Abstract: Content processing is disclosed. An indication that a sender desires to send encrypted content to a destination is received. An agreement is obtained from the sender to provide an access key to a node other than the destination and to encrypt content sent to the destination using an encryption key selected such that the access key is usable to decrypt the content.

Abstract: Mechanisms for securely allowing a participant computing entity to engage in a transaction initiated by an initiator computing entity and managed by a coordinator computing entity. The initiator provides a transaction initiation request to the coordinator. Upon receipt, the coordinator accessing a transaction coordination context that includes information such as a secure key that may be used by a participant to register in the transaction. The coordinator then provides the coordination context to the initiator, which provides the coordination context to the participant(s) that are also to engage in the transaction. Each participant then generates a registration request that is based on the coordination context, and that is secured using the secure key provided in the coordination context.

Abstract: Methods, devices and systems for generating a plurality of public keys from one private key with the same generator of a group are described. A public key cryptosystem is also disclosed for generating a plurality of anonymous public keys all of which relate to the same party used for secure communications. Those anonymous public keys are generated using the same generator from one single private key. With the invention, computation is reduced, memory can be saved and security level can be improved.

Abstract: A multi-band radio having seamless satellite communication capability is provided. The radio includes: a user interface for controlling operations of the radio; an encryption module; a LOS wireless transceiver for transmitting encrypted data at a frequency in the radio frequency spectrum; a BLOS wireless transceiver for transmitting encrypted data at a frequency in the microwave frequency spectrum; and a router for routing the encrypted data to at least one of the LOS transceiver and the BLOS transceiver.

Abstract: A system grants “provisional privileges” to a user request for the purpose of provisionally performing a requested transaction. If the provisionally-performed transaction does not put the system in a degraded state, the transaction is authorized despite the user request having inadequate privileges originally.

Abstract: A system and method for controlling access to multiple public networks and for controlling access to multiple private networks is provided. Authentication is used with unique public shared secrets and unique private shared secrets to control access to the networks. The invention includes a user device for communicating with at least a public network and/or a private network. The device may be capable of accessing multiple networks through one or more private networks with multiple access control servers. The user device must provide a correct response to each access control server, before access to the network may be granted. The device generates a one-time password, or response, to gain access to a controlled network server. The response generated by the device is matched to a response generated by an access control server that may have generated a challenge that prompted the response. If the two responses match, the device is authenticated and a user of the device is granted access to the network server.

Abstract: In a method for increasing peer privacy, a path for information is formed from a provider to a requestor through a plurality of peers in response to a received request for the information. Each peer of the plurality of peers receives a respective set-up message comprising of a predetermined label and an identity of a next peer for the information. The information is transferred over the path in a message, where the message comprises a message label configured to determine a next peer according to the path in response to the message label matching the previously received predetermined label.

Abstract: Cryptographic methods and systems are disclosed. The cryptographic methods provide transparent encryption and decryption of documents in an electronic document management system. The cryptographic system adds a software module to an electronic document management system which traps file I/O events and performs cryptographic functions on the relevant documents before passing control back to the electronic document management system.

Abstract: Methods and devices for transferring data from a non-volatile memory to a working memory of an electronic data processing device are provided. Security data is copied from the non-volatile memory to the working memory. The security data is to be write-protected. A blocking function is activated for the security data in the working memory. The activation is triggered by the copying being made to the working memory. All communication with the working memory is monitored. All write attempts to the copied security data stored in the working memory are blocked according to the blocking function. At least activating a blocking function, monitoring communication and blocking write attempts are performed independently of a central processing unit of the electronic data processing device, such that the central processing unit cannot manipulate the security data.

Abstract: A system and method transfers information relating to quality or standards of an organization from a server to a wireless handheld computing device and from the wireless handheld computing device to the server in real-time or near real-time. Each member of an organization can have the same policies and procedures as soon as any of the policies and procedures are updated. The inventive system can allow an organization to also measure compliance and conformance with the distributed policies and procedures. With the handheld computing devices, each member of an organization can complete tests that are closely tied to the distributed policies and procedures. The results of these tests can be transmitted in real-time or near real-time from the handheld computing devices to a central computer server so that an organization can track current performance of all its members relative to the policies and procedures and relative to each other.

Abstract: An encryption-decryption circuit for encrypting and decrypting data. The encryption-decryption circuit comprises: 1) an N-bit shift register for storing and shifting an N bit keyword; 2) a first exclusive-OR gate array for receiving M bits from the N-bit shift register and generating a one-bit exclusive-OR result that is shifted into an input of the N-bit shift register; and 3) a second exclusive-OR gate array comprising K exclusive-OR gates, each of the K exclusive-OR gates receiving one of K bits from the N-bit shift register and one of K data bits from a received K-bit data word and generating therefrom an exclusive-OR result. The K exclusive-OR gates thereby produce one of: i) a K-bit encrypted data word and ii) a K-bit unencrypted data word.

Abstract: A security system associated with places physically protected by corresponding security mechanisms used to gain physical entry to the places by security mechanism users is managed using a searchable database that stores information on a plurality of places, a plurality of security mechanisms, and a plurality of security mechanism users. Program code provides access to the searchable database and interacts with database users using an Internet-accessible web site. The program code further authenticates each database user attempting to connect to the searchable database, and after authentication, interactively communicates a plurality of screens to database users, where each screen includes only hotlinks associated with security management operations for which those database users are authorized such that the screens do not include any hotlinks associated with security management operations for which the database users are not authorized.

Abstract: A method for monitoring time so that the use of protected content can be controlled includes receiving a trusted time value from a trusted authority external to a client device. When the client is no longer in communication with the trusted authority, the previously-received trusted time value is updated by use of the client's operating system counter so that a calculated trusted time value is derived for content license evaluation purposes.

Abstract: A server in a subscriber television network receives service instances from a headend of the subscriber television network. The server is adapted to encrypt according to an encryption scheme and re-transmit service instances to a client-receiver. The server reformats the service instance from a first format into a second format the client-receiver can access the service instance.

Abstract: A method of authenticating an object comprising an identifier is provided. The method comprises the steps of: (i) reading the identifier using a data reader to generate identity data; (ii) sending an authentication request from the data reader to a computer system, the request comprising the identity data; (iii) receiving, in the data reader, an authentication message from the computer system, the authentication message comprising an indication of authenticity, a description of an object associated with the identity data and a digital signature of the authentication message; (iv) verifying the digital signature; and (v) conveying the description of the object to a user if the signature is valid.

Abstract: A method and a corresponding apparatus for a high availability license management system. The system has a License Backup Server for ensuring uninterrupted service, while at the same time preventing any possible malicious use. According to the present invention, only two servers are required for realizing a secure system. The first server hosts a License Server A 303 and Agent C 305. License Server A 303 contains certificates for all available licenses. The second server hosts a Backup Server B 309 which contains the same licenses of License Server A. Agent C monitors the operation making sure that Backup Server B does not grant any license while License Server A is up and running.

Abstract: A system and a method for providing a secured transmission through an authenticated encryption for each ONU in downlink transmission of an OLT in GPON are provided. The GPON system includes an OLT for generating a GTC downlink frame by receiving data from an external service provider and ONUs for receiving the GTC downlink frame from the OLT and processing the received GTC downlink frame. The OLT performs the authenticated encryption for the generated GTC downlink frame according to the ONU by including an authentication generator and the ONU determines whether the GTC downlink frame is allowed to be processed or not by checking the authentication of the received GTC downlink frame through an authentication checker.

Abstract: The present teachings provide a computer-implemented data-collection method that can comprise displaying a returnable-form, and the form can comprise a plurality of field associations. The form can comprise a form identification value and/or a form return address, and each field association can comprise a field name and a field value. The method can comprise collecting at least one value entered into at least one respective field value of the field associations, saving the at least one value and the returnable form into a transmit unit, and transferring the transmit unit to the form return address. The method can comprise extracting and processing the field associations saved in the transmit unit. A system to carry out the method is also provided.

Abstract: Methods and systems for propagating data security policies and rules up a chain of network components, for example, from an end-user device having a firewall, to a network component at the “edge” of the network, from where a policy statement can be transmitted to a service provider are described. A device, such as a computer or mobile phone, has, as part of its firewall software, a policy propagation file, that communicates with pre-existing firewall software. The firewall software creates a policy statement upon detecting a triggering event, which is transmitted from the device to the next data security component up the chain, “upstream,” in the network. The firewall server may combine policy statements from numerous end-user type devices and transmit the policy statement to an external network component. The ISP or other service provider may then use the policy statement to implement data security rules for the devices in the network.

Abstract: The relay method for relaying an encryption communication in a gateway server between a client device and a content server includes the steps of receiving an encryption communication connection message to the content server from the device; producing a temporary encryption communication permit and a private key of its counterpart for the content server of a destination server name included in the connection message; sending the permit to the device; performing an End-End encryption communication with the device, receiving an encrypted access request message sent by the device, and decrypting and converting the request message to an access request message of a plain text; performing an End-End encryption communication with the content server, and acquiring content information instructed by the access request message; and performing value added processing for the acquired content information and its communication header, encrypting the information and the header, and sending them to the device.