Abstract: A method and apparatus for enabling use of multiple digital rights management scenarios (DRM). Unencrypted data representing digital content is examined to identify at least segments of content for encryption. The identified segments of content are duplicated and then encrypted using a first encryption method associated with a first DRM to produce first encrypted segments. Duplicates are encrypted using a second encryption method associated with a second DRM to produce second encrypted segments. A set of pointers are generated that point to the first and second encrypted segments content. A file is then created containing first and second encrypted segments of content, pointers and unencrypted content along with DRM rights data to produce a selectively encrypted multiple DRM enabled file.

Abstract: A computing environment includes client computers in communication with a mainframe computer. The mainframe computer stores customer data under keys. A client computer is adapted to execute one or more application programs and a desktop bus. Each application program has a bus interface component for enabling the application program to communicate with the bus. Upon execution, each application program preferably registers with the bus. When an application program learns a key from a source other than the bus, the application program sends a message to the bus including the key. The bus stores the key and, depending upon whether another application is designated as either “hot” or “cold,” either sends the key to the application or notifies the application that the key has changed. In response to receiving the key, the application accesses the mainframe to retrieve the associated customer data.

Abstract: A method of authorizing a key or lock device comprises the following steps: a first user device and a first system device used in a first level of a lock system, such as at a manufacturer, are created. A first encryption key is stored in the first user device and the first system device. When the user device is to be shipped to a second level of the lock system, such as a locksmith, an authentication process is carried out between the first user device and the first system device using the first encryption key stored therein. In case the authentication process was successful, a software operation is carried out by the first system device, by which the first encryption key stored in the first user device is replaced by a second encryption key. This second encryption key is stored in second system and user devices used in the second level of the lock system, thereby making the first user device operable with the second system and user devices. This prevents unauthorized use of keys and locks.

Abstract: A system for the compression and decompression of image files is provided. A library of basic waveforms is produced by applying selected digital initialization codes to a chaotic system. Each basic waveform is in one-to-one correspondence with an initialization code. A weighted sum of selected basic waveforms is used to approximate each slice of an image. The basic waveforms are then discarded and only the weighting factors and the corresponding initialization codes are stored in a compressed image file. When the compressed image file is decompressed for playback, the stored initialization codes are stripped out and applied to a similar chaotic system to regenerate the basic waveforms, which are recombined according to the stored weighting factors to produce an approximation of the original image slice.

Abstract: Methods and systems are provided for improving security, efficiency, access control, administrative monitoring, reliability as well as integrity of data transmission and remote application sharing over a network. Secure, stable network connections and efficient network transactions among multiple users are supported by an improved client-server architecture. A datagram schema is provided, which enables dynamic datagram switching in support of a multitude of applications and network services. Mobile intelligent data carriers are provided, allowing for the implementation of an authentication and encryption scheme. They may be used to target deliver applications to authorized user, thereby controlling the access to not only data but also applications. Biometrics and other suitable authentication methodologies may be employed in delivering the pervasive, user-centric network security solutions disclosed.

Abstract: According to one embodiment of the invention, a network user authentication method includes receiving a network identification and a password associated with a user, validating the network identification and the password, generating a passkey for the user, and sending the passkey to the user for temporary storage in a computer of the user.

Abstract: A method and apparatus in a data processing system for detecting monitoring of access to content. Content from a source using an identifier is requested, and a set of identifiers used to reach the content is sent to a validation service. The validation service retrieves content using the set of identifiers. Identifiers within the retrieved content is compared with identifiers located within the set of identifiers. If a match between identifiers in the set of identifiers and those identifiers in the retrieved content is absent, a response is generated indicating that access to the content is being monitored. In response to receiving the response from the validation service, the receipt of content from the source is selectively prevented.

Abstract: A remote user establishes an interactive session. A pre-determined backup set is encrypted at a remote user site according to a key based upon the user's password. Encrypted backup data is then transmitted to a backup archive server and decrypted utilizing the user's password generated key and re-encrypted according to a user specified backup set key and stored upon an auxiliary storage unit. The present invention further embodies a retrieval process wherein a remote user designates one or more files to be retrieved and the backup set encryption key used during the initial backup operation. Software executing within the backup archive server CPU retrieves and decrypts the specified files according to the originally specified backup set key and re-encrypts the files according to the remote user's password. Retrieved information is then transmitted to the remote user whereupon it is subsequently decrypted at the remote user site.

Abstract: Applications/functions within an electronic processing device having a GPS card and antenna, such as a laptop or personal digital assistant, can be enabled only when in a specified geographic location. For each critical application/function, its accessibility is programmed to be enabled/disabled only in specified geographic regions. No additional passwords are required: access or abortion of an running program are automatic. The geographic regions can be input into the electronic processing device using GPS processing or using a graphical user interface on a map. Other methods of determining the boundaries of the appropriate geographic regions for each applications/functions are disclosed. An application/function will not be opened if the electronic device is not within the geographic region associated with the application/function.

Abstract: A multicast system comprises: a sender terminal for transmitting multicast data; a receiver terminal for receiving multicast data; an authentication server processor for managing the sender terminal and the receiver terminal; a first user processor provided in the sender terminal for transmitting a login requirement to the authentication server processor; and a second user processor provided in the receiver terminal for transmitting a login requirement to the authentication server processor, so that a user is identified by individually authenticating the user using a specified authentication server.

Abstract: A method and apparatus for protecting a computer system. Specifically, a method and system for validating portions of memory at each power-on cycle is described. A Boot Block is used to validate the BIOS, CMOS and NVRAM of a system. The BIOS may also be used to validate the Boot Block, CMOS and NVRAM.

Abstract: Systems and methods are provided for encrypting content sent to a user. The user terminal is assigned a serial number. When content is received by the user terminal, it is encrypted and the serial number is embedded into the encrypted content. The content is decrypted if the serial number embedded in the encrypted content is the serial number associated with the user terminal. Content may also be simultaneously stored and displayed.

Abstract: A cryptographic communications method based on ID-NIKS, wherewith mathematical structures are minimized, the collusion problem can be circumvented, and building the cryptosystem is simplified. A plurality of centers are provided for distributing a plurality of secret keys to a plurality of entities, respectively. Each secret key is unique to each entity. Information specifying the entities (entity ID information) is divided into a plurality of pieces or segments. All secret keys produced for the pieces of entity ID information are distributed to the entities. Using a component contained in the secret key peculiar to itself, each entity generates a common key to be shared by another entity. This component corresponds to a piece of ID information of another entity.

Abstract: A system and a method for creating and controlling electronic agreements. In general, the system includes a server and at least one client interconnected through a communications medium. In operation, the system only allows access to authorized users. Once a user gains access, the user inputs commands and data that are necessary to create an electronic document. Upon completion of the electronic document, the user can invoke a signature process. During the signature process, the parties to the agreement enter electronic signatures. The present invention operates to encrypt the electronic document and then encrypts each of the signatures using an encryption key that is based, at least in part, on the contents of the electronic document. This aspect of the system prevents the creation of fraudulent versions of the electronic document because any modifications to the electronic document will invalidate the encrypted signatures. Finally, the system operates to transfer the electronic agreement to a secure server.

Abstract: In order to provide a software defined radio and an approval system of a radio which can flexibly cope with specification alteration, a software defined radio includes a storage for holding transmission and reception characteristic information serving as a specification criterion; and a control unit for comparing a measured value obtained from a measurement circuit with the information of the specification criterion and conducting setting of the radio so as to satisfy the specification.

Abstract: A video signal reproduction system for receiving a video signal transmitted via a satellite communication link at a receiving device. A copy permission indicator is inserted in the received video signal. The copy permission indicator is generated on the basis of copy management information that has been appended to the video signal and detected by the system. The indicator is in the form of a multiple of coded bits which are arrayed at a pre-set position in the video signal and are operable to indicate a generation limitation on copying of the video signal.

Abstract: Role based authorization in a service control manager (SCM) module may allow a system administrator to delegate responsibility to other users by assigning tool based roles to these users on some system so they have full access to such system. To ensure system security, after receiving a request from a user to run a tool on a set of target nodes, an SCM security manager may need to check whether the user is authorized to run the tool on the target nodes. For every target node requested, the security manager may need to check whether the user is authorized on the node, and whether the user is authorized for one of the tool's enabled roles on the node. If the user is not authorized on each of the nodes requested, or is not authorized for any of the tool's enabled roles, the tool is not runnable by the user.

Abstract: A method for executing end to end authentication in a network environment is provided that includes initiating a communications tunnel with a layer two tunnel protocol (L2TP) network server (LNS) and communicating an activate context request that includes an authentication protocol in a protocol configuration option (PCO) field, the activate context request being received by a gateway general packet radio service (GPRS) support node (GGSN) that initiates a link control protocol (LCP) negotiation with the LNS, the GGSN being operable to communicate an activate context response that may be received by the mobile terminal. An authentication response may be calculated by using a secret value and a challenge value which is provided by the GGSN, the authentication response being used to establish a communication session associated with the mobile terminal.

Abstract: A transmission apparatus, a reception apparatus, a transmission method, and a reception method, which are used for transmission and reception of encrypted digital data protected against illegal decryption of the encrypted digital data by a third party capable of inferring an encryption algorithm by decryption of a pattern having a known pre-encryption value, and a recording medium for recording the encrypted digital data.

Abstract: An apparatus and a method authenticates a user according to biometric information such as a fingerprint, voice, etc. A biometric information input unit inputs biometric information. An extraction unit extracts biometric information extracts biometric feature information from the input biometric information. An estimation unit estimates the matching precision of the extracted biometric feature information. A request unit requests an input of additional authentication information. An authentication information input unit inputs authentication information. A biometric feature information registration unit preliminarily stores registered biometric feature information. An authentication information registration unit preliminarily stores additional registered authentication information. A biometric feature information matching check unit has a matching check between the extracted biometric feature information and the registered biometric feature information.