Abstract: A reproducing apparatus for reproducing data from a recording medium and supplying the data to an external apparatus for recording of the data. The reproducing apparatus has a plurality of authenticators for authenticating the external apparatus and the reproducing apparatus selects an authenticator corresponding to a type of the data reproduced from the recording medium and conducts authentication with the external apparatus. After authentication is confirmed, the reproducing apparatus sends the data to the external apparatus to record the data by the external apparatus.

Abstract: A system architecture for thwarting denial of service attacks on a victim data center is described. The system includes a first plurality of monitors that monitor network traffic flow through the network. The first plurality of monitors is disposed at a second plurality of points in the network. The system includes a central controller that receives data from the plurality of monitors, over a hardened, redundant network. The central controller analyzes network traffic statistics to identify malicious network traffic. In some embodiments of the system, a gateway device is disposed to pass network packets between the network and the victim site. The gateway is disposed to protect the victim site, and is coupled to the control center by the redundant hardened network.

Abstract: A power-residue calculating circuit includes: an I/F (interface) circuit with respect to an external bus; an e register holding a key e; a Y register holding a multiplier Y for Montgomery conversion; an N register holding a key N; a B2N register holding a value of (2B+N) calculated during the Montgomery conversion; an X register holding a plaintext X; a calculating circuit performing calculations for encryption and decryption; a P register holding a calculation result P; a power-residue control circuit serving as a state machine when the power-residue calculation is performed; a Montgomery multiplication residue/residue control circuit serving as a state machine when the Montgomery multiplication residue calculation and residue calculation are performed; and an addition/subtraction control circuit controlling calculations addition and subtraction.

Abstract: A circuit that uses a bi-directional buffer as follows: First a tri-state output buffer is connected to a functional clock and a bi-directional port is connected to a test clock. The bi-directional buffer is configured to receive control signals to selectively block and unblock the tri-state output port connected to the functional clock. In addition, the bi-directional port connected to a test clock is connected to the internal logic of the device. When the tri-state output buffer connected to the functional clock is blocked, the test clock transmits a clock signal to the internal logic of the device. When the tri-state output buffer connected to the functional clock is unblocked, the functional clock transmits a clock signal to the internal logic of the device.

Abstract: Utilizes pre-processing (pre-filtering) of target data in order to facilitate and enable robust extraction of a watermark signal. With the present invention the watermarked data is pre-filtered using knowledge of the watermark signal. That is, utilizing knowledge of the characteristics of the watermark signal (for example that it falls in a certain frequency range), aspects or portions of the signal that do not carry the watermark signal are eliminated by filtering. Such filtering can amplify the watermark signal and/or simultaneously reduces the strength of the original (host) content or noise in the data signal that contains the watermark. That is, pre-filtering increases the signal-to-noise ratio of the watermark signal and facilitates the watermark extraction steps (detection and decoding). With the present invention it is possible to extract weak watermark signals from target data.

Abstract: Digital data storage systems, computers, and data verification methods are provided. According to a first aspect of the invention, a computer includes an interface adapted to couple with a dynamic database; and processing circuitry configured to provide a first hash from digital data stored within a portion of the dynamic database at an initial moment in time, to provide a second hash from digital data stored within the portion of the dynamic database at a subsequent moment in time, and to compare the first hash and the second hash.

Abstract: A system and method for performing source path isolation in a network. The system comprises an intrusion detection system (IDS), a source path isolation server (SS1) and at least one router configured to operate as a source path isolation router (SR1) operating within an autonomous system. When IDS detects a malicious packet, a message is sent to SS1. SS1 in turn generates a query message (QM) containing at least a portion of the malicious packet. Then, QM is sent to participating routers located one hop away. SR1 uses the query message to determine if it has observed the malicious packet by comparing it with locally stored information about packets having passed through SR1. SR1 sends a reply to SS1, and SS1 uses the reply to identify the ingress point into the network of the malicious packet.

Abstract: The invention concerns a SIM (subscriber identity module) card (1) for a subscriber on a GSM mobile radio (2) comprising a contact zone (11) to be connected with a mobile apparatus (13, 14) and electronic storage means (10) containing parameters for identifying subscribers of said mobile radio network. Said storage means can also contain one or several other identification parameters, whereby the subscribers of other systems can be identified in these other systems. The other system can accede, for example by an inductance coil (12), to said other identification parameters. The additional identification parameters can be reloaded or modified by remote control from a SIM server (3). Preferably, said parameters are transmitted by short TTP coded messages SMS, between the SIM server and the SIM cards.

Abstract: An apparatus and method provide for an arithmetic built-in self test (ABIST) of a number of peripheral devices having parallel scan registers coupled to a processor core, all within an integrated circuit. Using the data paths of the processor core, operating logic generates pseudo-random test patterns for the peripheral devices, employing a mixed congruential generation scheme.

Abstract: A security protocol system is provided in which at least some of the protocol PDUs are exchanged between the parties operating the protocol in the form of electronic documents formatted according to a self-describing markup language such as XML.

Abstract: A certificate validity verification engine is integrated into the logic of a secure token, in turn, making the use of a private key conditional upon the determination that the certificate for the corresponding public key is valid at that particular instant in time. In this manner, the existence of a digital signature that is verified with a certificate implies that the certificate was valid at the time the signature was created. The verification of the certificate's validity by the relying party is unnecessary, as the signature could not have been created had the certificate been invalid. The validity of a certificate is communicated at the time the signature was created, rather than at the time the signature was verified.

Abstract: A protected execution agent installs itself within a file system manager on the computer to control modifications to a protected execution environment by intercepting I/O requests from applications. If an unauthorized application attempts to modify the protected execution environment, the protected execution agent terminates the original I/O request and creates a redirected I/O request that specifies a corresponding directory path within an alternate environment. The requested I/O operation is a carried out by the file system against the alternate environment. A configuration utility is responsible for determining which installed applications are authorized to change the protected execution environment. The configuration utility also establishes a parent-child relationship between an unauthorized application that invokes or “spawns” an authorized application, with the authorized child application being considered unauthorized when performing processes on behalf of the unauthorized parent application.

Abstract: Provided is a method, system, and program for encrypting files in a computer in communication with a volatile memory and non-volatile storage device. An encryption code is generated to encrypt a file and a decryption code is generated to decrypt one file encrypted with the encryption code. The decryption code is loaded into the volatile memory, wherein the decryption code is erased from the volatile memory when the computer reboots. Files written to the non-volatile storage device are encrypted using the encryption code and the decryption code in the non-volatile memory is used to decrypt files encrypted with the encryption code to transfer from the non-volatile storage device to the volatile memory.

Abstract: Two El Gamal ciphertexts, which are input to a two-input two-output unit switching gates SW forming a permutation network, are randomized with a random number and randomly permuted, and a zero-knowledge proof, which proves the correspondence between the inputs and outputs of the switching gates SW, is output to a verifier without revealing the random number and the random permutation. A decryption unit decrypts ciphertexts from a unit switching gate SW in he last column through the use of a secret key, and proves in zero-knowledge the validity of the decryption without revealing the secret key. A verification unit verifies the proof of each unit switching gate and the proof of the decryption unit.

Abstract: A circuit includes a single circuit portion for implementing the Advanced Encryption Standard (AES) block cipher algorithm in a system having a plurality of channels. The circuit portion includes a circuit for individually generating, on the fly, the round keys used during each round of the AES block cipher algorithm. The circuit portion also includes shared logic circuits that implement the transformations used to encrypt and decrypt data blocks according to the AES block cipher. The single circuit portion encrypts or decrypts data blocks from each of the plurality of system channels in turn, in round-robin fashion. The circuit portion also includes a circuit for determining S-box values for the AES block cipher algorithm. The circuit additionally implements an efficient method for generating round keys on the fly for the AES block cipher decryption process.

Abstract: A method for preventing unauthorized access by a requestor to data sent via computer networks, including a) requesting, from a requesting computer, access to data from a first server, at the first server b) determining if the request is a valid request, c) receiving a ticket from a ticket server, if the request is a valid request d) providing the ticket identifying the requestor to a second server the data is stored, e) directing the requesting computer to request access to the data from the second server, at the second server f) receiving the request from the requesting computer, g) verifying the ticket as identifying the requestor, and h) sending the data to the requesting computer in response to the request.

Abstract: A method performs biometric verifications to authenticate the identification of users using a central biometric authority (CBA). This allows parties to an electronic transaction to be assured of each other's identity. Specifically, at the sender side, a first message to a receiver is generated, wherein the first message includes a message text and a unique message identifier (UMI). At the sender side, a second message concerning a posting to the CBA is also generated, wherein the second message includes the sender's biometric sample, the UMI, and the sender's submission profile record. At a receiver side, it is decided that if a receiver wishes to verify the sender's identity and if so, the first message is automatically verified. At the receiver side, a third message concerning a receiver's posting to the CBA is issued, the third message including only the UMI, as received from the sender side.

Abstract: Scheme for switching a computer system (21), which is connectable via a communication interface and a network (22) to a server module (23), into a special mode of operation. The computer system (21) comprises a software component (26) for sending an identifier (w) assigned to the computer system (21) via the communication interface and the network (22) to the server module (23). In response, the software component (26) receives a token (S), issued by the server module (23), whereby the token (S) comprises a credit (C). In addition, the computer system (21) comprises a trusted hardware component (25) storing the identifier (w) and comprising a credit counter (44) with a credit which is automatically exhaustible step-by-step, and which is updateable with the credit (C) received from the server module (23). The computer system (21) has a trigger unit for switching the computer system (21) into the special mode of operation, e.g.

Abstract: A secured microprocessor includes a rights allocation system for the allocation, to programs executable by the microprocessor, of permanent access rights to certain zones of the memory array of the microprocessor. The rights allocation system confers, on a sub-program shared by at least two programs, temporary rights of access to certain memory zones. The temporary rights are allocated when the sub-program is called by one of the programs as a function of the program calling the sub-program. The rights allocation system provides libraries in a secured microprocessor without harming the integrity of the rights conferred on programs using the libraries.

Abstract: In an information processing system having a plurality of information processing apparatuses connected through a network, at least one of the plurality of information processing apparatuses can add first additional information to input information as an electronic watermark using a first adding method, and can add second additional information to the input information as an electronic watermark using a second adding method. The first adding method has a higher robustness than the second adding method, and the first additional information can be used for identifying the second adding method.