Abstract: An encryption removable storage system that enables different types of storage devices to be conveniently added or removed from a cradle of a computer or equipment and with data encryption/decryption ability, which comprising: an enclosure portion that can slide in and out of said cradle portion, having a hollow space for containing said storage devices and providing connection of the electrical signals of said storage devices; and a bridge portion that can be positioned inside said enclosure portion with the ability of translating a first interface into a second interface and executing data encryption/decryption function, wherein, said first interface is different to said second interface either in signals type or physical connecting type.

Abstract: A method and system to delegate an authority to access collaborative resources are provided. The system enables a participant to re-delegate the authority to another participant by an authorization certificate. A chain of authorization certificates is established along with the re-delegation of the authority from one participant to another. The participant requesting access to the collaborative resources is requested to provide the owner with the chain of authorization certificates for verification. Therefore, the re-delegation process may be performed without the need to notify the owner and yet without comprising the security of the collaborative resources.

Abstract: When image data in which a digital watermark is embedded accesses a server, particularly, a Web server, via a network, the server is appropriately selected and accessed via the network in accordance with the environments of the clients that access the server. A network access terminal includes an extraction unit for extracting first information from an image that includes the first information, which is multi-valued, an acquisition unit for acquiring from a predetermined storage device the first information extracted by the extraction unit and address information specified by second information different from the first information, from among a plurality of address information stored in the predetermined storage device, and a communication unit for accessing an address based on the address information obtained by the acquisition unit.

Abstract: A computer system, method, and computer program product for controlling data communication in an ad-hoc network that connects a wireless device and a nearby wireless device. The method stores an application directory, determines a priority for each entry in the application directory, identifies a selected entry based on the priority, and examines the attributes and security parameters associated with the selected entry. When the security parameters indicate to use a secure connection, the method establishes a security association to support the data communication by querying a database for an existing security association that will satisfy the security parameters. When the query is successful, the method reuses the existing security association. When the query is unsuccessful, the method creates a new security association by establishing a privileged side channel to the nearby wireless device, negotiating the new security association over the privileged side channel, and storing the new security association.

Abstract: A method for creating a proof of possession confirmation for inclusion by an attribute certificate authority into an attribute certificate, the attribute certificate for use by an end user. The method includes receiving from the attribute certificate authority in response to a request by the end user, a plurality of data fields corresponding to a target system, the identity of the end user, and a proof of identity possession by the end user. The method further includes preparing a data structure corresponding to an authorization attribute of the attribute certificate, the data structure including a target system name, the identity of the end user, and the key identifier of the end user. Using a private key associated with the target system, the method includes signing the data structure resulting in a proof of possession confirmation, and sending the proof of possession confirmation to the attribute certificate authority for inclusion into the attribute certificate.

Abstract: An encryption device, a decrypting device, a secret key generation device, a copyright protection system and a cipher communication device including: a CRL memory unit memorizing a CRL, a device key ring memory unit memorizing a specific device key KD_A in every IC card used in a decrypting device, a content key memory unit memorizing a content key Kc, which is a secret key for decrypting content, and a hashing function processing unit calculating a hashing value of the CRL memorized in the CRL memory unit. The devices further including an Ex-OR unit carrying out an exclusive OR between the hashing value and the device key KD_A memorized in the device key ring memory unit, and an Enc unit encrypting the content key Kc memorized in the content key memory unit using an output value of an Ex-OR unit.

Abstract: An apparatus and method for performing cryptographic operations is provided. The apparatus includes a cryptographic instruction, CBC block pointer logic, and execution logic. The cryptographic instruction is received by a pipeline microprocessor as part of an application program executing on the pipeline microprocessor. The cryptographic instruction prescribes one of the cryptographic operations. The one of the cryptographic operations includes a plurality of CBC block cryptographic operations performed on a corresponding plurality of input text blocks. The CBC block pointer logic is operatively coupled to the cryptographic instruction. The CBC block pointer logic directs the pipeline microprocessor to update pointer registers and intermediate results for each of the plurality of CBC block cryptographic operations. The execution logic is operatively coupled to the CBC block pointer logic. The execution logic executes the one of the cryptographic operations.

Abstract: A method for securing patient identity comprising accessing an electronic medical records database including patient data for a plurality of patients. Each patient in the electronic medical records database is assigned a unique patient identifier. Patient data for a first patient, including a first patient identifier, is retrieved from the electronic medical records database. The first patient is de-identified from the patient data. De-identifying includes the creation of a first encoded patient identifier responsive to the first patient identifier. The de-identifying results in de-identified first patient data and includes the replacement of the first patient identifier with the first encoded patient identifier. The de-identified first patient data is transmitted to a data warehouse system. The method further comprises identifying a second patient in response to receiving report data that includes a second encoded patient identifier from the data warehouse system.

Abstract: A digital signature generating apparatus generates a digital signature of digital data. The digital signature generating apparatus includes a receiving unit, the secret key changing unit and a digital signature generating unit. The receiving unit receives one of a first command and a second command. The first command includes information indicating one of a plurality of secret keys, and the plurality of secret keys are included in the digital signature generating apparatus. The secret key changing unit changes a secret key used by the digital signature generating apparatus to a secret key specified by the first command, if the first command is received by the receiving unit. The digital signature generating unit generates the digital signature of the digital data from a hash value extracted from the second command, if the second command is received by the receiving unit.

Abstract: A key delivery apparatus that prevents improper use of contents, and manages a decryption key for decrypting encrypted content and a suppliable number showing how many times the decryption key is suppliable, with respect to one or more terminal apparatuses connected to a network. The key delivery apparatus receives a supply request for the decryption key from a terminal apparatus, and if the terminal apparatus is a legitimate supply target, judges whether the terminal apparatus is a first-type that manages a content-usage period or a second-type that does not manage the content-usage period, and if the suppliable number has a remaining number, supplies to the terminal apparatus, the decryption key and a key-usage period of the decryption key when judged that the terminal apparatus is the first-type and the decryption key when judged that the terminal apparatus is the second-type.

Abstract: An integrated circuit that includes operational circuitry and message digest generation circuitry coupled to the operational circuitry, a method for testing an integrated circuit including message digest generation circuitry, and a system including an integrated circuit (which includes message digest generation circuitry) and at least one external device coupled to the integrated circuit. The message digest generation circuitry is coupled and configured to generate at least one digest of at least one message, where each message is indicative of at least one aspect of the integrated circuit's state. For example, a message can be a sequence of voltages or logic levels sampled at a specific sequence of nodes of operational circuitry of the integrated circuit.

Abstract: An access verifier may act as an intermediary to allow users to receive single use user IDs while protecting their anonymity. The access verifier has some relationship with the user that allows the access verifier to know details regarding the user that might be helpful in determining whether the user is a potentially desirable customer. The user may request a user ID from the access verifier. The user may then pass the user ID to the access provider when the user wishes to gain access. Upon receiving the user ID, the access provider may request verification that the ID is valid from the access verifier. The access verifier may respond that the ID is valid (if appropriate), and also may include user information. The access provider is thereby provided with some level of assurance that the user is a potential customer without knowing confidential information.

Abstract: In a content management method, content data is encrypted by a first key, the first key is encrypted by plural types of second keys, the encrypted first key is multiply encrypted by a third key, and the third key is encrypted by a fourth key. These encrypted content data, a medium key which is the first key encrypted by the second key and a move key which is a first key multiply encoded by the second and third keys are recorded in a recording medium, the third key encrypted by the fourth key is recorded in a security region. This management method is managed by the move key and the medium key.

Abstract: A method and system for authenticating an item by using a security marking. The security marking is provided on the item with an OVD ink capable of absorbing light in a visible wavelength range to appear visibly black and producing a red fluorescent emission under ultraviolet excitation. Under visible light illumination and ultraviolet excitation, a visible image and a fluorescent image are obtained from the security marking using image scanners. The images are compared to find a substantial match with each other. The security marking can be a postage indicium, a barcode, a symbol, a message or an image. The item to be authenticated can be a mailpiece, a banknote, a tag, a ticket, a document, an identification card, or the like.

Abstract: The present invention provides adequate service virtualization and compartmentalization in Network Management Systems for heterogeneous Network Elements to provide interoperability. It introduces a generic mediation layer that can be added to each Network Element that does not provide a network compartmentalization model that is compatible with the one used by the Network Management System. The mediation layer acts as a reverse proxy for the Network Management System to provide an operator with transparent access to an appropriate Management Service. The present invention is also instrumental in providing a high level of security in such hybrid networks.

Abstract: A method of restricting Address Resolution Protocol (ARP) table updates to updates originating from authorized subsystems is disclosed. According to one aspect of the method, an instruction to update an ARP table is received. It is determined whether a particular subsystem from which the instruction originated is authorized. If the particular subsystem is authorized, then the ARP table is updated based on the instruction.

Abstract: Digital signatures having an embedded view of signed data that lock the signed data but permit it to be repurposed are described. One of these digital signatures can be repurposed for signature by others, such as co-signers or counter-signers. Another of these digital signatures includes embedded information sufficient to recreate the embedded view using the signed data. A method for building a digital signature is also described that permits signing different parts of an electronic document.

Abstract: An anti-tampering signature apparatus is provided with an extraction portion 33 for extracting a characteristic quantity that represents a characteristic of image data according to an instruction from a certifier who has certified display data, an encryption/decryption portion 35 that generates encrypted data by encrypting the characteristic quantity using an encryption key paired with an identifier and decrypts the encrypted data into the characteristic quantity, a media writing portion 34 that appends the identifier and the encrypted data to a rewritable medium, and a controller 37 that judges whether or not the decrypted characteristic quantity and the characteristic quantity extracted from image data generated by reading the display data match.

Abstract: An apparatus and method for performing cryptographic operations on a plurality of input data blocks within a processor. In one embodiment, an apparatus for performing cryptographic operations is provided. The apparatus includes a cryptographic instruction, CFB mode logic, and execution logic. The cryptographic instruction is received by a pipeline microprocessor as part of an application program executing on the pipeline microprocessor. The cryptographic instruction prescribes one of the cryptographic operations. The one of the cryptographic operations includes a plurality of CFB block cryptographic operations performed on a corresponding plurality of input text blocks. The CFB mode logic is operatively coupled to the cryptographic instruction. The CFB mode logic directs the pipeline microprocessor to update pointer registers and intermediate results for each of the plurality of CFB block cryptographic operations. The execution logic is operatively coupled to the CFB mode logic.

Abstract: An apparatus and method for performing cryptographic operations on a plurality of input data blocks. In one embodiment, an apparatus for performing cryptographic operations is provided. The apparatus includes a cryptographic instruction, OFB mode logic, and execution logic. The cryptographic instruction is received by a pipeline microprocessor as part of an application program executing on the pipeline microprocessor. The cryptographic instruction prescribes one of the cryptographic operations. The one of the cryptographic operations includes a plurality of OFB block cryptographic operations performed on a corresponding plurality of input text blocks. The OFB mode logic is operatively coupled to the cryptographic instruction. The OFB mode logic directs the pipeline microprocessor to update pointer registers and an initialization vector location for each of the plurality of CFB block cryptographic operations. The execution logic is operatively coupled to the OFB mode logic.