Abstract: Inter-related second objects attempt to access a first object-oriented interface defining a method support by an inter-related first object. The first object-oriented interface includes a password argument to limit access thereto. The first and the second objects share a password. The first object-oriented interface has a corresponding second object-oriented interface defining a method supported by the first object, which is required by a predetermined specification but that lacks a password argument to limit access. The password is passed via the first object-oriented interface by the second objects such that the second objects are able to invoke the method. A third object not inter-related with the first and the second objects also attempts to access the first object-oriented interface. However, the third object is not privy to the password, and therefore is unable to invoke the method defined by the first object-oriented interface, although it can query the first object-oriented interface.

Abstract: A method of verifying a transaction over a data communication system between a first and second correspondent through the use of a certifying authority. The certifying authority has control of a certificate's validity, which is used by at least the first correspondent. The method comprises the following steps. One of the first and second correspondents advising the certifying authority that the certificate is to be validated. The certifying authority verifies the validity of the certificate attributed to the first correspondent. The certifying authority generates implicit signature components including specific authorization information. At least one of the implicit signature components is forwarded to the first correspondent for permitting the first correspondent to generate an ephemeral private key. At least one of the implicit signature components is forwarded to the second correspondent for permitting recovery of an ephemeral public key corresponding to the ephemeral private key.

Abstract: Systems and methods are disclosed for storing sensitive data in a database, such as an application database or a dedicated application security database or store. In accordance with one aspect of the invention, user passwords are not directly stored in a database; but instead, when a password is entered, a one-way hash of the password phrase is produced for storage and/or comparison purposes. In accordance with another aspect, individual authorized application users are each aligned with their own version of an application-wide security key such that it becomes unnecessary to directly store the key in its original form. The security key is used to process sensitive data. In accordance with another aspect, a user's version of the application-wide security reflects an encryption-based relationship to the user's password. Various embodiments also support flexible access to particular collections of sensitive data based on user account and/or user role information.

Abstract: A broadcasting method and a broadcast receiver whereby contents are first distributed only for storage so that the stored contents are later played back in a time period predetermined by the distributing party, the contents being encrypted for protection against unauthorized reproduction in any time period other than the intended one. A content is transmitted together with a begin store command in a first time period for storage onto a storage medium at the receiving side. In a time period subsequent to the first time period, a play command is broadcast so as to retrieve the content from storage for playback. The content should preferably be encrypted. The encrypted content is decrypted and played back using a decryption key transmitted along with the play command in the second time period. The decryption key is deleted the moment the decryption process is terminated.

Abstract: A system and method is directed to providing an n-dimensional entity for encoding and storing data securely. A user provides a cursor position within the n-dimensional entity, and a user seed to a pseudo-random number generator. The user seed may be combined with a fingerprint of a computing system in which the invention operates. The n-dimensional entity is populated with bits from the pseudo-random number generator. Bits within the n-dimensional entity are associated with actions to be performed at each cursor position. Subsequent cursor directions within the n-dimensional entity are determined using a random number generator. Plaintext is bitwise translated to a direction and an offset from the cursor position to a bit matching the plaintext bit within the n-dimensional entity. The offset is employed to modify a row of truly random bits in an encoded array.

Abstract: The present invention provides a method and system for securing sensitive data from unauthorized access or use. The method and system of the present invention is useful in a wide variety of settings, including commercial settings generally available to the public which may be extremely large or small with respect to the number of users. The method and system of the present invention is also useful in a more private setting, such as with a corporation or governmental agency, as well as between corporation, governmental agencies or any other entity.