Abstract: A locking programming interface (LPI) which prevents piracy of device-related user software. An LPI Code is generated from a variety of different parameters, including a software product ID, a Production Key, and a number of device-specific parameters for the device that the user software supports. The LPI Code is burned into a memory of the device using a Production Utility process which utilizes the Production Key supplied by the software manufacturer. When the user software is installed in a host machine such as a user's computer system, the software performs basic device validation and then validates the LPI Code burned into the device against codes embedded into the user software.

Abstract: A system, method, service method, and program product for defining and/or managing entitlements and/or authentication entitlements to resources in a computer networking environment is disclosed. Upon receiving one or more dynamic events, the invention verifies one or more users (a selected user) has (entitlement) attributes that satisfy one or more access criteria to access one or more resources. The invention then permits and/or provides access to one or more resources for the selected user over one or more networks without revealing the identity of the selected user to the resource provider.

Abstract: A method and system for tracking electronic information includes the steps of: encrypting an electronic file stored on a hardware storage device; attaching or incorporating with the file a standalone executable program that implements a request for a decryption key accompanied by tracking information when an attempt is made to access the file; verifying the tracking information by a central processing unit; if the tracking information is verified as acceptable, providing the decryption key; and if the tracking information is not verified as acceptable, modifying the file to include a record of the failed attempt to access the file and the tracking information, and storing said modified file on the hardware storage device.

Abstract: A system for transmitting encrypted data. A plurality of nested communication links are communicably connected to a network. Each communication link includes an originating node and a terminating node which are adapted to route a transmission therebetween. Transmissions between the originating node and the corresponding terminating node of the outermost communication link is routed through at least one inner communication link. The originating node of the outermost communication link generates a transmission having a data part and a first header part, both in an encrypted format, and routes the transmission to the corresponding terminating node. The originating node of an inner communication link modifies the transmission by removing unencrypted references to other communication links; adding a second header part in an encrypted format, and routing the transmission to the corresponding terminating node, where the second header part is decrypted and the transmission is rerouted to an outer communication link.

Abstract: A method and system for dynamically protecting against exploitation of a vulnerability is provided. The dynamic protection system identifies the security level of an instance of an application that is to execute on a computer system. If the security level of the instance of the application is not appropriate, the dynamic protection system places a limitation on the execution of the instance of that application.

Abstract: A method and apparatus optimizes the protection of computing networks. This protection utilizes attenuated (weakened) strains of live, replicating, malicious code such as viruses and worms, analogous to the development of live, attenuated, human vaccines in the medical field. In a preferred embodiment, this is achieved by (1) attenuating a malicious program, e.g. a virus or worm, or software vulnerability by limiting its virulence, i.e., limiting its damage and resource usage, (2) modifying the virus to confer immunity on the network that it infects, e.g., automatically patching a vulnerability, or marking the infected host as immune to further infection, (3) releasing the newly attenuated virus into the network, (4) tracking the attenuated virus and its success rate (e.g., rate and ratio of successfully patched to un-patched vulnerable hosts), and (5) limiting the spread of the virus vaccine, e.g.

Abstract: An interface for facilitating facsimile transmission via a wireless communications device operatively connected to a wireless communications network, including: a modem suitable for being communicatively coupled to a facsimile machine; a controller coupled to the modem; and, a memory operatively coupled to the controller. The interface includes code to cause the modem to transmit a retrain request to the facsimile machine upon expiration of a given temporal period. The interface includes a circuit for selectively generating a ring signal corresponding to a plain old telephone service ring signal. The interface includes a circuit for selectively generating a hold signal corresponding to a plain old telephone service hold signal. And, the circuit includes code to cause the modem to transmit data indicative of white lines to the facsimile machine upon expiration of a given temporal period.

Abstract: Methods and apparatuses for preconscious security feedback. In one aspect, a method for secure communication includes: displaying a first visual cue to indicate presence of security measure for communication while an operation for a secure communication transaction is in progress; and playing a first audio cue to indicate the presence of security measure for communication while the operation for the secure communication transaction is in progress. In one embodiment, the visual and/or audio cues used provide preconscious feeling of security based on familiarity and/or historical associations to security in particular cultures.

Abstract: An improved system, apparatus, and method for securing a network using MAC address filtering is provided. Advantageously, the present invention does not require that a client computer be powered on, and instead provides an efficient user interface for displaying a requestor's MAC address and for allowing or denying the device with an associated MAC address access to the network. Parameters per allowed MAC address may also be provided.

Abstract: Methods and apparatus that may be utilized in systems to reduce the impact of latency associated with encrypting data on non-encrypted data are provided. Secure and non-secure data may be routed independently. Thus, non-secure data may be forwarded on (e.g., to targeted write buffers), without waiting for previously sent secure data to be encrypted. As a result, non-secure data may be made available for subsequent processing much earlier than in conventional systems utilizing a common data path for both secure and non-secure data.

Abstract: A biometric system (10) for assisting a user in providing a biometric reading is described. The system (10) comprises: a biometric capture unit (12) for capturing biometric data from a user; and feedback means (30) for providing the user with an indication of the extent to which a measurement has been captured. The feedback means (30) may be implemented by a display, a loudspeaker (508), or both. The system may also include anonymizing means (66) for providing the feedback means (30) with an anonymized version of the data measured from the biometric capture unit (12).

Abstract: Facilitating communication using a digital signature includes: receiving user input data (UID); generating a first key as a deterministic function of the UID; clearing the UID; generating a second key as a deterministic function of the first key; clearing the first key following generation of the second key; and exporting the second key. Neither the UID nor the first key is exported. Thereafter, a digital signature is generated by again receiving the UID; regenerating the first key using the deterministic function and the UID; clearing the UID; generating a digital signature as a function of the regenerated first key; clearing the regenerated first key following generation of the digital signature; and exporting the generated digital signature.

Abstract: A conditional access overlay system utilizing partial encryption without requiring additional program identifiers. The conditional access overlay system generates duplicate critical packets for separate encryption that are sent using the same packet identifier. The rest of the content stream is sent in the clear. However, these duplicated packets are sent without incrementing a continuity counter relative to one another. The overlay packets with non-incremented continuity counter are sent as the second packet immediately following the original critical packet. At the receivers, the incumbent set-top will use the first of the two encrypted packets while the overlay set-top is programmed to use the second of the two encrypted packets. Therefore, methods for verifying alignment of associated packets may be used to distinguish between multiple encryption methods in conditional access overlay systems.

Abstract: An illegal communication detector that is mounted in a communication path between external devices and a protection-targeted device to monitor contents of communications delivered to the protection-targeted device, the illegal communication detector including: a recording unit that records at least part of information transmitted from the external devices to the protection-targeted device; a determination unit that regards one of the external devices as a device of interest; and a communication control unit that detects, if the determination means conclude that at least part of the recorded information complies with the predetermined illegal communication standard rule, that the contents of communication are derived from an illegal communication, and performing a predetermined process concerning the communication with the device of interest.

Abstract: A data encryption apparatus operable to apply encryption to input data having at least a format identifying portion and a payload portion comprises means for discriminating between the format identifying portion of the input data and the payload portion of the input data; and means for selectively applying encryption to the input data in dependence upon an output of the discriminating means so as to encrypt at least a part of the payload portion of the input data but not to encrypt the format identifying portion. A corresponding decryption apparatus is also provided.

Abstract: A multimedia output device having embedded encryption functionality enables the outputting of content in an encrypted form. The multimedia output device receives the content to be encrypted, encrypts the content, and generates an electronic output of the encrypted content. The multimedia output device also generates an associated paper output that provides information about the decryption, such as a key, an identification of the electronic output of the encrypted content, and optionally a description of the contents of the content encrypted.

Abstract: A system to monitor, detect and analyze chemical, radiation and/or biological threats. The system includes a plurality of sensors, wherein each sensor gathers data on chemical, radiation or biological agents. A central processing unit is in communication with sensors analyzes sensor collected data. A transmission system transmits data in the form of alerts from each central processing unit by secure, encrypted packets over a network.

Abstract: In one embodiment, a protected process is monitored by one or more watchdog processes. Upon detection that the protected process has been abnormally terminated, the watchdog processes may initiate actions to identify and/or terminate one or more malicious processes terminating the protected process. For example, the watchdog processes may inject a detector in processes running in the computer. The detector may listen for an activity that would terminate the protected process, and report such activity to the watchdog processes. The watchdog processes may be configured to terminate malicious processes identified as abnormally terminating the protected process. Thereafter, the watchdog processes may restart the protected process.

Abstract: The suitability of a service provider for performing a task having a sensitivity level is gauged by using a trust level associated with the provider, in conjunction with the sensitivity level, to gauge whether or not to allocate the task to the service provider.

Abstract: A CPU is provided with an ability to modify its operation in accordance with an encryption key. When a program is compiled, the program is modified in order that execution may be performed with the CPU with its operation modified. In order to execute program instructions, the buffer interdependencies must match that expected by the compiler. This makes analysis of the program operation extremely difficult. The instruction buffer on a keyed microprocessor contains logic which is able to route a subset of the instruction bits on the microprocessor. This selects destination logic gates in the microprocessor which eventually reach a programmable instruction decoder and an instruction buffer interdependency checking logic block.