Abstract: User friendly gateway log-in system for validation of a user's identity for entry into a master security website that provides a gateway to a plurality of different subscriber websites includes: (a) a plurality of user computers; (b) an internet; (c) a host server connected to the internet for connection to user computers; and (d) a website program hosted on the host server for a website that requires individual user security, for connecting each of the plurality of computers to the website available to the user computers, that includes an open log in field. The program has software for secured activity for receiving and recognizing a unique user identification from a user of a user computer to create a personal combination lock rule for a unique easy-to-remember user initialization input that includes a preset selection and operation of the intersection of a first randomly arranged challenge presentation and a second randomly arranged challenge presentation to obtain a selection solution.

Abstract: In accordance with an embodiment of the present invention, a trusted client includes a non-volatile memory programmed with an encrypted disk key. The encrypted disk key in the non-volatile memory is encrypted with a master key of a security processor. Accordingly, encrypted data received by the central processor from a disk's security logic is forwarded to a security processor along with the encrypted disk key. The security processor decrypts the encrypted disk key and then decrypts the encrypted data, utilizing the disk key. The disk key is never available to the central processing unit in the clear.

Abstract: A portable storage device including a microprocessor and a secure user data area, the microprocessor operable to perform on-the-fly encryption/decryption of secure data stored on the storage device under a user password, the microprocessor also operable to exclude access to the secure user data area unless the user password is provided.

Abstract: A method and apparatus for single sign-out from one or more application servers in a distributed computing environment. A user accesses at least one second application server via a first application server. The user is able to sign-out from all the application servers to which he is connected via the first application server by signing out of any one of the signed in application servers. The single sign out procedure ensures the user does not inadvertently remain signed into the application servers when the user does not explicitly sign out of each signed in application server.

Abstract: In a secret information management system, a secret information management apparatus comprises a secret distribution unit which secretly distributes a data key k using a (k, n) threshold secret sharing scheme and creates n distributed keys B1, B2, . . . , Bn in the decryption of data D input from a user terminal, an encryption unit which creates n encrypted distributed keys EP1(B1), EP2(B2), . . . , EPn(Bn) using n distributed manager public keys P1, P2, . . . , Pn, and an encrypted data storage unit which stores encrypted data EK(D), an encrypted data key EPx(K) and the n encrypted distributed keys in association with each other.

Abstract: A portable storage device including a microprocessor and a secure user data area, the microprocessor operable to perform on-the-fly encryption/decryption of secure data stored on the storage device under a user password, the microprocessor also operable to exclude access to the secure user data area unless the user password is provided.

Abstract: An embodiment may include a system having a communication unit and a processing unit. The communication unit may be configured to receive an encrypted private value of a party, the encrypted private value being generated from a private value with a public-key encryption system and a public key, to send an encrypted blinded result to the party, and to receive a blinded result generated from the encrypted blinded result. The processing unit may be configured to compute a result of a function, the function having as input the private value, to blind the result of the function to generate the encrypted blinded result, and to compute the result by unblinding the blinded result.

Abstract: A multi-stage verification system including a first and second identification device to verify the identity of the user and to determine if the user is under duress. When a user approaches an entrance to a building, a first identifier is detected by the first identification device, the identifier is compared to a pre-stored identifier. If there is a match, the user inputs at least one biometric input into the second identification device. The biometric input is compares with pre-stored information in two different databases, a biometric template database and a duress indicator database. If there is a match with the duress indicator database, a silent alarm signal is transmitted to a central monitoring station and the security system is disarmed. If there is a match with the biometric template database, the security system is controlled in the intended manner.

Abstract: Even if a document file within a document management system has been transmitted outside the system by E-mail, a document management system maintains a document-file access rights equivalent to that within the document management system. The document distribution system distributes document files the access rights of which are managed by the document management system. The recipient of the document file is assumed to have access rights to the document file within the document management system. The document distribution system acquires policy information, which corresponds to these access rights, from a policy server. The document distribution system then transmits the acquired policy information and the document file to the recipient.

Abstract: A system, method, and program product is provided that initializes expected PCRs stored in a TPM by generating and storing a random number, seeding expected PCRs with the random number, inputting a set of startup code processes to a hash algorithm resulting in a set of hash values, updating the expected PCRs using the set of hash values, and saving the expected PCRs in a nonvolatile data area that is secured by the TPM. Upon reboot, the random number is retrieved from the nonvolatile data area, the PCRs are seeded with the retrieved random number, the startup code processes are input to the hash algorithm process resulting in another set of hash values, the PCRs are updated using the resulting set of hash values, and an encrypted data object is decrypted in response to the PCRs being the same as the expected PCRs.

Abstract: The present disclosure is directed to a system and method of selecting a virtual private network access server. In a particular embodiment, the method includes receiving a request from a client device to access a network resource via a virtual private network (VPN). The method also includes sending operational data related to each of a plurality of VPN access servers to the client device. The method also includes receiving a selection of one of the plurality of VPN access servers from the client device and communicatively connecting the client device with the selected one of the VPN access servers.

Abstract: Described herein are a method and system for analyzing the security of a computer network. According to various implementations, there is a device adapter associated with each device that has a significant impact on the security of the network (e.g., routers, switches, gateways, or “significant hosts”). The device adapter, which may be implemented as a piece of software executing remotely from the device, queries the device to determine what its security settings are (e.g., its firewall rules). The device adapter conducts the query using whichever form of communication the device requires (e.g., telnet, HTTP) and using whichever command set the device requires. Each type of device on the network has a software model associated with it. For example, there may be a router model, a switch model, a firewall model, and a gateway model. The model is made up of a series of rule sets. Each rule set includes rules that are derived from the configuration of the device (obtained by the device adapter).

Abstract: A secure keyboard combines a human interface device (HID), application programs stored in nonvolatile memory, and encryption technologies into a single package. Like any other keyboard, the secure keyboard communicates with a computer via a communications port. A computer can load and execute an application stored in the secure keyboard. The application, however, expects encrypted inputs. The HID inputs are encrypted before being passed to the computer and thence the application. Therefore, a secure link exists from the HID to the application. Choosing strong encryption and unique encryption/decryption keys allows applications to be keyed to a specific secure keyboard. No other keyboard can supply keyboard input to the application. The secure keyboard can be implemented as a security device that does not include a keyboard. The security device can accept HID inputs from HID devices, encrypts them, and passes them to the computer and thence the application.

Abstract: The present application relates to a data bus line to secure secrecy of digital data without a complicated exchange of hardware and decreasing processing speed.

Abstract: A system for handling an LDAP query to an LDAP server for an LDAP service comprises a client program executable on a client system and a handler program executable on a handler system. The client program is operable to generate LDAP query data corresponding to the LDAP service and provide the LDAP query data for transmission from the client system, and further operable to receive LDAP query reply data in response to the LDAP query data. The handler program is operable to receive the LDAP query data transmitted from the client system and execute the LDAP query to the LDAP server, receive LDAP query reply data from the LDAP server during one or more passes, and upon completion of the LDAP service, provide the LDAP query reply data for transmission to the client system in a single pass.

Abstract: Automated file system event tracking and reporting techniques are described in which file system events requested by a user application are intercepted and recorded prior to the request being permitted to pass to the file system for execution. Similarly, file system responses to a prior captured file system event are also intercepted and recorded. Predefined patterns of file system event may be aggregated and reported as a single event.

Abstract: A universally known and accepted unique item that is independently identifiable and difficult to counterfeit is used as an authenticator item. The identity of this item is included in an authorization calculation which can only be accomplished by an authorizing authority. The authenticator can be a serial numbered item such as a currency bill or note. The document may be created anywhere in plain paper, electronic or other forms. Creation may be by any of an issuing authority, an agent, a bearer and even the buyer. The document's authenticity may be verified without communication back to the issuing authority. The invention allows cancellation to prevent negotiation of an electronic document regardless of how many copies are extant in computers or other form merely by defacing or destroying the associated authenticator.

Abstract: A multifunction device includes a storage controlling portion for causing document data, which are to be given by a user who has logged in to a different user, to be stored in a box owned by the different user, and an access authority setting portion for granting an access authority to make access to the document data, to both of the users in the event that the document data are stored in the box and, also, for erasing the access authority, which has been granted to the user, when the user logs out. Thus, in the event that the user stores the data such as document data or the like in the box other than his or her personal box, the user can be permitted to make access to the data, while the owner of such box is warranted a high security and conveniences of data management are ensured.

Abstract: Methods of trapping electronic worms are provided. Pursuant to these methods, an electronic worm may be “trapped” such that its ability to spread is reduced or eliminated, while at the same time the worm is deceived such that it does not realize it has been trapped. In this manner, the probability that the worm enacts countermeasures that are harmful to the data and/or equipment of the infected computing devices may be reduced. Corresponding systems of trapping electronic worms are also provided.

Abstract: A personal video recording (PVR) system and method for allocating limited memory space to multiple users for recording programming content. A selected amount of storage space for storing programing content is allocated for each PVR user. Based on a storage priority protocol, such storage space allocation may change (i.e., increase or decrease) dynamically for additional PVR users. Further, the accessibility of recorded programming content by one or more PVR users and viewing thereof may be subject to different access rights accorded to the users. Based on predetermined storage access and content access protocols associated with each PVR user, certain restrictions may be placed on one or more of these users. For example, a first restriction may relate to the type of programming content that can be recorded or displayed by the PVR for specific user(s). A second restriction may limit designated users from accessing programming content that is stored but associated with another user.