Abstract: The user of any one portable terminal sends a content information request including a user ID to a distribution server. In response, the distribution server distributes a stream data of content that can be used on the user's terminal. If the user of a first portable terminal intends to let a second portable terminal try out a certain content, the user sends to the distribution server the trial permission information including the user's own user ID, a content ID of the content of interest, and a digital signature. The distribution server authenticates the received information before distributing a streaming data of a trial-oriented content with the content ID and user ID attached to it as search keys. This allows the content that can be used on a given user terminal to be tried out on another user terminal without the latter user having recourse to the steps of searching for the content in question.

Abstract: A computer program product and method are provided for optimizing the size of an Elliptic Curve Cryptography (ECC) scalar multiplication table. Steps include (a) receiving, from a user interface, a set of integer multipliers, (b) choosing a subset of a given set of target integers, the chosen subset defining an index set, such that elements of the index set generate all elements of the given set of target integers using a target generation function, and (c) modifying the index set by removing an element from the index set which is not necessary to generate an element of the given set of target integers using the target generation function. Additional steps are also included depending on the embodiment.

Abstract: A system and method for providing persistence in a secure network access by using a client certificate sent by a client device to maintain the identity of a target. A security handshake is performed with a client device to establish a secure session. A target is determined. A client certificate is associated with the target. During subsequent secure sessions, the client certificate is used to maintain persistent communications between the client and a target. A session ID can be used in combination with the client certificate, by identifying the target based on the session ID or the client certificate, depending on which one is available in a client message.

Abstract: A system, method, and computer program product are provided for buffering an audio video (AV) stream, audio/video header information, and an audio/video elementary stream for hardware audio/video digital rights management (DRM) processing. In operation, an AV stream encrypted under a shared symmetric key in an M2TS format is buffered, where the AV stream includes content including at least one of audio or video and all content data associated with the AV stream is removed at picture level and below, with the exception of content headers associated with the content data. Additionally, content header information encrypted under the shared symmetric key is buffered, the content header information indicating locations of the content headers associated with the content data. Further, a content elementary stream encrypted under a hardware secret key is buffered for consumption of a hardware bit stream decoding engine.

Abstract: The present invention is an apparatus and method for associating electronic devices to portable containers. A smart container is a container used for transporting items while traveling and comprising electronic devices. The smart container may comprise at least one module bay configured for receiving a module and a controller comprising a processing device associated with a memory. The controller is electrically associated with the module bay and configured for sending and/or receiving data to/from an electronic device associated with the module bay. The controller may be either an integral component of the smart container or a controller module removably received by the smart container. The smart container further comprises a power source associated with a power bus. The power bus is electrically associated with at least one of (a) a module bay, and (b) the controller.

Abstract: Apparatus and method are disclosed for digital authentication and verification. In one embodiment, authentication involves storing a cryptographic key and a look up table (LUT), generating an access code using the cryptographic key; generating multiple parallel BPSK symbols based upon the access code; converting the BPSK symbols into multiple tones encoded with the access code using the LUT; and outputting the multiple tones encoded with the access code for authentication. In another embodiment, verification involves receiving multiple tones encoded with an access code; generating multiple parallel BPSK symbols from the multiple tones; converting the BPSK symbols into an encoded interleaved bit stream of the access code; de-interleaving the encoded interleaved bit stream; and recovering the access code from the encoded de-interleaved bit stream.

Abstract: A CPU contained in an information processing apparatus in accordance an exemplary embodiment of the present invention outputs an access request including first access destination address information by a first program, and outputs a check request including second access destination address information when the execution program is switched from the first program to a second program as a result of a program call from the first program to the second program. A protection setting check portion contained in the information processing apparatus checks whether or not the check request including the second access destination address information conforms to protection setting for the first program based on memory protection information that is established in a memory protection information storage portion to detect a violation by a memory access request by the first program.

Abstract: A cryptography processor includes a central processing unit and a co-processor, the co-processor comprising a plurality of calculating subunits as well as a single control unit which is coupled to each of the plurality of calculating subunits. A cryptographic operation is distributed among the individual calculating subunits in the form of sub-operations by the control unit. The central processing unit, the plurality of calculating subunits and the control unit are integrated on a single chip, the chip comprising a common supply current access for supplying the plurality of calculating subunits and the control unit with current. Due to the arrangement of the calculating subunit in parallel, on the hand, the throughput of the cryptography processor is increased. On the other hand, however, the current profile that may be detected at the supply current access is randomized to such an extent that an attacker can no longer infer numbers processed in the individual calculating subunits.

Abstract: Methods and systems are disclosed for providing one or more protected segments of a media content segment, selectively providing access to at least a portion of said one or more protected segments in response to an access of a gating segment for a duration, and setting said duration in response to a selection to access said media content segment.

Abstract: A method of authorising use of a computer program only able to be used when an authorised message is received from an authorising system includes providing an authorisation system, making a request to use a computer program, signalling the request to the authorisation system, the authorisation system recording the use of the computer program and providing the authorisation message to the computer program upon receipt of the authorisation message the computer program may be used.

Abstract: Embodiments of the present invention provide a method, system and computer program product for multi-variable challenge-response. In an embodiment of the invention, a method for multi-variable challenge-response can include receiving a request to access content from an end user computing device from over a computer communications network. The method also can include selecting different objects for inclusion in an object set and applying a different characteristic to each of the different objects in the object set. A question and answer can be generated based upon each of the different characteristics. Further, a challenge-response prompt can be transmitted to the end user computing device such that the prompt includes the different objects with different characteristics applied, and also the generated question. A response to the challenge-response prompt can be received and compared the response to the computed answer.

Abstract: Computer implemented methods, apparatus, and computer-readable media for detecting suspected spam in e-mail (24) originating from a sending computer (21). A method embodiment comprises the steps of determining (11) the actual IP address (23) of the sending computer (21); converting (12) the actual IP address (23) into geo-location data; and, using the geo-location data, ascertaining (13) whether the e-mail (24) contains suspected spam.

Abstract: Various embodiments provide protection against web resources associated with one or more undesirable activities. In at least some embodiments, a method detects and responds to a user-initiated activity on a computing device. Responding can include, by way of example and not limitation, checking locally, on the computing device, whether a web resource that is associated with the user-initiated activity has been identified as being associated with a safe site. If the web resource is not associated with a safe site, the user will be notified and given the option to check remotely, away from the computing device, whether the web resource is identified as being at least possibly associated with one or more undesirable activities.

Abstract: An improved technique involves dynamic generation of at least a portion of an acceleration table for use in elliptic curve cryptography. Such dynamic generation is capable of providing savings with regard to carrying out elliptic curve cryptography without an acceleration table. Furthermore, once the portion of the acceleration table is dynamically generated and stored (e.g., in a high speed cache), the portion of the acceleration table is capable of being used on subsequent elliptic curve cryptography operations as well thus enabling the cost of dynamically generating the acceleration table to be amortized across multiple elliptic curve cryptography operations.

Abstract: In multimedia systems requiring secure access, a method and apparatus for constructing an access control matrix for a set-top box security processor are provided. A security processor may comprise multiple security components and may support multiple user modes. For each user mode supported, at least one access rule table may be generated to indicate access rules to a security component in the security processor. An access control list comprises information regarding the access rules for a particular user mode to the security components in the security processor. An access control matrix may be generated based on the access control lists for the user modes supported by the security component. The access control matrix may be implemented and/or stored in the security processor for verifying access rights of a user mode. Results of operations associated with security components may be transferred to other processors communicatively coupled to the security processor.

Abstract: A system and method for providing an indication of randomness quality of random number data generated by a random data service. The random data service may provide random number data to one or more applications adapted to generate key pairs used in code signing applications, for example. In one aspect, the method comprises the steps of: retrieving random number data from the random data service; applying one or more randomness tests to the retrieved random number data to compute at least one indicator of the randomness quality of the random number data; associating the at least one indicator with at least one state represented by a color; and displaying the color associated with the at least one indicator to a user. The color may be displayed in a traffic light icon, for example.

Abstract: The present invention aims at solving the financial revenue loss due to the presence of digital video recorders that allow skipping the commercial breaks.

Abstract: This invention describes a system and methods for media content subscription service distribution; typical services include cable television, premium content channels, pay-per-view, XM radio, and online mp3 services. Subscribers use portable electronic devices to store digital certificates certifying the subscriber's privileges and an assigned public key. The devices can communicate with specially enabled televisions, radios, computers, or other media presentation apparatuses. These, in turn, can communicate with central databases owned by the provider, for verification purposes. Methods of the invention describe media content subscription service privilege issuing and use. The invention additionally describes methods for protecting media content transmitted to users with a variety of encryption schemes.

Abstract: A device for use in a system with multiple receiving units, and multiple intermediate units each configured to communicate with the device and at least some of the multiple receiving units, includes a communication module configured to send information toward and receive information from the receiving units and the intermediate units, a memory, and a processor coupled to the memory and the communication module.

Abstract: A method of managing utilization of network intrusion detection systems in a dynamic data center is provided. A plurality of network intrusion detection systems are provided, each being networked so that utilization of each network intrusion detection system can be based on demand for the network intrusion detection systems in the dynamic data center. A monitoring policy and a plurality of monitoring points to be monitored on a network with any of the network intrusion detection systems are received. Further, the monitoring of the monitoring points is automatically arranged using the network intrusion detection systems and the monitoring policy.