Abstract: A method for the secure application of a cryptographic algorithm of the RSA type in an electronic component obtains the value of a public exponent e from a given set of probable values, without a priori knowledge of that value. Having determined the value for the public exponent e, the application of countermeasures using the value of e, to block error attacks and side channel attacks, particularly of the DPA and SPA type, are carried out on the application of a private operation of the cryptographic algorithm.

Abstract: A computer architecture for enterprise device applications provides a real-time, bi-directional communication layer for device communication. An identity-based communications layer provides for secure, end-to-end telemetry and control communications by enabling mutual authentication and encryption between the devices and the enterprise. A unique identity is assigned to each device, user and application to provide security services. Telemetry data is communicated between a data producing device and a data receiving device. The telemetry data sent from the data producing device is identified using the identity identifier of the data producing device.

Abstract: Disclosed are systems and methods of authenticating a user on a network, including, based on identity information received from the user, accessing at least one data source to retrieve data associated with the user, comparing the retrieved data against a listing of possible questions associated with the retrieved data to determine associations between the retrieved data and the listing of possible questions, based on a ranking of the listing of possible questions, formulating at least one question set using questions within the listing of possible questions for which retrieved data is available, where each of the at least one question set includes at least two different questions, causing at least some of the questions from the at least one question set to be presented to the user, and, based on responses to the questions from the user, determining whether the user is authenticated.

Abstract: An authentication communication system is capable of storing information relating to revoked devices in less area than is conventionally required. A computer unit stores in advance revocation information that indicates at least one revoked apparatus, and when authenticating a driver unit judges, based on the revocation information, whether or not the driver unit is revoked. The computer unit prohibits communication with the driver unit when the driver unit is judged to be revoked, and communicates with the driver unit when the driver unit is judged not to be revoked.

Abstract: A method and device for detecting intrusion on a computer system utilizes a target server running software that is executed for a client only upon receiving authorization from a monitoring server to execute the software. When an attempt to execute software on the target server by a client is not authorized, monitoring server notifies the system administrator of the unauthorized attempt.

Abstract: A method for inputting a password in a mobile communication terminal. A password character table is provided to pre-store a plurality of special characters corresponding respectively to a number of key inputs. Displayed on a display screen is a special character in the password character table corresponding to the number of inputs of a given character key in a password input mode.

Abstract: A system for secure delivery of on-demand content over broadband access networks utilizes a pair of servers of security mechanisms to prevent client processes from accessing and executing content without authorization. A plurality of encrypted titles are stored on a content server coupled to the network. An access server also coupled to the network contains the network addresses of the titles and various keying and authorization data necessary to decrypt and execute title. A client application executing on a user's local computer system is required to retrieve the address, keying and authorization data from the access server before retrieving a title from the content server and enabling execution of the title on a user's local computer system.

Abstract: In a system providing for user access of secure resources upon user authentication by a remote authentication server, a successful user authentication is saved locally for use when the authentication server is not available. The successful user authentication returns an authenticated credential which is stored on the local client utilizing a security method such as Public Key Infrastructure which prevents tampering with the credential. If a gateway machine provides connectivity between the client and the authentication server, the credential is also stored on the gateway.

Abstract: A method, program and system for processing data is disclosed. The method, program and system comprising the steps of: (a) receiving (e.g., during an enrollment process) a first biometric data and a first personal key, (b) processing the first biometric data and the first personal key through an irreversible cryptographic algorithm, sometimes after: (i) generating one or more variants from the first biometric data, (ii) processing the first personal key through a reversible cryptographic algorithm, and (iii) adding salt to the first biometric data or first personal key, (c) receiving (e.g.

Abstract: A method of and system for collecting an electronic signature for an electronic record stored in a database. In one embodiment the method comprises automatically creating an electronic record from data stored in a plurality of different database tables in response to the occurrence of a predetermined event; storing an instance of the electronic record in a common repository of electronic records that provides an audit trail that cannot be altered or disabled by users of the system; executing a rule associated with the electronic record to determine whether an electronic signature is required to connote review and/or approval of the electronic record; and if execution of the rule results in a determination that an electronic signature is required, marking the instance of the electronic record as unsigned and initiating a request to collect the required electronic signature.

Abstract: A system for secure delivery of on-demand content over broadband access networks utilizes a pair of servers and security mechanisms to prevent client processes from accessing and executing content without authorization. A plurality of encrypted titles are stored on a content server coupled to the network. An access server also coupled to the network contains the network addresses of the titles and various keying and authorization data necessary to decrypt and execute a title. A client application executing on a user's local computer system is required to retrieve the address, keying and authorization data from the access server before retrieving a title from the content server and enabling execution of the title on a user's local computer system.

Abstract: A system and method for managing non-free multimedia contents in an intranet. The system includes proxy managers provided in a server of the intranet, for example, a media center or set-top box, and clients, for example, DRM smart clients in wired/wireless digital information appliances, such as Digital TVs or PDAs. Various kinds of encrypted multimedia contents and license information are converted by the proxy managers into multimedia contents and license information having a format executable by the DRM smart clients.

Abstract: In an inverse calculation circuit, an inverse calculation method, and a storage medium encoded with a computer readable computer program code, a random number generator generates a first random number and a second random number; and an inverter receives a plurality of first bits expressing a first element of a finite field(s) as first inputs, receives a plurality of second bits expressing a second element of a finite field(s) as second inputs. In response to the first and second random numbers, the inverter outputs a plurality of third bits expressing the inverse elements of the first element. The first random number prevents a different power analysis (DPA) decryption attack, and the second random number prevents a timing decryption attack.

Abstract: A method for providing conditional access (i.e., managing access) to a received scrambled audio/visual (A/V) signal from a variety of sources by utilizing secret sharing for key recovery. Secret sharing eliminates the necessity to protect and transfer the complete descrambling keys between devices, because a portion of the key is stored in the device or a smart card coupled thereto.

Abstract: A version number is associated with an encrypted key executable to allow real time updating of keys for a system which facilitates users signing on to multiple websites on different domains using an encrypted ticket. Two keys may be used at each site during updating of keys, each having an associated one digit Hex version tag. When a key is to be updated with a new key, the existing or old key is provided an expiration time. A second key is provided from the system in a secure manner with a new version number and made the current key which provides decryption of the encrypted ticket. The system tracks both keys while they are concurrent. After the existing key expires, only the second, or updated key is used to provide login services for users. The system periodically flushes old keys.

Abstract: A method of and system for searching unstructured data stored in a database. In one embodiment the method comprises storing a plurality of electronic records in a common repository of electronic records in the database that provides an audit trail that cannot be altered or disabled by users of the system where each electronic record comprises unstructured data stored in a character large-object (CLOB) format in a column of a table of the database; creating a security protocol that protects the electronic records against unauthorized access; and creating a query designed to identify electronic records in the database that meet criteria designated in the query. The method further comprises modifying the query in accordance with the security protocol to create a modified query prior to executing the query and running the modified query against the unstructured data.

Abstract: A Method and system for ensuring security-compliant creation and signing of endorsement keys of manufactured trusted platform modules. The endorsement keys are generated for the trusted platform module (TPM). The TPM vendor selects an N-byte secret and stores the N-type secret in the trusted platform module along with the endorsement keys. The secret number cannot be read outside of the trusted platform module. The secret number is also provided to the credential server of the original equipment manufacturer. During the endorsement key (EK) credential process, the trusted platform module generates an endorsement key, which comprises both the public key and a hash of the secret and the public key. The credential server matches the hash within the endorsement key withy a second hash of the received public key (from the endorsement key) and the vendor provided secret. The EK certificate is generated and inserted into the trusted platform module only when a match is confirmed.

Abstract: A user authentication system includes a dialogue manager adapted to prompt the user with multiple, selectable pass-phrases. A selection recognizer recognizes user selection of at least one of the multiple, selectable pass-phrases. A user identity analysis module analyzes one or more potential user identities based on adherence of user selection of the pass-phrase to predetermined pass-phrase selection criteria assigned one or more enrolled users.

Abstract: A system and method is provided that establishes and maintains conditional trust by stating a signal of distrust from a trustee's computing platform to a trustor's computing platform. The trustor attests a trustee at a given time and also sends trust conditions to the trustee upon which the trustor trusts the trustee for some intended purpose. The trust conditions may include restrictions on hardware or software components and any status changes to the hardware or software components. The trustee then monitors the hardware and software components in relation to the trust conditions and reports distrust signals when the trustee's hardware and software configuration no longer matches the trust conditions.

Abstract: A method and system is provided of managing a current software item on a managed computer system connectable to a management computer system via a computer network. The method includes identifying, using an agent application, the current software item on the managed computer system, identifying if the current software item is an unauthorized software item; and selectively disabling the unauthorized software item.