Abstract: An apparatus for manipulating a selectively encrypted data stream in a manner consistent with certain embodiments has a filter that selects a set of packets from the selectively encrypted data stream based upon packet identifier values to produce a stream of packets having clear packets and encrypted packets. A packet substituter inserts a clear version of the encrypted packets into the stream of packets in place of the encrypted packets to produce a stream of clear data. This abstract is not to be considered limiting, since other embodiments may deviate from the features described in this abstract without departing from the invention.

Abstract: A countermeasure method in an electronic component implementing an elliptical curve based public key cryptography algorithm. A new decryption integer d? is calculated such that the decryption of an encrypted message on the basis of a private key d and the number of points n of an elliptical curve provides the same result with d? as with d, by performing the operation Q=d*P, whereby P is a point of the curve. Four steps are employed in the calculation: 1) a security parameter s is determined, 2) a random number k ranging from 0-2s is drawn, 3) the integer d?=d+k*n is calculated, and 4) Q=d?.P is calculated.

Abstract: A W3 Trust Model is described for evaluating trust and transitivity of trust of online services. By introducing a set of trust attributes for each web document, the W3 Trust Model combines a vertically trusted public key infrastructure with a horizontal referral web classification. It provides a mechanism to assess both the trust and the transitivity of trust of web contents in a heterogeneous environment. The trust attributes are categorized in three categories: a first category which relates to contents of the web document, a second category which relates to owner of the web document, and a third category which relates to relationships of the web document and certificate authorities.

Abstract: A method is disclosed for preventing spoofing of network addresses. A binding is established between an Internet Protocol (IP) address, a Media Access Control (MAC) address, and a port. An Address Resolution Protocol (ARP) table is updated based on the binding.

Abstract: Methods and system for routing communication between a client computer and network servers on a data communication network. In response to a request from a web server on the network to authenticate a user of the client computer, an authentication network server directs the client to a user interface network server. The user interface server provides a user interface to the user requesting login information. The authentication server, which is in a different domain than the user interface server, receives and validates the login information. The authentication server further provides a cookie to the client computer if the information retrieved from the user is valid. The cookie has a domain attribute corresponding to the domain of the authentication server.

Abstract: A selective encryption method and apparatus consistent with the invention duplicates selected packets in a file or data stream and multiple encrypts the packets using multiple encryption keys. Each encryption key is valid for a specific segment of time so that changes in entitlement keys used for decryption can be made without negatively impacting a customer's ability to access content that has been paid for.

Abstract: In a system providing for user access of secure resources upon user authentication by a remote authentication server, a successful user authentication is saved locally for use when the authentication server is not available. The successful user authentication returns an authenticated credential which is stored on the local client utilizing a security method such as Public Key Infrastructure which prevents tampering with the credential. If a gateway machine provides connectivity between the client and the authentication server, the credential is also stored on the gateway.

Abstract: A key sharing system is disclosed which uses a public key X?GF(n) (2?X<n) which belongs to a Galois finite field GF(n) for an integer n (n?2), and a polynomial T(•, •) defined in GF(n) by T(a, x)?S(a, x)mod n where S(•, •) is a Chebyshev polynomial defined by S(a, cos ?)=cos(a?) where a is an integer (a?2). In a key sharing apparatus of this system, an integer obtaining unit obtains an integer p (2?p<n), a transmission key calculation unit calculates a transmission key Y?GF(n) using the integer p based on Y=T(p, X), a transmission key sending unit sends the transmission key Y to another key sharing apparatus, a transmission key reception unit receives a transmission key W from another key sharing apparatus, and a common key calculation unit calculates a common key Z?GF(n) using the transmission key W based on Z=T(p, W).

Abstract: Embodiments of the present invention relate to systems and methods for managing information concerning users of a network web site. The system includes a web server for providing access to various network resources, such as web pages and applications and an applications server coupled to the web server for running two or more protected applications, to which access is restricted to authorized users. The system also includes a customer profile and registration application for receiving user login information and authenticating users and providing single sign-on capability. The system further includes a user directory server for centrally managing information concerning users, a first database for storing user credentials and a second database for storing user profile information. User profile information and user credentials can be added, modified, deleted or retrieved by operations carried out within at least one of said applications.

Abstract: A method and apparatus for unique and secure identification of a computing service node. The service node is coupled to an administrative node and to a certificate authority node via a computer network. The administrative and certificate authority nodes have respective public and private keys. A shared key is established between the certificate authority node and the administrative node, and while booting the service node, the service node generates its public key and private key. The administrative node double encrypts a selected value, first using the shared key and second using the public key of the service node, whereby a double encrypted value is generated. The double encrypted value is decrypted at the service node, whereby a single encrypted value is generated. Whether the certificate authority node is able to successfully decrypt the single encrypted value using the shared key determines whether the administrative node is authentic.

Abstract: The methods and apparatus described herein encrypt an unencrypted binary string using an encryption key and a varying-radix conversion method. The encryption key is used to parse the unencrypted binary string into unencrypted sub-strings. The varying-radix conversion method is used to transform the unencrypted sub-strings into encrypted sub-strings. The encrypted sub-strings may then be concatenated together to produce an encrypted binary string. In addition, the reverse process is employed to recover the unencrypted binary string from the encrypted binary string. For example, the decryption process may occur after the encrypted binary string is transmitted over a network communications system.

Abstract: Generating a message digest includes selecting a first hashing procedure or a second hashing procedure for a message having words. If the first hashing procedure is selected, a first function is applied to a first subset of words at a function module to yield a first function output, and a second subset of words and the first function output are combined at an adder to yield a first sum. Next words are generated in accordance with the first sum. If the second hashing procedure is selected, a second function is applied to a third subset of words at the function module to yield a second function output, and a fourth subset of words and the second function output are combined at the adder to yield a second sum. Next words are generated in accordance with the second sum.

Abstract: A system and method for declaring alert indications that occur in an enterprise comprising translating a number of device outputs into a common format event using a number of translation files, and generating a number of knowledge-containing common format events based on matches between the common format events and knowledge base tables. A set of rules determines whether the knowledge base common format events rise to an alert indication for further automated correlation and analysis.

Abstract: The present invention is a data processing apparatus and method for encrypting, sending, receiving, and decrypting secure transmissions using a cellular telephone. The user may either purchase a cellular telephone which contains the encryption and decryption software, download the encryption and decryption software to an existing cellular telephone, or may purchase an encryption component which is adaptable to a conventional cellular telephone. Additionally, the described system of encryption and decryption can be used for secure communications in PDA/cellular telephones combinations and any other type of portable communications device. The encryption process is a Java application which converts the user's audio signal into a wav file. The encryption program then creates a second wav file using the first wav file header. The encryption program then converts the data in the first wav file into encrypted data in the second wav file using public key encryption and a series of data manipulations.