Abstract: Methods and devices are provided for two-way authentication. In one example, a method prompts a user for an account number and a PIN. Upon authentication of the account number and the PIN, an e-mail having a link to a new session is sent to the user. If the account number and the PIN were authenticated, a custom background preselected by the user is presented in the new session and a password is requested. Use of the custom background preselected by the user may help the user authenticate the computer system to which he is attempting to gain entry. Upon authentication of the password, entry to a computer system is permitted. To provide optional, enhanced anti-phishing capability, if the account number and the PIN were not authenticated, the an indication may be made that the e-mail message is being sent.

Abstract: Representing a number of assets on an originating computer begins with selecting the assets to be represented. Cryptographic hash asset identifiers are generated; each of the asset identifiers is computed using the contents of a particular asset. The asset identifier is a content-based or content-addressable asset name for the asset and is location independent. An asset list is generated that includes the asset identifiers computed from the assets. A cryptographic hash asset list identifier is generated that is computed from the asset list. The asset list identifier is stored for later retrieval. The amen selected are also stored for safekeeping either locally or on a computer network. In the event of loss of the files from the originating computer, the asset list identifier is retrieved. Using the asset list identifier, the original asset list is found and retrieved from its safe location.

Abstract: The invention is directed to a digital data delivery system including a digital data server configured to deliver first key encrypted digital data to a source device, and the first key encrypted digital data is encrypted using a first key. The source device is configured to generate decrypted digital data by decrypting the first key encrypted digital data using the first key, generate second key encrypted digital data by encrypting the decrypted digital data using a second key, and deliver the second key encrypted digital data to a digital data playing device. The first key is thereby based on one or more registration attributes of a user of the digital data server, and the second key is based on one or more attributes of the digital data playing device.

Abstract: A robust technique to prevent illicit copying of video information notwithstanding the use of image scaling. A watermark is embedded into the video signal (e.g., DVD's content or other video sources) at different scales (i.e., sizes). The watermark is maintained at each scale for a predetermined time duration that is sufficient to allow the detector circuit in a DVD-recorder, DVHS recorder, DVCR, or any other digital format recorder to detect, extract, and process information contained in the watermark. At the end of the predetermined time duration, the watermark is changed to a different scale preferably on a pseudo-random basis to ensure that each one of all the scales in a predetermined scaling range is achieved a predetermined number of times.

Abstract: A communication system by which a plurality of apparatuses owned by the same user can be registered efficiently are provided. In the communication system, when a terminal ID of a content processing apparatus is registered in a management server and a content reproduction apparatus is to be registered into the management server through the content processing apparatus, transmission of user information is not performed, but a registration request is transmitted which includes the terminal ID and a device ID for identification of the content reproduction apparatus. The management server specifies a registration record based on the terminal ID included in the registration request information, registers the device ID into the registration record and transmits registration completion information to the content processing apparatus. The content processing apparatus then adds a group ID of the content processing apparatus itself to a second source ID list of the content reproduction apparatus.

Abstract: A power supplying apparatus and a power supplying method with superior stability against over-voltage and over-current are provided. The present invention relates to a media receiving apparatus which processes a copy-protected media signal received from an external media source. An interface is provided to connect with the external media source, an authentication processor which periodically generates connection authentication data and transmits the connection authentication data through the interface in reply to a request of the external media source. A controller which determines whether an authentication with the external media source is erroneous and an authentication error signal is provided to the external media source when an authentication error occurs so that the external media source recommences the authentication.

Abstract: An information recording medium 1 is provided with: a user data recording part 3 which records user data; a random-pattern-information recording part 4 which records random pattern information from a random physical phenomenon; and an authentication data recording part 5 which records, as authentication data, medium identification information created on the basis of the random pattern information detected from the random-pattern-information recording part 4 and a digital signature for each manufacturer with respect to the medium identification information.

Abstract: Apparatus for distributing a quantum key between nodes Alice and Allie, comprising a coupler that splits generated photon pulses into first and second pulses P1 and P2; and an interface that transmits the P1's and P2's into a network. The P1's are received after modulation by Alice with respective phases selected from two encoding bases and further selected from within the selected encoding basis as a function of a bit value of a respective bit in a key bit string maintained by Alice. The P2's are received after similar modulation by Allie. A detector processes the P1's and P2's upon receipt to produce a sequence of detection outcomes indicative of phase mismatch between the P1's and corresponding P2's.

Abstract: The invention discloses a method and system for protecting a computer platform from malware. The protection is achieved by encapsulating an application that can serve as a malware conduit within a protected capsule environment, so as to prevent the conduit application or any processes originated therefrom from accessing and making changes to objects associated with an operating system (OS) of the computer platform or with other applications running on the computer platform outside of the capsule environment, thereby preventing the malware provided via the conduit application from contaminating the computer platform outside of said secure protected environment, or capsule.

Abstract: An access control device controls an access right with respect to a plurality of electronic devices in a network for each combination of electronic devices. An authority information generating section generates authority information which is used when an electronic device accesses an application on an electronic device. A permission information generating section generates permission information which is information about whether or not the electronic device permits an access request from the electronic device, in relation with the authority information. An access information storing section stores the authority information and the permission information. A transmission control section transmits via the communication section the authority information to the electronic device and the permission information to the electronic device.

Abstract: A method and system for authenticating requests for accessing network resources are described. Network address information may be associated with a network resource user. An authenticator may maintain the associated network address information. The authenticator may receive, from a requesting party, a request to authenticate the network resource user, where the request may include a network address identifier. The network resource user may be authenticated based on the network address information and the network address identifier. The authentication determination may be forwarded to the requesting party for purposes of controlling access to a network resource of a network resource provider in response to an access request made by the network resource user.

Abstract: Security level of a computing system may be computed based on determining various security factor values for different operational aspects of the processing components. These security factor values are scaled to representative values or other types of identifiers. These security factor values may then be mapped on a security expectation scale, including taking into account the corresponding operational aspects. From this security factor value mapping, a computing system security determination can be calculated, which provides a vulnerability determination for the computing system providing information not only to the individual components, but also to the system as a whole.

Abstract: A secure storage device for securing digital camera data at the acquisition stage. Original digital camera data is saved in the memory of the secure storage device which has the capability of performing one or more security functions, including encryption, creation of an authentication file, adding data to the image data such as fingerprinting, and adding secure annotations such as separate data included in an image-header. The device prepares original authentication data from original digital camera data, and encrypts and stores both the original authentication data and the original image data. The use of the device includes downloading the original image data to a first computer, and encrypted original authentication data to a second computer.

Abstract: Alice generates a sequence of key bits forming an initial cryptographic key. Alice then uses the sequence of key bits and a sequence of cipher bits to control respective control parameters of a quantum encoding process applied to a sequence of quantum pulses, where the sequence of cipher bits used is known to Bob. Alice then releases the encoded pulses towards Bob over a quantum channel. Bob uses the previously agreed-upon sequence of cipher bits to control a control parameter, such as the quantum basis, of a quantum detection process applied to the pulses received from Alice, thus producing a detection outcome for each received pulse. Bob then derives a final cryptographic key from the detection outcomes. Because the cipher bits used to select the quantum bases used by both Alice and Bob are known by both parties, the method allows the final cryptographic key to be distributed with full basis alignment compared to 50% for BB84, thus allowing efficient quantum key distribution over multiple hops.

Abstract: A method of propagating a user's authentication/session information between different requests to Web services in a network includes a web server receiving a request for access to a first web service. The request is intercepted with an agent and authentication credentials are collected. A determination is made whether the web service customer is authenticated and authorized. If the web service customer is authenticated and authorized, a session and session ticket are created. An ID and the session ticket are returned to the web server. The session ticket ID and a public key are encrypted into an assertion. The assertion is sent to the first web service. The assertion is then returned to the web service customer for use with future requests. The assertion can be in the form of a SAML assertion.

Abstract: A method for reliable computation of point additions and point multiplications in an elliptic curve cryptography (ECC) system. Two asymmetric operations are performed: one of the operations is of slightly higher complexity than a conventional ECC operation, and the other operation is of much lower complexity than the first operation. The complexity of the second operation is a function of the desired degree of reliability, or the desired probability of failure detection.

Abstract: An efficient multicast key management is achieved by using seals. A security server generates a seal. In one embodiment, the seal contains a key. In another embodiment, the seal contains information for generating a key. An application server requests the seal from the security server and broadcasts the seal to a plurality of recipients. A recipient wishing to encrypt or decrypt a data stream transmits the received seal to the security server to be opened. If the recipient is authorized, the security server transmits a permit to the authorized recipient. In one embodiment, the recipient generates a key from the permit. In another embodiment, the permit is the key. If the recipient is a sender, the recipient encrypts data using the key and broadcasts the same encrypted data stream to all receivers. If the recipient is a receiver, the recipient decrypts an encrypted data stream using the key. In one embodiment, a seal with a corresponding offset value is sent periodically in a data stream.

Abstract: The import address table of a software module is verified in order to prevent detouring attacks. A determination is made regarding which entries in the IAT must be verified; all of the entries may be verified or some subset of the entries that are critical may be verified. For each external function, the external module containing the external function is loaded, if it is not already loaded. The function address in the exported function table is found. That address is compared to the address for the function in the IAT. Additionally, the external module, in one embodiment, is verified to ensure that it has not been modified. For a delay load IAT, a similar procedure is followed; however the delay load IAT may be periodically checked to ensure that the delay load IAT entries are either valid (indicating that the external function has been bound) or in their initial state (indicating that no binding has yet occurred).

Abstract: An information processing system and method are disclosed in which information processing is performed in a highly efficient manner using an enabling key block (EKB) on the basis of a tree structure including category subtrees. A key tree is produced so as to include a plurality of subtrees that are grouped in accordance with categories and managed by category entities. An EKB is produced so as to include data produced by selecting a path in the key tree and encrypting an upper-level key in the selected path using a lower-level key in the selected path. The resultant EKB is provided to a device. If a change occurs in state of a category tree capable of processing an EKB identified in the EKB type definition list, a notification of the change in state is sent to an entity that uses the EKB thereby making it possible for an EKB requester to perform processing in accordance with a newest EKB.

Abstract: A localization process in a network of source devices and sink devices on a 1394 bus, is performed by a source device while it is communicating to a sink device, which determines local network links from nonlocal ones. An actual round trip time calculation is performed only by the source device and the sink device can be relatively passive. The duties of the sink device are performed in hardware and involve (trivially) modifying the received message while moving the message from the input isochronous channel buffer to the output isochronous channel buffer.