Abstract: Method and system for secure computational outsourcing and disguise of data, computer programs, pictures, and databases from unauthorized access, theft, and tampering using disguising and tamperproofing operations. In some embodiments, the disguising operation includes generating a random number for each data element, and modifying each data element with the random numbers. In some embodiments, the computer program, written in a first programming language, is partitioned into first and second programs; the first program determines whether access to the data is authorized, the second program entangles the second program and the data; and the second program is translated into a second programming language. An embodiment of the present invention comprises a method for identifying the subject of a first picture by comparison to a second picture. Embodiments comprise securing a computer program with real programming code by creating dummy program code and mixing the dummy and real program code.

Abstract: A digital document system in which a digital document in a communication network is shared between a plurality of stations, said system comprising: a first station (101A) having a first digital document (DD1) comprising a thumbnail data item (TH1) and an original data item (HR1); a second station (102A) having a second digital document (DD2) comprising a thumbnail data item (TH2); and a center station (100A) comprising: calculating means for calculating signatures of the thumbnail data items (TH1, TH2) of the first and second digital documents (DD1, DD2); comparing means for comparing the calculated signatures of the thumbnail data items (TH1, TH2); and transmitting means for transmitting information for accessing the original data item (HR1) of the first digital document (DD1) to the second station (102A) according to a result of the comparison.

Abstract: Included are Gateway server GWS which clocks the precise present time, and portable phone MS which performs a packet communication through gateway server GWS and IP server W. Portable phone MS acquires the time information from gateway server GWS, at the time of starting communication with IP server W and corrects, on the basis of this time information, the clocking present time of its own portable phone MS so that it is more precise. In addition, portable phone MS decodes a public key certificate (an electronic certificate issued by Certificate Office C for the public key certificate of IP server W) using the public key of Certificate Office C. Then the portable phone MS judges whether it is within the validity period specified in the public key certificate, using the corrected present time of its own portable phone MS.

Abstract: A device for processing a program code with a plurality of subprogram calls, a subprogram corresponding to a subprogram call taking place by means of an allocation table, has a security module having the allocation table and a processor for using the program code. Access to the allocation table in the security module is restricted. The processor for using the program code is formed to retrieve, responsive to a request for subprogram data, using authorization information, subprogram data via the allocation table in the security module.

Abstract: A system and method for authenticating a terminal in a communication system is described. The method includes executing a terminal authentication protocol, whereby the executing the terminal authentication protocol includes authenticating an identity of a network entity by a terminal in a communication system. The method further includes executing a challenge authentication protocol, wherein the executing the challenge authentication protocol includes sharing challenge data between the terminal and the network entity, and forming at the terminal, test data by at least applying one authentication function to the challenge data using the identifier. The executing the challenge authentication protocol further includes transmitting a message including terminal authentication data from the terminal to the network entity, and determining, based on the terminal authentication data, whether to provide the terminal with access to a service.

Abstract: An information management apparatus capable of reliable management of distributed information and an information providing system employing the same information management apparatus has a main information reproducing system for reproducing main information recorded in a given recording medium; and a reproduction management system for managing the main information reproducing system for reproducing the main information. A receiver is provided with a unit for recording distributed information and control information limiting the number of main information reproducing cycles on a recording medium, and a main information reproducing system provided with a reproduction disabling function for limiting the reproduction of main information.

Abstract: An interactive system for managing access via a communications network by one or more Device-Users and Database-Users with regard to at least one secured Location and an entry control Device assignable for use in gaining access to the Location by the one or more Device-Users. The system may include a searchable database configured to store information on at least one of the secured Location, the one or more Device-Users, the one or more Database-Users or the entry control Device. Software is configured to produce a real time activity report on a selected portion of the stored information during a time period selected by the one or more Database-Users.

Abstract: To gain visiting access to a wireless local area network (W-LAN), the operator of which administers a visitor authentication, authorization and accounting (VAAA) server, a user requesting such access must have a valid cellular mobile account, a portable computing device with a browser and a valid W-LAN card from another operation that administers a home authentication, authorization and accounting (HAAA) server. The user, inputs, via the VAAA server, identity information that enables the HAAA to issue a personal identification number (PIN) which is encoded and forwarded to the user's mobile telephone. This encoded PIN is transferred to the browser to authenticate the requested visiting access, and the costs of such access are billed to the user's cellular mobile account. The requested access is achieved via the user's browser. The user may employ the browser to convey the identity information, to the VAAA via the W-LAN, or via the mobile telephone.

Abstract: A method is described for controlling customer installations of software or data by providing to the customer an encrypted list of authorized installation targets, whereby the installation program reads and decrypts the list, and only allows installation to proceed if the customer's installation target has a serial number that matches one of the vendor-provided serial numbers in the authorization list. Provision is also made for allowing customers to add serial numbers to the list, within constraints predetermined by the software vendor. Also provided is a method for a customer to perform a predetermined number of installations, whereby the software maintains and decrements a counter in an encrypted file on a storage medium, keeping track of how many remaining installations a customer may perform.

Abstract: Methods and apparati for securely loading one or more computer software applications onto a tamper resistant module (TRM) (107) and for securely deleting one or more applications from the TRM. An embodiment of the invention comprises a method for determining, based at least upon an encrypted personalization data block, whether a TRM (107) is part of a qualified set of TRM's to accept loading of an application. Thereafter, the method provides for loading the application onto the TRM (107) only after the first step determines that the TRM (107) is qualified to accept the loading of the application. Another embodiment comprises a method for determining, based at least upon an encrypted personalization data block, whether a TRM (107) is part of a qualified set of TRM's to accept deleting of an application. Thereafter, the method provides for deleting the application from the TRM (107) only when the first step determines that the TRM (107) is qualified to accept the deleting of the application.

Abstract: A security system for a digital trunked radio system having a digital control channel and a plurality of working channels, wherein said working channels are assigned for temporary use of individual radio units by digital control signals transmitted over said control channel, said control channel carrying digital control signals between a base site and said radio units, comprising a digital key, said key used to limit access to the system equipment and system control channel transmissions.

Abstract: Systems and methods for secure messaging are provided. A sender may encrypt content and send the encrypted content to a recipient over a communications network. The encrypted content may be decrypted for the recipient using a remote decryption service. Encrypted message content may be placed into a markup language form. Encrypted content may be incorporated into the form as a hidden form element. Form elements for collecting recipient credential information such as username and password information may also be incorporated into the form. At the recipient, the recipient may use the form to provide recipient credential information to the remote decryption service. The recipient may also use the form to upload the encrypted content from the form to the decryption service. The decryption service may provide the recipient with access to a decrypted version of the uploaded content over the communications network.

Abstract: Technology for applying a communications traffic security policy in which a distinct communications traffic flow is segregated based upon a security value; whereby the communications traffic security policy include one or both of a detection and an enforcement policy. The detection policy may include determining whether the segregated communications traffic flow involves malware; and, the enforcement policy may include a malware policy.

Abstract: Generating a digital signature utilizing a cryptograph key includes: receiving into a computer system input data from a user (UID); generating within the computer system a cryptographic key as a deterministic function of the UID; clearing from the computer system the UID; generating within the computer system a digital signature as a function of the generated cryptographic key; and clearing the generated cryptographic key from the computer system following generation of the digital signature. The digital signature further may be generated as a function of whether a digital signature has yet been generated using the generated cryptographic key following receipt of the UID. Neither the received UID nor the generated cryptographic key is exported from the computer system.

Abstract: When a host computer connected to a network is to remotely control information in an image processing apparatus, authentication to the image processing apparatus is performed by using a password, and, on the basis of an encryption code of an encryption chip stored in the host computer, an authentication process for an operation with respect to the information in the image processing apparatus is performed by using a dictionary in an authentication server.

Abstract: Systems and methodologies for integration of an anti virus AV Plug In(s) as part of an Item Store. The semantics for operation of the AV Plug In(s) are provided by the relational Item Store, via employing a metadata component and a scanning component associated with the Item Store. The metadata component can supply a signature value being associated with the Item Store that can represent the time of scanning of data, and outcome for every scanned item. The scanning component can provide for a queuing of items in the data store in a synchronous and/or asynchronous mode for both scanning and cleaning by the AV Plug In supplied by vendors.

Abstract: A system for communication of a message in which the message intended for a third computer is first encrypted by a first computer and is sent to a second computer. The second computer, acting as an intermediary, + decrypts the message and re-encrypts the message before sending the message to the third computer which again decrypts the message.

Abstract: Methods and systems for flexibly loading an application, e.g., a software application, and associated data from an application provider (101) onto a tamper resistant module (TRM) (103) having an I/O buffer (115) and a memory (119). A method embodiment of the invention comprises determining (501) the size of the TRM's I/O buffer (115), segmenting (503) the application to be loaded and its associated data into a plurality of segments, with each segment adapted to be stored in the I/O buffer (115) and the size of each segment being a function of the determined size of the I/O buffer (115), separately transmitting (505) each segment to the tamper resistant module (103), and storing (603) each separately transmitted segment in a selected one of one or more available spaces of the TRM's memory (119), said spaces selected depending upon the size of each segment and upon which of said available spaces has the smallest available area in the TRM's memory (119) in which the segment can be stored.

Abstract: An outgoing e-mail manager inserts headers into outgoing e-mail messages originating from at least one source on a computer. Each header includes data concerning the source of the e-mail. An e-mail header manager monitors an e-mail stream, and reads headers inserted into e-mail messages. The e-mail header manager applies a security policy to e-mail messages, responsive to the contents of the inserted headers.

Abstract: A method and apparatus for initializing operation for information security operation for an entity utilizes shared information, such as shared secret information, that may be shared between the entity and other applications or operations within a system to initialize an entity. Prestored shared information that can be used as entity identification data (RV) and authentication data (IAK) that is associated with the entity identification data is encrypted and sent in clear text fashion to an initialization authentication unit, such as a server or other processing unit. The initialization authentication unit requests stored shared data from another processing unit that maintains a database. The other processing system then responds to the request by providing prestored shared data that can be used to, for example, decrypt the encrypted information sent in a clear text fashion to determine whether an entity is a proper user of the information security operation.