Abstract: A method for configuring a node using a configuration server, as well as the node and the configuration server, are disclosed. The node holds a public key, a related secret key and an address of a configuration server. The node transmits the public and secret keys to the configuration server, which identifies the node by use of an identity based identification algorithm taking account of the public and secret keys. When the node has been successfully identified, the configuration server retrieves a set of configuration parameters stored for the node and transmits this set to the node. Accordingly, the node does not have to store much information. The use of identity-based identification algorithms to identify the node is advantageous regarding nodes that may have very low power/memory which might prevent them from embedding a heavy X.509 certificate traditionally used for identification or authentication purposes.

Abstract: A data transmission device for secure biometric transmission includes first and second input-output units, and a biometric identification apparatus. The input-output units electrically connect to one of the two electronic devices, respectively. The biometric identification unit is configured for electrically interconnecting the first and second input-output units, receiving a biometric input, outputting biometric data in response to the biometric input, and encrypting the biometric data to be transmitted to one of the electronic device having a storage unit.

Abstract: In a moving picture encoding apparatus, a processing load detection section detects a load and outputs load information and a video encoder judges a load level based on the load information. A start pixel in target pixels is determined depending on the load level, the evaluation value is calculated from pixels specified by the start pixel, a encoding cost is calculated based on the evaluation value to select one of prediction modes for minimizing the encoding cost. The start pixel is so selected as to exclude the pixels which are spatially neighboring to reference pixels for prediction, instead of all pixels within a 4×4 pixel block as the processing load becomes large. Thus, the picture processing amount is reducing while suppressing the deterioration of the encoding performance.

Abstract: A moving picture coding apparatus divides each frame of a moving picture into parts and assigns the parts to different coding units, which compressively code their respective parts. The coding process includes motion compensation with respect to a reference frame. Each coding unit has its own reference frame memory. To generate reference frame data, each coding unit receives, decodes, and decompresses the coded data generated by at least one other coding unit, as well as decompressing the data it has coded itself. Consequently, only ordinary coded data have to be passed between different coding units, which saves bandwidth and eliminates the need for special coding hardware and development and testing tools.

Abstract: A unified architecture for enabling remote access to a network is provided. The network may comprise, as examples, a virtual private network (VPN) and/or a peer-to-peer network. In one embodiment, the architecture includes components installed on a client device/node and a gateway/supernode. Components implemented on the client device may facilitate access in a manner similar to that of a traditional VPN, while components on the gateway may facilitate access in a manner similar to an application proxy. Communication between the client device and gateway may occur, as an example, via a Secure Sockets Layer (SSL) communication protocol.

Abstract: A distributed certificate authority includes a CA and a number of Sub-CAs (2610). The Sub-CAs have secret certificate validation data, but different data are provided to different Sub-CAs for each certificate. If a Sub-CA is compromised, the Sub-CA validity proof will be withheld by the CA to alert the verifiers not to use the data from this Sub-CA. Also, the secret data are encrypted when distributed to the Sub-CAs. A decryption key (DK.j.k) for each “partition” of time is distributed to each Sub-CA at or shortly before the start of the partition. A compromised Sub-CA can be reactivated at the end of the partition because the adversary does not get the decryption keys for the future partitions.

Abstract: A multi-factor authentication solution implements a recognizable voice in conjunction with a user address to increase login security and reduce user inconvenience. A user creates an online account, providing an address such as a telephone number or email address to which voice messages may be sent. The user selects a recognizable voice such as the user's own voice or the voice of a famous or well-known figure. When the user attempts to login to the online account, a random passphrase is generated and converted to a voice message employing the user's pre-selected voice and the voice message is sent to the user's address. The user listens to the voice message and if the user recognizes the voice rendering the passphrase the user's login request is granted.

Abstract: A digital television receiving system includes a frame encoder, a data randomizing and expanding unit, a group formatter, a block processor, a deinterleaver, and a multiplexer. The frame encoder encodes an enhanced data frame for error correction. The data randomizing and expanding unit randomizes the encoded enhanced data and expands the randomized enhanced data. The group formatter forms a group of enhanced data having head, body, and tail regions and inserts the expanded data and transmission parameters into the body region. The block processor codes the group of enhanced data, and the deinterleaver deinterleaves the coded enhanced data. The packet formatter formats the deinterleaved enhanced data into enhanced data packets.

Abstract: An information processing apparatus has a decrypting part configured to receive decrypting key information from a managing apparatus which manages the decrypting key information for decrypting information to decrypt the information; a monitoring part configured to communicate with the managing apparatus, after the decrypting until the information is encrypted again, and a terminating part configured to terminate processing carried out on the information, when the monitoring part cannot receive a predetermined response from the managing apparatus.

Abstract: A target software system is instrumented to generate behavior data representing a current observation or observation aggregate. A method then determines whether the current observation or observation aggregate warrants a second level examination; preferably, this determination is made by processing the current observation or observation aggregate through a first level detection algorithm that provides a provisional indication of a possible intrusion. If executing the first level detection algorithm indicates that the current observation or observation aggregate warrants a second level examination, the method continues by processing the current observation or observation aggregate through at least one second level detection algorithms to provide a more definite, fine grain indication of a possible intrusion.

Abstract: A secure authentication process detects and prevents phishing and pharming attacks for specific web sites. The process is based on a dedicated secure hardware store for user sign-in credentials, a database of information about specific web sites, and a private secure browser. All user web activity is monitored by an agent program. The agent program checks to make sure that user attempts to send any sign-in credentials stored in secure hardware store of user sign-in credentials, to any web site accessed by the user, is allowed only if the IP address of the web site accessed by the user matches at least one of the IP addresses stored web site database associated with the sign-in credential the user is attempting to send. The process also detects mismatches between a URL and the actual IP address of the web site associated with the URL.

Abstract: A multimedia coding system has different picture qualities with different coding characteristics. It is done through a scaleable fractional motion estimation (FME) in H.264 and a block size trend prediction FME. Three quality levels are thus obtained. The first level processes a complete calculation and obtains a best picture; the second level, fewer calculation with a low power consumption and an acceptable picture quality; and the third level, fewest calculation with a fastest speed. And the present invention is suitable for hardware design to obtain a high efficiency, a low cost and a high performance.

Abstract: Some demonstrative embodiments of the invention relate to a method, device and system of database security. One demonstrative embodiment of the invention includes an intrusion detection sensor to scan transactions on a database, and generate an event based on a detection profile. Other embodiments are described and claimed.

Abstract: As various applications of wireless ad hoc network have been proposed, security has become one of the big research challenges and is receiving increasing attention. The present invention provides for a distributed key management and authentication approach by deploying the recently developed concepts of identity-based cryptography and threshold secret sharing. Without any assumption of pre-fixed trust relationship between nodes, the ad hoc network works in a self-organizing way to provide the key generation and key management service, which effectively solves the problem of single point of failure in the traditional public key infrastructure (PKI)-supported system. The identity-based cryptography mechanism provided not only to provide end-to-end authenticity and confidentiality, but also saves network bandwidth and computational power of wireless nodes.

Abstract: A data decryption apparatus that decrypts encrypted data, includes a first data-receiving unit that receives a first data set, in which information on an encryption specification is embedded, through a first communication path; a time-information obtaining unit that obtains time information on a reception of the first data set by the first data receiving unit; a time-information storage unit that stores the time information with the information on the encryption specification associated therewith; a second data-receiving unit that receives a second data set through a second communication path, the second data set being encrypted based on the encryption-specification and appended by time information on performing data encryption; and an encryption-specification selecting unit that selects an encryption specification for use in decryption of the second data set based on the time information stored in the time-information storage unit and the time information appended to the second data set.