Abstract: A system and method is provided for reliably detecting the file type of a client-requested and by-passing conventional ICAP processing if the detected file type corresponds to a non-viral file. The client-requested file is examined to determine whether it contains a predefined byte pattern (or “file signature”) corresponding to a non-viral type. The signature may be embodied as one or more predetermined “magic bytes” located at known offsets. For instance, the client-requested may be identified as a particular type of image file if it contains the set of magic bytes associated with that image format. Unlike prior implementations, when the client-requested file is determined to contain magic bytes corresponding to a non-viral file type, such as an image file, the file is returned to the requesting client without performing conventional ICAP virus-scanning operations.

Abstract: Apparatuses are classified into a plurality of categories, and based on a media key and device key data held by apparatuses belonging to the respective categories, revocation data intended for revoking the device key held by a specific apparatus of the respective categories is generated for the respective categories, and recorded on a recording medium.

Abstract: A technique for identifying dependencies of an application upon a given security context includes monitoring security checks generated by the application. The security checks requiring elevated rights are identified and the state of execution of the application corresponding to the identified security checks may be logged. The security checks requiring elevated rights may be identified by monitoring access checks, monitoring privilege checks, checking user/group identifiers against a list of known identifiers associated with elevated rights, or the like.

Abstract: An authentication system authenticates remotely generated optical control signals. A remote optical emitter transmits an optical control signal from a remote location. A remote authentication device collocated with the remote optical emitter receives an authentication challenge signal and transmits a compatible authentication response signal. A control optical signal processor positioned at a first location receives the optical control signal from the remote optical emitter and generates a control output signal in response to detection of a valid optical control signal. An authentication device is coupled by a real time data communications link with the optical signal processor and with the remote optical emitter.

Abstract: According to the inventive method, a message is transmitted from an operating mobile radio network (NW2) to a terminal (MS1a) that identifies coding techniques (UEA-NW) supported by the operating mobile radio network in order to establish a connection between the terminal (MS1a) that supports a number (UEA-MS) of coding techniques and the operating mobile radio network (NW2). The terminal selects, if available, a coding technique (UEA) that is supported by the terminal and the operating mobile radio network (NW2), and the connection is operated using the coding technique selected by the terminal. If no coding technique is available that is supported by the terminal and the operating mobile radio network, the connection is operated uncoded only upon prior authorization.

Abstract: The present invention provides a method for performing automatic discovery of controlling policy enforcement points in a policy push computer network. The method involves a policy decision point sending a discover message toward an end point on a computer network; receiving a response from a policy enforcement point; reading a name and address from the received response; and sending a policy decision message to the name and address read from the response. The policy decision message is characterized by content suitable for being installed for a policy enforcement point. In an embodiment, the discover message sent includes a resource reservation protocol and a new policy enforcement point discover object. In another embodiment, the discover message sent causes the policy enforcement point to process the discover message. The policy decision point can receive notification that installation of the policy decision for the policy enforcement point failed.

Abstract: Methods and systems are provided for recommending to a user whether or not to trust content for potential downloading. A system is provided to compute logical default choices based on a user's prior choices, a user's profile and preferences and trust choices made by experts that the user trusts. The system preferably uses Bayesian analysis and other statistical techniques to assign values and weightings to different inputs which, in their aggregate, result in modification to the default option displayed in the user interface.

Abstract: An improved secure programming technique involves reducing the size of bits programmed in on-chip secret non-volatile memory, at the same time enabling the typical secure applications supported by secure devices. A technique for secure programming involves de-coupling chip manufacture from the later process of connecting to ticket servers to obtain tickets. A method according to the technique may involve sending a (manufacturing) server signed certificate from the device prior to any communication to receive tickets. A device according to the technique may include chip-internal non-volatile memory to store the certificate along with the private key, in the manufacturing process.

Abstract: A method and system for controlling access to features on an electronic device, such as a printer, is disclosed. The electronic device is shipped with multiple software features, but one or more of the features may be disabled. According to aspects of the present invention, when a customer subsequently licenses or purchases one of the disabled features, the feature is enabled as follows. A key corresponding to the disabled feature is stored on a portable storage device. When the portable storage device is inserted into the electronic device, the key is customized based on device-specific information of the electronic device, thereby reducing a possibility that the key can be copied and used for enabling the feature on more than one device. The customized key is then used to enable the feature in the electronic device.

Abstract: An apparatus for calculating a representation of a result operand of the non-linear logical operation between a first operand and a second operand includes a first logic gate and a second logic gate. Each operand is represented by two auxiliary operands, which, when linearly combined together result in the respective operand. The first and second logic gates are designed such that an average energy consumption of the first or second logic gate is substantially equal to a plurality of combinations of auxiliary operands at the beginning of a first operation cycle and auxiliary operands at the beginning of a second operating cycle, the average energy being derivable from a plurality of different orders of occurrences of the first to fourth auxiliary operands.

Abstract: A system for providing secure multi-cast broadcasts. The system includes a broadcasting processing system, a security server processing system, and at least one receiving processing system. The security server provides an encryption key to the broadcasting processing system and the at least one receiving processing system. The broadcasting processing system then encrypts broadcast data with the encryption data and transmits the encrypted data over the network. The at least one receiving processing systems then receive the encrypted data and decrypt the data using the encryption key.

Abstract: Method and apparatus for message routing in a computer system (100) is provided. The method includes the steps of: receiving a message in a compressed or encrypted form (302, 402); extracting a portion of the message in its compressed or encrypted form (304, 404); comparing the portion of the message with samples of message portions in compressed or encrypted form (306, 406); and, if a match is found (308, 408), transmitting the entire message to destinations listed in association with the matched sample (310, 410).

Abstract: A method for Access Authentication in the High Rate Packet Data Network is proposed in the present invention comprising steps of the AN-AAA receiving the Radius Access Request message sent from the HRPD AN; the AN-AAA judging whether a terminal is a roaming one according to the Network Access ID and transmits the roaming terminal's authentication information to the terminal's home nerwork. If said terminal is a local one, the AN-AAA judges the type of the terminal according to the NAI value. If said terminal is a single-mode one, the AN-AAA works out the Result2 with the MD5 algorithm. if said terminal is in dual-mode, the AN-AAA calculates the Result2 with the CAVE algorithm to compare the Result1 with the Result2.

Abstract: A method for secure loading of a key dedicated to securing a predetermined operation into memory of a microchip of an embedded system includes, as a first step, authenticating a security device by generating a first random number using the microchip, transmitting the first random number to the security device, generating a second random number in the security device, generating a first cryptogram from the first and second random numbers by applying an asymmetric signature algorithm using an asymmetric secret key, transmitting at least the first cryptogram to the microchip, and authenticating the security device by verifying the first cryptogram using the public key.

Abstract: A method and system for displaying the trusted status of a website by displaying a trust symbol that is displayed as part of the website so that they trust symbol does not scroll when the website is scrolled, preventing the trust symbol from ever being hidden from the user. Specifically, displaying the trust symbol in the comer or bottom of the web page works well. The trust symbol can include information about the website that may be displayed when the computer user interacts with the trust symbol. Both the trust symbol and the information displayed about the website can be generated dynamically by the third party validator for display on website. However the location of the display of the trust symbol remains under the control of the website operator so as not to interfere with the aesthetics of the site.

Abstract: A device for providing access to a remote site is disclosed. Access to the device is gained through an authentication process during which a user password and biometrics are provided to the device. The device also includes a security feature such that only authorized users of the specific device can gain access to it. Once authenticated, the device authorizes access to a remote site (e.g., a web site or a server on a local area network). The communications from the device to the remote site is encrypted and further the hand-held device uses a computer generated password to gain access to the site. In this way, user generated passwords, which are typically simple and infrequently changed, are avoided in favor of a more complex and frequently changed computer generated passwords for site access.

Abstract: An initialization vector (IV) is employed to decrypt a block of a stream that has been encrypted with Cypher Block Chaining (CBC) encryption, without requiring decryption of previous blocks within the stream. For example, a listener who accesses a distribution point to retrieve encrypted content authenticates himself to an application server that regulates access to encrypted content on the distribution point, and responsively receives a key. The listener then requests access to a reference point within the encrypted content stream somewhere after its beginning (e.g., using preview clips). The distribution point relates the reference point to a corresponding block of the encrypted stream, and identifies an IV previously used for encryption of that block. The distribution point provides the associated encrypted block of content and the IV to the listener to enable mid-stream rendering of the encrypted content, without requiring the listener to decrypt previous blocks within the encrypted stream.

Abstract: In a device for performing login processes by storing authentication information for a plurality of users, information indicating whether or not a login history is left, is set for each user and login histories are held according to the set information. User identification information is displayed on the basis of these held login histories and any piece of the user identification information is selected at a login operation so that the user identification information is entered at the login operation.

Abstract: Hijacking of an application is prevented by monitoring control flow transfers during program execution in order to enforce a security policy. At least three basic techniques are used. The first technique, Restricted Code Origins (RCO), can restrict execution privileges on the basis of the origins of instruction executed. This distinction can ensure that malicious code masquerading as data is never executed, thwarting a large class of security attacks. The second technique, Restricted Control Transfers (RCT), can restrict control transfers based on instruction type, source, and target. The third technique, Un-Circumventable Sandboxing (UCS), guarantees that sandboxing checks around any program operation will never be bypassed.

Abstract: A method and system for embedding an authentication signature in an audio-visual signal such that only a part of an entire frame of the audio-visual signal is stored in a memory while the signature bits are calculated and the watermark is embedded. A signature is formed based on a first portion of said audio-visual signal, whereby said first portion is a pattern of horizontal lines of said audio-visual signal and has fewer lines than the number of lines of the entire audio-visual signal. Thereafter the signature generated is embedded in said audio-visual signal in the first portion and/or in another portion of the frame to be authenticated, whereby the other portion also is a pattern of horizontal lines. Thus only memory for some lines instead for all lines of the audio-visual signal is needed. In the case of an interlaced audio-visual signal, the first portion is preferably the first field of a frame of said audio-visual signal and the second portion is the second field of said audio-visual signal.