Abstract: The present application discloses a wireless hand held portable security device in the form of a wireless hand held portable biometric device in communication with a plurality of ubiquitous items for receiving information from, and sending information to the plurality of ubiquitous items, comprising a processor for selecting at least one item of the plurality of ubiquitous items and for sending information to the selected item in order to activate or deactivate or send a programming to the selected item. The level of security and the personalization is achieved by using a fingerprint or a combination of fingerprints for accessing communication with a selected item.

Abstract: If content is transmitted/received through a digital signal bus, protection of copyright causes a problem because of no deterioration in quality. Accordingly, authentication is required. The quantity of information to be processed is, however, so large that a long time is required for authentication. Accordingly, both achievement of handling property as in conventional analog connection and protection of copyrighted content without user's awareness become an object. The foregoing object can be achieved by authentication which is executed, for management of copyright, among apparatuses connected to the digital signal bus when the apparatuses are powered on or connected to the digital signal bus or when an input terminal connected to the digital signal bus is selected. The object can be further achieved by an encryption key shared among these apparatuses.

Abstract: The present invention is a device for and method of generating a hash value for a message by padding the message, loading the padded message into a first shift register that generates values according to a first rule of motion, initializing eight registers a, b, c, d, e, f, g, and h with user-definable values; converting the contents of the registers to hj=gj−1; gj=fj−1; fj=ej−1; ej=dj−1+T1, where T1=hj−1+&Sgr;1(ej−1)+Ch(ej−1, fj−1, gj−1)+Kj+Wj,; dj=cj−1; cj=bj−1; bj=aj−1; and aj=T1+T2, where T2=&Sgr;0(aj−1)+Maj(aj−1, bj−1, cj−1); computing H1(j)=a+H1(j−1); H2(j)=b+H2(j−1); H3(j)=c+H3(j−1); H4(j)=d+H4(j−1); H5(j)=e+H5(j−1); H6(j)=f+H6(j−1); H7(j)=g+H7(j−1); and H8(j)=h+H8(j&mi

Abstract: A file system security driver and vault method and system particularly applicable to a system in which protected data is segregated from other data, which allows for back-channeling of file data in order to ensure that files created by applications using secured data do not cause data leaks of secure data. In a preferred embodiment, a file system security driver is a driver resident on the kernel level which monitors file system requests and allows limited access to files resident on the vault and creation of files within the vault when necessary.

Abstract: The present invention, generally speaking, provides a firewall that achieves maximum network security and maximum user convenience. The firewall employs “envoys” that exhibit the security robustness of prior-art proxies and the transparency and ease-of-use of prior-art packet filters, combining the best of both worlds. No traffic can pass through the firewall unless the firewall has established an envoy for that traffic. Both connection-oriented (e.g., TCP) and connectionless (e.g., UDP-based) services may be handled using envoys. Establishment of an envoy may be subjected to a myriad of tests to “qualify” the user, the requested communication, or both. Therefore, a high level of security may be achieved. The usual added burden of prior-art proxy systems is avoided in such a way as to achieve full transparency—the user can use standard applications and need not even know of the existence of the firewall.

Abstract: System and method for verifying the authenticity of executable images. The system includes a validator that determines a reference digital signature for an executable image using the contents of the executable image excluding those portions of the executable that are fixed-up by a program loader. The validator then subsequent to the loading of the executable image determines an authenticity digital signature to verify that the executable image has not been improperly modified. In addition, the validator ensures that each of the pointers in the executable image have not been improperly redirected.

Abstract: A system, method and article of manufacture are provided for programmable scanning for malicious content on a wireless client device. Initially, an anti-virus program having an instruction set is assembled in a programmable computing language. The anti-virus program is implemented in a wireless client device. A scan for malicious code is performed on the wireless client device utilizing the anti-virus program. A method for programmable scanning for malicious content on a thin client device is also provided. An anti-virus engine is assembled in a programmable computing language. The anti-virus engine is installed on a thin client device. A signature file is also assembled in a programmable computing language, the signature file containing an identifier uniquely identifying a computer virus and a virus detection section comprising object code providing operations to detect the identified computer virus on the thin client device. The signature file is also installed on the thin client device.

Abstract: A method and system for creating, reviewing and revoking, if necessary, a certificate for a client of a service provider of a communications network, wherein the client has a client private key and a client public key. The method includes the steps of establishing a communications link with the service provider through a dedicated communication channel; requesting a client certificate from the service provider; obtaining a caller-ID, including a telephone number from an operator of the dedicated communication channel; and creating the requested client certificate including the caller-ID. Preferably, the method also includes the step of verifying that the caller-ID obtained from the operator of the dedicated communication channel is the same as client identifying information provided by the client when requesting the client certificate. The certificate can be stored at a caller ID server or a client's storage.

Abstract: A method and system for creating a certificate for a client of a service provider of a communications network, wherein the client has a client private key and a client public key. The method includes the steps of establishing a communications link with the service provider through a dedicated communication channel; requesting a client certificate from the service provider; obtaining a caller-ID from an operator of the dedicated communication channel; and creating the requested client certificate using the caller-ID. Preferably, the method also includes the step of verifying that the caller-ID obtained from the operator of the dedicated communication channel is the same as client information provided by the client when requesting the client certificate. The certificate can be stored at a caller ID server or a client's storage.

Abstract: Supplementary information related to original data is embedded in the original data without being lost or altered and without degrading the quality of the original data. A photographing condition or the like regarding photographing of the original image data is generated as the supplementary information by supplementary information generating means and stored in a database on a network by supplementary information storing means. Storage management information such as a URL address of where the supplementary information is stored is generated by storage management information generating means and embedded by embedding means in the original image data by using deep layer encryption. The original image data in which the storage management information has been embedded are recorded in a recording medium.

Abstract: Multiple format secure voice apparatus for communication handsets includes a core unit with a speaker, a microphone, a keypad, and a display. The core unit also includes an audio circuit coupled to the speaker and the microphone, an encryption/decryption element coupled to the audio circuit, a coder/decoder element coupled to the audio circuit and the encryption/decryption element, and a control element coupled to the keypad, the display, the audio circuit, the encryption/decryption element, and the coder/decoder element. A standard interface coupling is connected to an audio I/O terminal, a data I/O terminal of the coder/decoder element, and a control I/O terminal of the control element. A mating standard interface coupling mates with the standard interface coupling of the core unit and is coupled to the mating standard interface coupling.

Abstract: The present invention relates to a network encryption system and method, and particularly, to a network encryption system and method involving the encryption and/or decryption of user data using random number generation. Even more particularly, the present invention relates to encryption and/or decryption of user data using random numbers that are generated using a portion of the user data discriminated from the data frame or the data packet.

Abstract: A method and system for authenticating a user to access a computer system. The method comprises communicating security information to the computer system, and providing the computer system with an implicit input. The method further comprises determining whether the security information and implicit input match corresponding information associated with the user. The method further comprises granting the user access to the computer system in the event of a satisfactory match. When authenticating the user, the method and system consider the possibility of the user being legitimate but subject to duress or force by a computer hacker.

Abstract: A method and apparatus for authenticating users. Prior art mechanisms require each individual application (running on an “application server”) that the user is accessing to provide for the ability to use the various authentication mechanisms. One or more embodiments of the invention externalize the authentication mechanism from the application in the form of a login server. Only the login server needs to be configured to handle authentication mechanisms. The application server checks if a request has an active and valid session (e.g., a valid session may exist when there is active communication between a client and server that has not expired). If there is not a valid session, the application server redirects the user to the login server. The login server attempts to authenticate the user using any desired authentication mechanism. Once authenticated, the login server redirects the user back to the application server.

Abstract: A system of Flash EEprom memory chips with controlling circuits serves as non-volatile memory such as that provided by magnetic disk drives. Improvements include selective multiple sector erase, in which any combinations of Flash sectors may be erased together. Selective sectors among the selected combination may also be de-selected during the erase operation. Another improvement is the ability to remap and replace defective cells with substitute cells. The remapping is performed automatically as soon as a defective cell is detected. When the number of defects in a Flash sector becomes large, the whole sector is remapped. Yet another improvement is the use of a write cache to reduce the number of writes to the Flash EEprom memory, thereby minimizing the stress to the device from undergoing too many write/erase cycling.

Abstract: A method of transmitting information data from a sender to a receiver via a transcoder is proposed. The information data comprises confidential information data which is encrypted and non-confidential information data. Security information and transcoding-type information is sent together with the partly encrypted information data to the transcoder which uses the security information and transcoding-type information during a transcoding step. The encrypted confidential information data is thereby transcoded without using its content while the non-confidential information data is transcoded, having access to its content.

Abstract: A system and method for Viterbi decoding on encrypted data is disclosed. At the receiver, maximum likelihood decoding is performed based on received input in the encryption domain. When selecting a path from one stage of a Viterbi decoding trellis to the next, a local metric may be associated with each of the possible paths based on Euclidean distance between a received symbol and a path state. The path state is determined by encrypting the binary path state. An overall metric is associated with each state equivalent to a sum of local path metrics along a survivor path of selected paths. At the end of the Viterbi decoding trellis, a decoded and decrypted bit sequence is obtained by tracing back in a conventional manner.

Abstract: A password-only mutual network authentication protocol and key exchange protocol using a public key encryption scheme in which a server generates a public key/secret key pair and transmits the public key to a client. The client determines whether the public key was chosen in an acceptable manner, and if so, continues with the protocol. Otherwise, the client rejects authentication. If the protocol is continued, in one embodiment the client generates a parameterp as a function of the public key and a password (or, in an alternate embodiment, as a function of the public key and a function of a password). If the public key space mapping function FPK applied to p, FPK(p), is an element of the public key message space, then the protocol continues. If FPK(p) is not an element of the public key message space, then the client determines to reject authentication, but continues with the protocol so that the server does not gain any information about the password.

Abstract: A system of Flash EEprom memory chips with controlling circuits serves as non-volatile memory such as that provided by magnetic disk drives. Improvements include selective multiple sector erase, in which any combinations of Flash sectors may be erased together. Selective sectors among the selected combination may also be de-selected during the erase operation. Another improvement is the ability to remap and replace defective cells with substitute cells. The remapping is performed automatically as soon as a defective cell is detected. When the number of defects in a Flash sector becomes large, the whole sector is remapped. Yet another improvement is the use of a write cache to reduce the number of writes to the Flash EEprom memory, thereby minimizing the stress to the device from undergoing too many write/erase cycling.

Abstract: A method is presented for preventing the unauthorized use of a certain protected interface (102) in a processor (101. 101′). An indication (NO PAT, ALARM) of attempted use of the protected interface is generated, and as a response to said indication, at least a major part of the operation of the processor is disabled (DISABLE).