Abstract: The present invention provides a system and method for providing certified voice and/or multimedia mail messages in a broadband signed communication system which uses packetized digital information. Cryptography is used to authenticate a message that has been compiled from streaming voice or multimedia packets. A certificate of the originator's identity and electronic signature authenticates the message. A broadband communication system user may be provisioned for certified voice and/or multimedia mail by registering with a certified mail service provider and thereby receiving certification. The called system user's CPE electronically signs the bits in received communication packets and returns the message with an electronic signature of the called system user to the calling party, along with the system user's certificate obtained from the service provider/certifying authority during registration. The electronic signature is a cryptographic key of the called party.

Abstract: A system and method are disclosed for providing security for a computer network. Content is generated for a computer associated with the network. It is determined whether a user should be routed to the generated content. If it is determined that the user should be routed to the generated content, the user is so routed.

Abstract: A system and method for implementing adaptive cryptographically synchronized authentication is disclosed. The authentication system includes a controller that dynamically selects one of a plurality of authentication mechanisms to be used in providing authentication for an exchange of message data. The variation in the level of authentication assurance can be based on one or more factors such as the current security conditions and the available CPU utilization.

Abstract: A method for scrambling/descrambling an analog signal includes receiving an analog signal and converting the signal into an intermediate frequency signal. A Gaussian pseudo-random noise signal is generated and then multiplied with the intermediate frequency signal to scramble/descramble the received analog signal.

Abstract: The present invention is embodied in a system and method for monitoring and alerting remote client users of digital intrusions of their computers by host servers. In general, the present invention monitors actions taken by host servers relating to information about the remote client and displays graphical alerts when a digital intrusion or a breach of security occurs during a network connection, such as a connection to the Internet, with the host server. Specifically, the present invention monitors certain aspects of the remote client user s interaction with host servers. Based on certain interaction, such as an attempt by the host server to retrieve non-related information about the remote client, the remote client user can be provided with a graphical alert. This allows the remote client user to make an informed decision whether or not to allow certain host server sites to retrieve the client user s personal information.

Abstract: A system and method are disclosed for detecting and processing attacks on a computer network. Data indicating an attack may be taking place is received. The data is associated with an event. The data is placed in a selected one of a plurality of queues of data to be processed. The data in the queue is processed. Each queue is configured to store one or more sets of data, each set of data being associated with an event to be processed. An administrative domain may be notified that an attack may be taking place. The destination administrative domain may or may not be associated with other than the sending administrative domain. The source of an attack may be identified. Messages associated with an attack may be tracked back to identify a point of attack at which messages associated with the attack are entering a network.

Abstract: Method of detecting a watermark embedded in a signal (S), in which a plurality of frames of the signal (S) is combined to a detection set (Dj) for one detection event. According to the invention, the reliability of watermark detection is enhanced by using non-consecutive frames to form the detection set (Dj). The invention also relates to an apparatus (2) for recording and/or playback of a signal, and to a system for broadcast monitoring, comprising such a watermark detector (24).

Abstract: An apparatus and method for regulating a flow of information based on a position of a key in a lock assembly is presented. Depending on a position of the key in the lock assembly and data flow rules, an electronic circuit regulates a flow of data to a target network. Data flow rules may be based on session type, transmit time, target address and password.

Abstract: A protection system and associated method prevent the automatic crawler access to a company's web-based data, without impacting the ability of an interactive user, such as a consumer, to access the data and to conduct regular business transactions. In one embodiment, the protection system will not prevent the crawler from downloading data; rather, the data will be rendered non-extractable by the crawler. In another embodiment, the protection system will prevent crawler access to the data.

Abstract: A radio communication system has a random access channel for the transmission of data from a secondary station to a primary station while the secondary station is not engaged in a call. A secondary station wishing to use a random access channel resource transmits a preamble encoded with a signature corresponding to the required resource. In response the primary station can transmit a positive acknowledgement (ACK) corresponding to the received preamble, indicating that a channel is available, or a negative acknowledgement (NACK), indicating that the resource is not available. A first set of signatures are used to encode ACKs and a second set of signatures are used to encode NACKs. The two sets of signatures have the property that no signature in one set is the inverse of a signature in the other set, thereby avoiding the possibility of simultaneously transmitting an ACK and a NACK with signatures that are the inverse of one another.

Abstract: A method and system for encrypting, in a telecommunication system, outgoing message traffic between mobile stations operating in accordance with current mobile communication standards and/or between a mobile station and a service provider, and for decrypting incoming message traffic, includes directing encrypted messages to and receiving encrypted messages from only those members of a limited closed receiver group that are located in a given geographic area.

Abstract: When a personal authentication is to be executed, the encryption section of an IC card encrypts biological data and supplies the obtained ciphertext to a sensor unit. When the decryption section of the sensor unit obtains biological data by decrypting the ciphertext, a collation section collates the biological data with input biological measurement data, thereby authenticating personal identification.

Abstract: Computer methods, systems, and devices, providing automatic permutations of a programmed modified random symbol square matrix producing one time pad messages are disclosed enabling messages to be encrypted from plain text which is typed into a computer thereby selecting random symbols from the matrix. Typing in text in a continuous stream yields a continuous stream of enciphered symbols. The input into a computer via an input device activates a computer program driven device called a sliding scale whose function is to select random symbols from the matrix. The sliding scale responds to the program containing the applicable algorithms for encryption and decryption. Initiating input into the computer requires the selection of an entry point to activate the algorithms given in the Appendix herein. In the 96×96 Square described, there are 9216 entry points yielding many individual alphabets from which to select random symbols.

Abstract: A method, an apparatus, and a computer program product for remote authentication are disclosed. The methods are based on exchanging of signals representing remote party's biometrics information (such as acoustic waveforms) and have application in secure telephony or video-conferencing communications over open networks. The apparatus includes a speech encoding/decoding module (632), a control module (636), an encryption/decryption module (640), a key generator (650), a Diffie Hellman key exchange system (660), a timer module (670) for measuring time between a challenged statement and a corresponding response statement, an input/output (I/O) module (680) for transmitting and receiving data via a communications channel 610.

Abstract: A method for authenticating communication traffic includes receiving a first request, such as a DNS request, sent over a network from a source address, to provide network information regarding a given domain name. A response is sent to the source address in reply to the first request. When a second request is from the source address in reply to the response, the authenticity of the first request is assessed based on the second request.

Abstract: A method and system for booting up a computer system in a secure fashion is disclosed. The method and system comprise determining the presence of a security feature element during an initialization of the computer system wherein the security feature element includes a public key and a corresponding private key, storing a portion of the public key in a nonvolatile memory within the computer system if the security feature element is present and utilizing an algorithm to determine the presence of the security feature element prior to a subsequent boot-up of the computer system. Through the use of the present invention, a computer system is capable of being booted up whereby the computer system determines if a security feature element was previously present in the system. If a security feature element was previously present in the computer system, any stored keys, along with the secrets that they protect, are prevented from being compromised.

Abstract: The present invention provides a method and apparatus for password re-entry. In one or more embodiments, the invention is in an environment wherein a password and data are input into the same document. In one embodiment, this environment is the Internet where a web browser displays the output of a web server in a form HTML document. When returning a password, the invention generates two unique identifiers that represent the entries in two password fields. Next, the invention reconstructs the form by including previously entered data in the new form and by substituting the two unique identifiers for the password fields. In one embodiment, the user can edit the password by modifying the unique identifier string. The original text of the password remains safely on the server. If the password is edited, the server compares the unique identifier strings re-sent in the encoded web page with the returned web page.

Abstract: A firewall system and method which optimizes the performance of the firewall process by reducing overhead associated with ACL verification and firewall application-level authorization. The firewall system comprises a session manager operating in the firewall services component and a firewall module operating in the switching process component. In one embodiment, the firewall module is configured to provide certain “non-application” level inspection of data packets and update the context of “sessions” associated with the data packets without sending the packets to the firewall services component using session information provided by the session manager.

Abstract: With a portable compact flash card retaining application software/database set in a portable terminal, the portable terminal performs data processing by accessing the application software/database in the CF card. First, the portable terminal reads terminal ID previously stored in the CF card. Then, the portable terminal compares the terminal ID in the CF card with its own terminal ID previously set, and determines whether or not to be able to access the application software/database in the CF card based on the comparison result.

Abstract: Systems and methods for providing network access, e.g. Internet access, are described. An architecture includes a host organization network through which network access is provided. The host organization network can be advantageously deployed in public areas such as airports and shopping malls. An authentication/negotiation component is provided for authenticating various users and negotiating for services with service providers on behalf of the system users. The authentication/negotiation component can include one or more specialized servers and a policy manager that contains policies that govern user access to the Internet. An authentication database is provided and authenticates various users of the system. An access module is provided through which individual client computing devices can access the Internet. In one embodiment, the access module comprises individual wireless access points that permit the client computing devices to wirelessly communicate data packets that are intended for the Internet.