Abstract: A technique permitting an X.509 certificate to simultaneously support more than one cryptographic algorithm. An alterative public key and alternative signature are provided as extensions in the body of the certificate. These extensions define a second (or more) cryptographic algorithm which may be utilized to verify the certificate. These are not authenticated by the primary signature and signature algorithm in the primary cryptographic algorithm. These newly defined extensions are reviewed by a receiving entity if the entity does not support the cryptographic algorithm of the primary signature.

Abstract: Access to content addressable data on a network is facilitated using digital information storing devices or data repositories (“silos”) that monitor broadcast data requests over the network. A number of silos automatically monitor both data requests and data itself that are broadcast over a network. The silos selectively store data. Each silo responds to data requests broadcast over the network with data the silo has previously intercepted. A content addressable file scheme is used to enable the data repositories to reliably identify data being requested. When a data request is received, each silo evaluates whether it has all or a portion of the data being requested and responds to requests when it has the data. Requests for data are implemented by broadcasting a cryptographic has data identifier of the data file needed. The data identifier is used by a silo to determine which data to receive and store.

Abstract: A communications system in which a sending computer encrypts a message using a key associated with the computer which is to receive the message; and the receiving computer uses a key associated with the sending computer in the decryption process. The sending computer is equipped with a set of keys and each key within the set may be used for the encryption process, depending on the destination of the message; and the receiving computer chooses its key based on who the sending computer is.

Abstract: The computer system comprises a local network domain of communicating computers and a connection for communication with an external network. A gate device coupled between the local network and the connection is arranged to check files sent from the local network to the connection for the presence of a security tag in the file, and to send or not send on each file to the connection depending on detection of the presence or absence of the security tag in the file.

Abstract: The present invention relates generally to controlling rendering of video to particular audiences, e.g., children. For example, one claim recites a method including: obtaining video or image data, the video or image data comprising information steganographically hidden in data representing perceptual portions of the video or image data; analyzing the video or image data to obtain the hidden information, the information comprising data associated with suitability for viewing of the video or image data for a particular demographic; comparing the data to predetermined information; and based at least on said act of comparing, determining whether to render the video or image data for display. Of course, other claims are provided too.

Abstract: A hierarchical identity based cryptographic system (“HIBC”) is integrated with the domain name system (“DNS”). A private key is assigned to each of the top level domain name authorities responsible for assigning the top level domain names (e.g., .net, .com, etc.). The private key is generated according to an HIBC system, wherein the corresponding public key is based on the identity of the particular domain authority. When user requests a domain name from one of the top level domain name authorities, the user is issued a private key that is generated by the top level domain authority using its private key and the identity of the user according to the particular HIBC system implemented. The user's corresponding public key can be derived from the identity of the user and the public key of the top level domain name authority.

Abstract: The present invention is a platform of software which is a single, customizable, complete distributed computing security solution designed to be integrated into an enterprise computing environment. Digital Network Authentication (DNA) is the centerpiece of the system of the present invention. It is a unique means to authenticate the identity of a communicating party and authorize its activity. The whole mechanism can be thought of as a trusted third party providing assurances to both clients and servers that each communicating entity is a discrete, authenticated entity with clearly defined privileges and supporting data. Furthermore, the level of trust to be placed in the authorization of every entity communicating within the system is communicated to every entity within a distributed computing environment.

Abstract: Embodiments of methods and apparatus for providing a key management system for wireless communication networks are generally described herein. Other embodiments may be described and claimed.

Abstract: A client-server relational database system, wherein data from the client computer is encrypted by the client computer and hosted by the server computer, the encrypted data is operated upon by the server computer, using one or more operators selected from a group of operators comprising: (a) inequality logic operators, (b) aggregation operators, and (c) wildcard matching operators, to produce an intermediate results set, the intermediate results set is sent from the server computer to the client computer, and the intermediate results set is decrypted and filtered by the client computer to produce actual results. The group of operators is limited because the encrypted results set, when decrypted, includes inaccuracies therein. The client computer applies a set of correction procedures to the decrypted results set to remove the inaccuracies therein.

Abstract: A copy protection system and method enabling storage of copy protection information separately from protected content is disclosed. One embodiment includes a mechanism for playing a recording medium, the recording medium having stored thereon a digital content file and a copy protection information file, the mechanism producing a digital content signal from the digital content file and a copy protection signal from the copy protection file; a digital to analog converter operatively connected to the mechanism for converting the digital content signal to an analog signal; a copy protection detector connected to the mechanism for detecting a copy protection trigger present in the digital content signal; and a signal modifier connected to the copy protection detector for modifying the analog signal to include the copy protection signal in response to detection of the copy protection trigger.

Abstract: Encryption and decryption of data stored from a computing system to a storage medium is disclosed wherein the processing employs a non-accessible encryption key that is unique to the computing system. The unique encryption key can be embedded in non-removable hardware of the computing system or generated, e.g., from identification numbers ascertained from non-removable hardware of the computing system. Processing includes establishing the unique encryption key, encrypting data using the unique encryption key and storing the encrypted data to the storage medium without storing the unique encryption key on the storage medium. The storage medium can comprise any non-removable or removable storage medium, including for example a computer hard drive, floppy diskette, or recordable compact disk.

Abstract: A system and method for providing secure communications between remote computing devices and servers. A network, device sends characteristics of a client computing device over the network. A network device receives characteristics of a client computing device over the network. A plurality of credentials are generated where at least one of the plurality of credentials based on both the received characteristics of the client computing device and a unique client key, and at least one of the plurality of credentials based on both the received characteristics of the client computing device and a generic key. A network device sends the plurality of credentials over the network. A network device receives the plurality of credentials via the network.

Abstract: A clock signal of a master clock of a sender is transmitted to a receiver through a classical channel and is returned from the receiver. The clock signal is transmitted with strong light from a sender-side quantum unit to a receiver-side quantum unit through a quantum channel. A sender-side synchronization section establishes phase synchronization between the clock signal returned from the receiver and the clock signal detected by the sender-side quantum unit, and generates a calibration clock signal. At the receiver as well, a receiver-side synchronization section establishes phase synchronization between the clock signal detected from the classical channel and the clock signal detected by the receiver-side quantum unit, and generates a calibration clock signal.

Abstract: A method and device is provided for making available security functions during the transmission of data from and to a subscriber terminal of a mobile communications network. A real-time analysis of the data flow from and to the subscriber terminal is carried out in a device of a network node of the mobile communications network during which data with contents defined beforehand by the subscriber or by a network operator/provider are identified and processed. This results in protecting the terminal and subscriber's devices connected thereto from external attacks.

Abstract: A data reproducing method for a plurality of devices, for sending and receiving data by authenticating the plurality of devices with each other, said data reproducing method including: selecting, from a plurality of descrambling methods, a scrambling method corresponding to a type of said data, executing authentication by an authenticating method corresponding to the selected descrambling method, where the authenticating method is selected from a plurality of authenticating methods, and reproducing said data.

Abstract: Common authentication and authorization (AA) between networks having disparate access technologies may enable a seamless user transition between the networks. A set of AA credentials from a user attempting to gain access to one of the networks may be received, and a subscriber database of another of the networks may be used to verify the set of AA credentials. A communication protocol common to the networks may be used. Additionally, the user may employ a single set of authentication and authorization (AA) credentials, usable over multiple communication protocol layers. Further, a user may perform a single authentication and authorization (AA) operation when roaming across two or more networks by gathering user's key material during an AA challenge and reply session at a data link layer. The gathered material may be used for an AA challenge at an upper network layer or another network as the user transitions between networks.

Abstract: The invention is directed to a digital data delivery system including a digital data server configured to deliver first key encrypted digital data to a source device, and the first key encrypted digital data is encrypted using a first key. The source device is configured to generate decrypted digital data by decrypting the first key encrypted digital data using the first key, generate second key encrypted digital data by encrypting the decrypted digital data using a second key, and deliver the second key encrypted digital data to a digital data playing device. The first key is thereby based on one or more registration attributes of a user of the digital data server, and the second key is based on one or more attributes of the digital data playing device.

Abstract: According to an aspect of the invention, a management of each authentication subprocess assures the each authentication subprocess, and assurance contents can be verified by verification side, so that trustworthiness of the whole authentication process can be improved. An authentication system includes authentication entity devices which separately execute authentication subprocesses P1 and P2 and a verification device which verifies the executed contents of each of the authentication subprocesses P1 and P2. The entity device includes a confidential information management unit which manages confidential information, an authenticator generating unit which generates an authenticator using the confidential information, and a context generating unit which generates a specific context pursuant to a specific format from the authenticator and the executed contents.

Abstract: A data distribution system is provided which supplies customers with an executable for requested secured data files to provide the customer with fulfillment software, obviating the need for the customer to download fulfillment software prior to requesting secure data. The data distribution system is characterized by server technology which can dynamically encrypt secured data files just prior to a customer request to download the data file. A framework for building a universal data distribution infrastructure is provided which employs Requesters.

Abstract: A method of digital rights management for a broadcast-multicast service, the method comprising receiving a request from a terminal to join a service domain having a common group key; transmitting encryption of one or more service encryption keys using the common group key to the terminal that requested to join; and allowing the terminal to share the same contents and the same services with one or more other devices within the service domain.