As such, the system includes a location module, such as a geosynchronous positioning system (“GPS”) receiver that permits the system to determine its location relative to a plurality of preset location areas. Such location areas might be programmed to include the user's office, home, predetermined location for a business trip and the like. Based on the location area in which the system is located, the system invokes a security mode associated with that particular location area. Different location areas may have different security modes.

Abstract: A method for activating an encryption control device that is in communication with a computer for providing a secure computing environment for a user is provided. The method initiates with providing a card for insertion into a card reader of the encryption control device. The card is configured to receive and pass data. Next, a biometric identifier is received from the user. The biometric identifier enables validation of the user as the authorized owner of the card. Then, a challenge/response protocol between the encryption control and the inserted card is run. The challenge/response protocol establishes that the card and the encryption control device are compatible. Next, an encryption engine of the encryption control device is activated to create a secure computing environment if the user is validated as the authorized owner of the card and the challenge/response protocol is successfully executed.

Abstract: A method and apparatus for managing a data transmission in a network is provided, which has a client, a real server and a load-balancing node (virtual server). The load-balancing node includes a handshake executor for handling a security protocol to establish a handshake between a client and a server, and a communication executor for establishing a direct communication between the client and the server using a session information in respect to the established handshake. The handshake executor establishes the handshake with the client. When the handshake is established, the communication executor exports session information in respect to the established handshake. The client establishes TCP/IP connection with the server. The client and server communicate each other directly.

Abstract: Method for checking the signature of a message, the message, signature, and a certificate having been sent by a signer having a public key to a recipient having a message storage device.

Abstract: A network architecture for console-based gaming systems enables secure communication among multiple game consoles over a local area network. The system architecture supports a three-phase secure communication protocol. The first phase involves generating shared keys that are unique to an authentic game console running an authentic game title. In the second phase, a “client” console attempts to discover existing game sessions being hosted by a “host” game console by broadcasting a request over the local area network. The broadcast request is protected using the shared keys. If the host console agrees to let the client console play, the host console generates session keys that are returned to the client console. The third phase involves a key exchange in which the client and host consoles exchange data used to derive one or more secrets for securing future communications. The key exchange is protected using the session keys.

Abstract: A system and method for encryption and decryption of files. The system and method operate in conjunction with the file system to transparently encrypt and decrypt files in using a public key-private key pair encryption scheme. When a user puts a file in an encrypted directory or encrypts a file, data writes to the disk for that file are encrypted with a random file encryption key generated from a random number and encrypted with the public key of a user and the public key of at least one recovery agent. The encrypted key information is stored with the file, whereby the user or a recovery agent can decrypt the file data using a private key. With a correct private key, encrypted reads are decrypted transparently by the file system and returned to the user. One or more selectable encryption and decryption algorithms may be provided via interchangeable cryptographic modules.

Abstract: Theft of decompressed digital content as the content is being rendered is prevented. A requested slow-down of the rendering of the content is detected. Transfers of relatively large amounts of data are detected. A re-compressor-based requested slow-down of the rendering of the content is detected. A re-compressor re-compressing the content is detected. In each situation, the detected activity is presumably initiated by a content thief attempting to steal the content. In each situation, the detected activity is responded to in a manner designed to frustrate the presumed attempt of the content thief to steal the content.