Abstract: A method for generating a Uniform Resource Locator (URL) is described. Content associated with a web page is obtained. A URL is generated based on the content of the web page. The URL includes one or more tokens. The URL is limited to a token threshold. The token threshold is defined as a maximum number of words in the URL. One or more tokens are removed from the URL. The URL is associated with the web page.

Abstract: A token device that generates and displays one-time passwords and couples to a computer for inputting or receiving data for generating and outputting one-time passwords and performing other functions is provided. The token includes an interface for coupling to a computer. The token may also be coupled to any network that the computer may be connected to, when coupled to the computer. Data and information may be transmitted between the computer and token, and between the network and token, via the computer and interface. The data and information may include one-time password seeding, file transfer, authentication, configuration and programming of the token. The token must be seeded to generate and display one-time passwords. An original, or seed, value is loaded into the token. One-time passwords are subsequently generated or calculated, or both, from the seed value. Seeding of the token involving a counter, time, or time-related functions, may allow synchronization of the token with such functions.

Abstract: Methods, apparati and computer-readable media for securely loading a software module over a communications network from a software provider (SP)(101) onto a tamper resistant module (TRM)(103).

Abstract: A device includes an access control element to compare new acceleration data from an accelerometer with registered gait signature associated with an authorized user of a mobile device to determine the identity of the user of the mobile device.

Abstract: A combinatorial key-dependent network suitable for the encryption/decryption of data on buses and in memories of data-processing devices, has a number of layers, where each layer has a number of elementary building blocks operating on very small block sizes. A generic building block acts on a small number of input data bits, which are divided into two groups of m and n bits, respectively. The m input bits, which are passed to the output intact, are used to select k out of 2mk key bits by a multiplexer circuit; the k bits are then used to select an (n×n)-bit reversible transformation acting on the remaining n input bits to produce the corresponding n output bits. The total number of the key bits in the building block is thus 2mk, which can easily he made larger that m+n. An inverse building block is the same except that the reversible transformations are replaced by their inverses.

Abstract: Disclosed is an approach to system call monitoring in which authenticated system calls from an application are easily verified by an operating system kernel. The authenticated system call may be a system call augmented with extra arguments, which specify the policy for that call as well as a cryptographic message authentication code (MAC) that guarantees the integrity of the policy and the system call arguments. This extra information is used by the operating system kernel to verify the system call with little processing overhead. Versions of the applications in which regular system calls have been replaced by authenticated calls are generated automatically by a trusted installer program that reads the application binary, uses static analysis to generate policies, and then rewrites the binary with the authenticated calls. As a result, hacker attacks, malicious software and the like are less likely to be successful in compromising any computers or networks that employ such authenticated system calls.

Abstract: This invention enhances the security strength of wireless communications in the ad-hoc mode. To this end, it is checked if the communication apparatus and a terminal of a communication partner can concurrently use different encryption keys in correspondence with a plurality of communication destinations. When at least one of the communication apparatus and the terminal of the communication partner cannot concurrently use different encryption keys in correspondence with the plurality of communication destinations, an encryption key uniquely set in the wireless network is set as an encryption key for a communication with the terminal of the communication partner.

Abstract: A form of removable memory, such as a universal serial bus (USB) flash device, may enable a subscription-based computing system from any PC. The device may include an execution unit including a processor, a private memory including an encrypted application, a computing system interface, a cryptographic unit including a secure storage with a number of metering units, and a computer-readable medium. The computer-readable medium may include instructions for routing messages and data from the execution unit through the computing system interface to a connected computing system. Further, encrypted application data may be routed through the cryptographic unit to the execution unit to thereby transform the encrypted application into executable data for use by the computing system. Also, the device may decrement a number of metering units stored at the device during execution of the encrypted application by the computer.

Abstract: Disclosed herein are methods and systems for encoding digital watermarks into content signals. Also disclosed are systems and methods for detecting and/or verifying digital watermarks in content signals. According to one embodiment, a system for encoding of digital watermark information includes: a window identifier for identifying a sample window in the signal; an interval calculator for determining a quantization interval of the sample window; and a sampler for normalizing the sample window to provide normalized samples. According to another embodiment, a system for pre-analyzing a digital signal for encoding at least one digital watermark using a digital filter is disclosed.

Abstract: A data communication system that enhances concealment by significantly increasing the time required for a wiretapper to decrypt a cipher text. The data communication system is constituted by connecting a data transmitting apparatus (13105) to a data receiving apparatus (11201) via a transmission path (110). In the data transmitting apparatus (13105), a multilevel encoding part (111) receives a predetermined first initial value (key information) and information data and generates a multilevel signal that varies in level substantially in a random number manner. A dummy signal superimposing part (118) superimposes a dummy signal on the multilevel signal. A modulating part (112) converts the multilevel signal to a modulated signal of a predetermined modulation form and transmits the modulated signal.

Abstract: An UNENROLLED adapter responds to an enrollment activation signal by generating an enrollment supplicant signal. The enrollment supplicant signal is received by an ENROLLED adapter, an enrollment provider, which responds by formulating and transmitting an enrollment provider signal, including security management service information, to the UNENROLLED adapter. The UNENROLLED adapter changes a network adapter configuration responsive to the security management service information provided by the ENROLLED adapter, by which the network adapter is configured securely, and secure communications are effectuated. Enrolled adapter can solicit enrollment of an UNENROLLED adapter. The activation signal can be a physical or virtual activation sequence.

Abstract: An information processing apparatus allowing proper communication with a communication partner in accordance with a communication time of the communication partner. A reception control unit receives a random challenge (RC) from a transmission terminal and supplies it to a generation unit. The reception control unit transmits an RC reception message indicating an RC reception to a transmission side. The generation unit executes a Hash process relative to RC and supplies resultant authentication data to a generation unit. A transmission control unit controls the generation unit at a timing before a response request command from the transmission side is received, to make the generation unit generate a response message containing authentication data corresponding to the response request command, and when the response request command is received, transmits the response message to a transmission destination terminal. The apparatus is applicable to a content providing system.

Abstract: Provided are a method, system, and article of manufacture for encrypting and decrypting database records. Encryption metadata is provided for a database file having fields, wherein the encryption metadata indicates at least one encryption key for the file. A request is received to perform a read or write operation with respect to a record including the fields for the database file. A determination is made from the encryption metadata of the at least one encryption key for the database file. The determined encryption key is used to encrypt or decrypt for the read or write operation with respect to at least one of the fields in the database file.

Abstract: A cash dispensing automated banking machine that operates in response to data read from user cards includes a cash dispenser, keypad, and a card reader. The card reader is operative to read data bearing records such as user cards that include financial account information. The machine may include an encrypting pin pad (EPP) that is operative to remotely receive an encrypted terminal master key from a host banking system. The machine may authenticate and decrypt the terminal master key prior to accepting the terminal master key using a public key of a certificate authority. The machine may further receive and authenticate a new public for a new certificate authority for use with authenticating further terminal master keys.

Abstract: Secure message transfer of at least one message from a sender to a receiver within a network system may be provided. For example, a message structure information regarding the at least one message may be computed on a sender-side and according to a pre-given scheme. The computed message structure information may be added as message account information into the at least one message to be sent. The message account information may be protected by a signature. The at least one message may be transferred through the network system to the receiver. On a receiver-side, the message account information may be validated after reception of the at least one message and according to the pre-given scheme.

Abstract: This disclosure provides a system and method for updating a control system using an encrypted source code update. The example control system often includes a processor for managing at least a portion of the control system and flash memory communicably coupled with the processor, with the processor operable to load an encrypted update into the flash memory. In one example, a method for updating the control system would include identifying an update for a control system with the update comprising encrypted object code and the control system comprising at least a first processor. At least the first processor is then updated based on or using the identified update.

Abstract: In one embodiment of the present invention, storing a plurality of key value pairs may be accomplished by first, for each of two or more quantities of most significant bits, determining how much overall memory usage will be saved upon removal of the corresponding quantity of most significant bits from each key in the plurality of key value pairs. Then, for the quantity of most significant bits determined to have the most overall memory usage savings, the quantity of most significant bits may be removed from each key in the plurality of key value pairs. Then a first auxiliary data structure may be formed, wherein the first auxiliary data structure contains the removed quantity of most significant bits from each key in the plurality of key value pairs and pointers to the remaining bits of each key of the plurality of keys in a primary data structure.

Abstract: Methods and arrangements to provide computer security are contemplated. Embodiments include transformations, code, state machines or other logic to provide computer security by receiving over a secure network connection a message to signal physical presence to a trusted platform module (TPM) and by signaling physical presence to the TPM in response to receiving the message. Some embodiments may involve sending the message over a secure network connection. In some embodiments, the receiving may be performed by a platform system management module. In many further embodiments, the signaling may include sending a signal over a secure general purpose input/output (GPIO) line or other hardware signaling mechanism. Other further embodiments may include sending a message pursuant to the intelligent platform management interface (IPMI) or other remote management protocol. In other embodiments, the receiving may be performed by a network stack of a basic input/output system. Other embodiments are described and claimed.

Abstract: A cryptographic Serial ATA (SATA) apparatus comprises a main controller, a SATA device protocol stack, a SATA host protocol stack, and a cryptographic engine. The cryptographic engine is operatively coupled between the main controller and the SATA device and host protocol stacks and configured to provide high-speed cryptographic processing.

Abstract: A technique for identifying reply mailer computer program viruses detects whether a reply message is generated in less than a threshold reply time and whether or not the reply message includes an attachment. The generation of a reply message in less than a threshold reply time and including an attachment is deemed indicative of an infected reply message and accordingly that message will be quarantined, deleted, disinfected or the like. The mail server using the present technique maintains a temporary log of email messages sent indicating the sender, the recipient, and the time of sending. This log is used to identify replies and determine whether or not those replies have been received in less than the reply threshold time.