Abstract: Sensor device times can vary and may be set significantly wrong. In one embodiment, the present invention can adjust a sensor's time by receiving a raw security event from a sensor device, determining whether a timestamp included in the raw security event is within a timerange around a time known by the agent, determining whether a time offset is in a non-initialized state, and determining whether to adjust the timestamp by applying the time offset to the timestamp, the determination being based on whether the timestamp included in the security event is within the timerange around the time known by the agent and whether the time offset is in a non-initialized state.

Abstract: Objects on application servers are distributed to one or more application servers; a user is allowed to declare in a list which objects residing on each application server are to be protected; the list is read by an interceptor; responsive to exportation of a Common Object Request Broker Architecture (“CORBA”) compliant Interoperable Object Reference (“IOR”) for a listed object, the interceptor associates one or more application server security flags with interfaces to the listed objects by tagging components of the IOR with one or more security flags; and one or more security operations are performed by an application server according to the security flags tagged to the IOR when a client accesses an application server-stored object, the security operations including an operation besides establishing secure communications between the client process and the server-stored object.

Abstract: Methods and systems for controlling the distribution of digital content are provided. A license holder acquires protected content and an original digital license to the protected content from a content provider system. The license holder in turn delegates all or part of the grants in that original license to other qualified devices or clients. The content remains in its original, protected or encrypted form while it is delivered from the license holder to the client along with a digital sublicense that the client receives from the original license holder, whereupon the content can then be rendered. The original digital license defines or governs the conditions under which such delegation occurs, and includes terms under which such delegation is permitted to continue in order to enforce the intent of the content provider.

Abstract: A system and method that establishes a network node containing public and private information related to a plurality of geographic zones or ZIP Codes; receives a request from a user to access the node (1004); enables the user to view the information related to a zone; receives a user selection of private or public informaton (1008). If private information is selected, determines whether the user is a resident of a geographic area corresponding to the zone (1016); and modifies the user information contained in the node for the zone in response to a user request, it is determined that the user resides in the geographic area corresponding to the zone. If the public information is selected (1010), in response to the user's request, searches the public information (1012) and providing the user with general information relevant to the zone (1012).

Abstract: In some embodiments of the present invention, a method and apparatus to perform at least one of a confidentiality algorithm and an integrity algorithm comprising an output from a partial KASUMI block cipher.

Abstract: This invention relates generally to a method and apparatus, as implemented by a software program on a computer system, for digitally producing counterfeit-deterring scrambled or encoded indicia images. This method and system are capable of combining a source image with a latent image so the scrambled latent image is visible only when viewed through a special decoder lens. The digital processing allows different latent images to be encoded according to different parameters. Additionally, latent images might be encoded into single component colors of an original visible image, at various angles from each other.

Abstract: An information recording and/or reproduction processing apparatus is provided. The information recording and/or reproduction processing apparatus is provided by which additional information such as copy protection information is recorded as encrypted data on an information recording medium and also a cryptographic key is recorded such that the difficulty in analysis thereof is promoted. Where additional information such as copy protection information is encrypted and recorded and also a cryptographic key for the encrypted additional information is recorded together, a seed is generated based on an error correction code set corresponding to the additional information. Then, a scrambling or bit position conversion process in which random numbers generated based on the seed are applied is executed for the cryptographic key data, and resulting cryptographic key data is recorded on an information recording medium.

Abstract: A biometric apparatus for biometrically securing access to an electronic system is disclosed. Such an apparatus can be configured to include a hardware unit having an input area integrated therein for inputting at least one biometric attribute. The hardware unit can communicate with an electronic system, such as, for example, a building, a computer, a computer network, wireless network, ATM machine, electronic database, etc. A display area can be integrated with the hardware unit, wherein the display area displays data which prompts a user to input to the input area one or more biometric attributes randomly selected from a user profile containing biometric attributes of the user. A biometric module can also be associated with the hardware unit, wherein the biometric module permits the user to perform a user-desired activity, if one or more biometric attributes input by the user via the input area matches at least one biometric attribute randomly selected from the user profile.

Abstract: According to one embodiment, a method is disclosed. The method includes generating a link key at a secure component within a first personal area network device and injecting the link key into a protocol stack component database within the first device. The link key may further be transmitted to a second device. Other embodiments are described and claimed.

Abstract: In a data processing apparatus that switches between a secure mode and a normal mode during execution, the secure mode allowing access to secure resources to be protected, the normal mode not allowing access to the secure resources, when the secure resources increase in the secure mode, the load on a protection mechanism for protecting the resources becomes large. Thus, there is a demand for data processing apparatuses that are able to reduce secure resources. The present invention relates to a data processing apparatus that stores therein a secure program including one or more processing procedures which use secure resources and a call instruction for calling a normal program to be executed in a normal mode. While executing the secure program, the data processing apparatus calls the normal program with the call instruction and operates according to the called normal program.

Abstract: A method of joining a first device to a radio communications network controlled by a second device without contemporaneous user input of a secret at the second device, including: storing in the second device a secret generated at the second device; making the stored secret available in the first device; and creating in the first device and in the second device, using the secret, a secret key for use in securing communication between the first and second devices.

Abstract: Techniques for autonomous policy discovery are provided. Machines have personality profiles. The personality profiles permit machines to request advice from different machines having similar personality profiles. This facilitates automatic and autonomous discovery of policies for detected events and facilitates autonomous processing of actions, which are processed in response to the discovered policies. Furthermore, the personality profiles allow administrators to monitor and to dynamically alter policies associated with the machines.

Abstract: An encrypted communication system, capable of performing processing with the speed higher than the conventionally achieved speed, includes an encryption device and a decryption device sharing parameters that satisfy p=3 and q=2^k (k: an integer of 2 or greater). The decryption device generates a public key and a private key using the parameters, the encryption device encrypts a plain text using the public key, and then, the decryption device decrypts the encrypted text using its own private key.

Abstract: An apparatus, system, and method for establishing a reusable and reconfigurable trusted connection within a trusted context. The invention enhances interoperability with any existing authentication methods including the Kerberos, the DCE, and a combination of a user name and a password. The present invention includes common interfaces in a database driver for a middleware server to obtain a trusted connection. The invention enhances trusted context interoperability by allowing different types of trusted connections such as a normal connection, a pooled connection, or even a distribution transaction connection. The database driver generates unique identifiable information once a trusted connection is authenticated that can be utilized to reuse and reconfigure the trusted connection without re-authentication.

Abstract: One embodiment of the present invention provides a system that facilitates adjusting an audit state in a computing environment. During operation the system receives a key from a third-party at an audit system. Note that the key is associated with a corresponding audit-control profile. Next, the system validates the key, thereby authenticating the third-party. The system then identifies the audit-control profile that is associated with the key provided by the third-party. Finally, the system audits the target system in accordance with the corresponding audit-control profile.

Abstract: The cryptographic method is used in transactions for which a first entity generates, by use of a private RSA key, a proof verifiable by a second entity by use of a public RSA key associated with said private key. The public key includes an exponent and a modulus. The first entity generates a first element of proof by a calculation that can be performed independently of the transaction, and a second element of proof related to the first element of proof and which depends on a common number shared by the first and the second entities specifically for the transaction. The second entity verifies that the first element of proof is related, modulo the modulus of the public key, to a power of a generic number, with an exponent equal to a linear combination of the common number and of a product of the exponent of the public key by the second element of proof.

Abstract: Virus detection modules (120) execute virus detection techniques on clients (110) to check for the presence of computer viruses in data and also communicate with a software server (116). A constraints module (320) specifies constraints on the application of certain virus detection techniques. An administrator uses the software server (116) to release (514) a virus detection technique and an associated constraint to the clients (110). The clients (110) execute the technique subject to the constraint, and report the results to the software server (116). The administrator uses the constraint and reported results to determine (518) whether the technique is causing false positive virus detections. If necessary, the administrator modifies (520) the technique to reduce the false positives and/or modifies (524) the constraint to cause the technique to execute more frequently. The constraints allow the administrator to detect false positives without inconveniencing most clients (110).

Abstract: An information processing apparatus has an authentication & key exchange unit, a contents receiver, a contents decryption unit and a contents confirmation request unit. The authentication & key exchange unit performs authentication & key exchange processing by using a given protocol with the communication apparatus and generates a first key shared with the communication apparatus. The contents receiver receives encrypted contents obtained by encrypting the contents with a second key generated by using the first key and the key information, and the key information attached to the encrypted contents. The contents decryption unit decrypts the encrypted contents by using the first key and the key information. The contents confirmation request unit instructs the communication apparatus to transmit or confirm the key information held by the communication apparatus, when the contents decryption unit decrypts the contents based on the second key firstly generated by using the first key.

Abstract: An access management system includes an access administration apparatus which permits access to a database when the access request satisfies an access permission condition, and a policy determination apparatus which determines whether the access permission condition is satisfied by the access request; in which the access administration apparatus stores decision information containing a decision as to whether the access permission condition is satisfied, determines that the access request satisfies the access permission condition if the decision information has a predetermined inclusion relation with the access request, receives a decision as to whether the access permission condition is satisfied by the access request from the policy determination apparatus if it is determined that the decision information does not have the inclusion relation with the access request, and permits access to the database if it is determined that the access request satisfies the access permission condition.

Abstract: According to one embodiment, a digital stream, inclusive of an Internet Protocol (IP) datagram, is transmitted to a digital device. IP datagram comprises an IP header and a body segmented including a plurality of packets in an MPEG format such as MPEG-2 or MPEG-4 for example. The plurality of packets comprises (i) a first packet including a payload having content and a header that comprises a first packet identifier to indicate a type of the content contained in the payload of the first packet, and (ii) a second packet including a payload and a secondary packet identifier to indicate that its payload includes content duplicative of the content contained in the first packet. The second packet precedes the first packet in the digital stream. Upon detecting the presence of duplicative content, the duplicative content is recovered, but the content contained in the payload of the first packet is disregarded.