Abstract: Conventionally, an encryption key for encrypting data to be backed up in a tape cannot be allocated for each logical data management unit. To solve the problem, provided is a storage system including: a disk storage device; a tape storage device in which a tape storage medium is loaded; and a controller for controlling the disk storage device and the tape storage device, in which the controller is configured to: generate, upon reception of a request for setting a tape group including one or more tape storage media, a first encryption key used for encrypting data stored in the tape group set by the request; and hold information for correlating the generated first encryption key with the tape group.

Abstract: Embodiments of the present invention help to securely manage a data cryptographic key in a data storage device. In an embodiment of the present invention, a cryptographic processor for encrypting and decrypting data is located between a host interface and a memory manager. In parts of the hard disk drive (HDD), except for the host interface, the HDD handles user data in an encrypted state. A data cryptographic key which the cryptographic processor uses to encrypt and decrypt the user data is encrypted and stored in a magnetic disk. A multiprocessing unit (MPU) decrypts the data cryptographic key using a password and a random number to supply it to the cryptographic processor. Using the password and the random number, the HDD can manage the data cryptographic key with more security.

Abstract: A method and system for transmission of digital content via e-mail with point of use digital rights management is disclosed. The secured access rights to the digital content may be customized for individual recipients by the sender, and may evolve over time. The access rights are enforced according to a time-dependent scheme. A key server is used to arbitrate session keys for the encrypted content, eliminating the requirement to exchange public keys prior to transmission of the digital content. During the entire process of transmitting and receiving e-mail messages and documents, the exchange of cryptographic keys remains totally transparent to the users of the system. Additionally, electronic documents may be digitally signed with authentication of the signature.

Abstract: A system of screening servers, screener client computers, and screening kiosks distribute an applicant screening process among multiple sites and multiple participants. To facilitate and secure communications of screening results and applicant actions, a personal identification code is provided that identifies individual sets of screening results. In this manner, the applicant is authenticated and can then enter appropriate applicant profile data into a secure screening account, such as via a screening kiosk. Screening results may be generated by the applicant in association with a unique personal identification code. This code can then be communicated to the screener, who can access the screening results along with a recommendation, if desired, by sending the code to a screening server. The screener can also enter appropriate screening information into another secure screening account.

Abstract: Provided is a content management device, which is connected with a plurality of terminal devices for performing a content moving operation while considering the conveniences of the users of the individual terminal devices. The content management device comprises a content storage unit stored with one or more contents, a move information management unit stored with first range information indicating the partial or entire range of the content to be moved, a range information receiving unit for accepting second range information indicating the range requiring the move, from one terminal device, a judgement unit for deciding whether or not the range indicated by the first range information and the range indicated by the second range information overlap at least partially, and a control unit for permitting the required range to be moved to the terminal device, in case the decision by the judgement unit is NO.

Abstract: The present invention provides a new trapdoor one-way function. In a general sense, some quadratic algebraic integer z is used. One then finds a curve E and a rational map defining [z] on E. The rational map [z] is the trapdoor one-way function. A judicious selection of z will ensure that [z] can be efficiently computed, that it is difficult to invert, that determination of [z] from the rational functions defined by [z] is difficult, and knowledge of z allows one to invert [z] on a certain set of elliptic curve points. Every rational map is a composition of a translation and an endomorphism. The most secure part of the rational map is the endomorphism as the translation is easy to invert. If the problem of inverting the endomorphism and thus [z] is as hard as the discrete logarithm problem in E, then the size of the cryptographic group can be smaller than the group used for RSA trapdoor one-way functions.

Abstract: Validating a certificate is disclosed. Whether the certificate was previously determined to be valid by one or more peer entities is determined. The certificate is validated based at least in part on the determination.

Abstract: A wireless network system, information providing apparatus and wireless terminal that can prevent the leak of information such as an address of the wireless terminal. A wireless network system includes an information providing apparatus that provides service information over a wireless network, and multiple wireless terminals each of which receives the service information provided from the information providing apparatus. In this case, the information providing apparatus includes destination possibility data in the service information, and each of the wireless terminals determines the destination possibility that the destination of the provided service information is the wireless terminal based on the destination possibility data included in the provided service information accepts the provided service information only if it is determined that there is the destination possibility.

Abstract: Accelerated computation of combinations of group operations in a finite field is provided by arranging for at least one of the operands to have a relatively small bit length. In a elliptic curve group, verification that a value representative of a point R corresponds the sum of two other points uG and vG is obtained by deriving integers w,z of reduced bit length and so that v=w/z. The verification equality R=uG+vQ may then be computed as ?zR+(uz mod n) G+wQ=O with z and w of reduced bit length. This is beneficial in digital signature verification where increased verification can be attained.

Abstract: A system and method are provided for pre-processing encrypted and/or signed messages at a host system before the message is transmitted to a wireless mobile communication device. The message is received at the host system from a message sender. There is a determination as to whether any of the message receivers has a corresponding wireless mobile communication device. For each message receiver that has a corresponding wireless mobile communication device, the message is processed so as to modify the message with respect to one or more encryption and/or authentication aspects. The processed message is transmitted to a wireless mobile communication device that corresponds to the first message receiver. The system and method may include post-processing messages sent from a wireless mobile communications device to a host system. Authentication and/or encryption message processing is performed upon the message. The processed message may then be sent through the host system to one or more receivers.

Abstract: An apparatus, device, methods, computer program product, and system are described that determine a virus associated with communication data on a communications network, the communications network associated with at least one network policy device, associate an anti-viral agent with at least one identifier, prioritize transmission of the at least one identifier through the at least one network policy device, relative to the communication data, and provide the anti-viral agent on the communications network, in response to the prioritizing transmission of the at least one identifier through the at least one network policy device.

Abstract: The invention is directed to techniques for allowing a user to remotely interrogate a target computing device in order to collect and analyze computer evidence that may be stored on the target computing device. A forensic device receives input from a remote user that identifies computer evidence to acquire from the target computing device. The forensic device acquires the computer evidence from the target computing device and presents a user interface for the forensic device through which the remote user views the computer evidence acquired from the target computing device. In this manner, forensic device allows the user to interrogate the target computing device to acquire the computer evidence without seizing or otherwise “shutting down” the target device.

Abstract: The user of any one portable terminal sends a content information request including a user ID to a distribution server. In response, the distribution server distributes a stream data of content that can be used on the user's terminal. If the user of a first portable terminal intends to let a second portable terminal try out a certain content, the user sends to the distribution server the trial permission information including the user's own user ID, a content ID of the content of interest, and a digital signature. The distribution server authenticates the received information before distributing a streaming data of a trial-oriented content with the content ID and user ID attached to it as search keys. This allows the content that can be used on a given user terminal to be tried out on another user terminal without the latter user having recourse to the steps of searching for the content in question.

Abstract: An internet service provider (ISP) is configured to provide notification messages such as service updates to subscribers via redirected web pages. In order for the web pages to be treated as originating from the ISP, the ISP provides a shared secret in the browser message. The shared secret may be a secret not derivable by viruses or trojans in the subscriber computer, such as a MAC address of the subscriber modem.

Abstract: Key derivation algorithms are disclosed. In one key derivation application, a segment of the master key is hashed. Two numbers of derived from another segment of the master key. A universal hash function, using the two numbers, is applied to the result of the hash, from which bits are selected as the derived key. In another embodiment, an encoded counter is combined with segments of the master key. The result is then hashed, from which bits are selected as the derived key.

Abstract: Certain aspects of a method and system for using shared secrets to protect the access of testing keys for a set-top box may comprise receiving within a security processor within a set-top box a plurality of secret keys from a plurality of users. A password may be generated utilizing secret sharing based on the received plurality of secret keys. The generated password may be compared with a generated response. The plurality of users may be authenticated access to the set-top box based on the comparison.

Abstract: A method comprising distributing digital data encoding content and arranged into messages from a server to one or more client terminals through a network, each message being decodable by a decoder application on a client terminal, said method including transmitting a plurality of data packets from the server through a network through a network interface of the server, each packet including at least one header and a payload, each payload including at least part of a message, and providing each message to a first of a series of at least one service interface between two layers in a protocol stack, installed on the server, each service interface configured to add at least one packet header to the packet encoding information enabling the client to process the remainder of the packet.

Abstract: The present invention relates generally to handheld devices and using such to extract identifying data. One claim recites a handheld wireless device including: an input for receiving a subset of database information; electronic memory for storing the retrieved subset of database information, the handheld device including an input device; an optical imaging device for capturing a portion of a map, the portion of the map including at least one steganographic watermark hidden therein through alterations to data representing the portion, the alterations being generally imperceptible to a human observer of the portion of the map, the steganographic watermark including map location information; an electronic processor configured to: determine which information of the retrieved subset of the database information corresponds to the map location information; and control providing corresponding retrieved subset database information. Other claims and combinations are provided as well.

Abstract: Embodiments consistent with the principles of the invention provide client-server application problem-solving capabilities at sites remote from the operational site by supplying server response data to a copy of the client-side application running at the remote site. The client-side application running at the remote site receives the same inputs as the operational site application, allowing application problems and behavior to be reproduced at the remote site. Debugging tools, expertise, and other resources may be more efficiently applied at the remote site to solve problems and explain behavior than would be the case at the operational site.

Abstract: A method for performing a transaction between a legal entity A who has an approval to perform such transaction, and a legal entity B over a network, the transaction being initiated by the legal entity A, wherein the legal entity A, to verify the approval to the legal entity B, associates the transaction with a verification insignia, the verification insignia being a unique transitory insignia provided to the legal entity A by a legal entity C who thereby guarantees that the legal entity A has the approval, the provision of the unique transitory insignia to the legal entity A by the legal entity C being conditioned by the legal entity A providing to the legal entity C a secret identification code confirming the identity of the legal entity A to the legal entity C, the legal entity B validating the unique transitory insignia, and upon positive validation, and only then, accepts the transaction, and the transitory unique insignia being invalidated substantially immediately after the validation.