Abstract: We present technology that allows layman computer users to simply create, provision, and maintain secured infrastructure—an instant PKI. This technology can be used in a wide variety of applications including wired and wireless networks, secure sensor networks (such as medical networks), emergency alert networks, as well as simply and automatically provisioning network devices whether secure or not.

Abstract: One embodiment of the present invention provides a system that uses a portable security token to facilitate public key certification for a target device in a network. During system operation, the portable security token is located in close physical proximity to the target device to allow the portable security token to communicate with the target device through a location-limited communication channel. During this communication, the portable security token receives an authenticator for the target device, and forms a ticket by digitally signing the authenticator with a key previously agreed upon by the portable security token and a certification authority (CA). Next, the portable security token sends the ticket to the target device, whereby the target device can subsequently present the ticket to the CA to prove that the target device is authorized to receive a credential from the CA.

Abstract: A system is provided to facilitate tag-based organization of documents. During operation, the system receives an original user query. The system extends the query to include documents with an IN-tag and exclude documents with an OUT-tag. The system then performs a search based on the extended query to indicate a collection of documents which satisfy the extended query. The system further allows a user to add a document to the collection of documents or remove a document from the collection of documents. Next, the system modifies a tagging property of the document.

Abstract: A system is provided to facilitate content dissemination. During operation, the system allows a user to add a tag to a first document, wherein the tag indicates an operation to be performed on a portion of the document. The system then processes the tag and performs the operation on the document portion based on the tag.

Abstract: We present technology that allows layman computer users to simply create, provision, and maintain secured infrastructure—an instant PKI. This technology can be used in a wide variety of applications including wired and wireless networks, secure sensor networks (such as medical networks), emergency alert networks, as well as simply and automatically provisioning network devices whether secure or not.

Abstract: A method of providing secure communications over a network includes receiving, at a receiving computer, a public key of a sending computer, and a hash of a sending random number over a first communication channel, transmitting, from the receiving computer, a public key of the receiving computer and a receiving random number provided by the receiving computer over the first communication channel, and receiving, at the receiving computer, the sending random number provided by the sending computer over the first communication channel.

Abstract: A token has a memory, an interface allow connection to a host, and a processor. The processor, in response to user input for configuring a remote access connection, executes a first set of processing instructions to establish a trusted connection with the server host, exchanges credentials over the trusted connection to establish a secure connection with the server host over an untrusted connection, and defines configuration information for accessing user selected data or services.

Abstract: An electromagnetic tag includes a communication component, which includes an optical transmitter/emitter that transmits/emits optically encoded information.

Abstract: A method for establishing a secondary communication channel between at least two computing devices over a network medium through use of a primary channel connects a first computing device with a first telephonic unit and a second computing device with a second telephonic unit. If the two telephonic units are in communication with each other over a primary channel, and communication channels are established between the computing devices and their respective telephonic units, then the first computing device transmits its location information to the second computing device over the primary channel. A connection is then established between the second computing device and the first computing device over a secondary communication channel.

Abstract: A system, method and article of manufacture are provided for pricing a cryptographic service. A request for a cryptographic service is received. An identification is made of one or more of a computational burden required to perform the cryptographic service, a privacy level of the cryptographic service, and/or a speed of performing the cryptographic service. A price of the cryptographic service is determined based on the computational burden, privacy level, and/or speed. A method is also provided for pricing a cryptographic service based on a compactness of a cryptographic message. A request for encrypting a message is received. The message is encrypted and is also compressed during the encryption. An amount of compression of the message is determined. A price of the encryption is determined based on the amount of compression.

Abstract: A method for securing human to human communication over a network includes receiving, by a first computer, an incoming authenticated data stream from a second computer over a first communication channel, the incoming authenticateed data stream having been computed using an incoming digital experiential data stream and a first imprint, and extracting the first imprint from the incoming authenticated data stream. The incoming authenticated data stream is then presented for sensory experience by a human. An outgoing digital experiential data stream is then input and the method computes a second imprint associated with the first computer and computes an outgoing authenticated data stream using the outgoing digital experiential data stream and the second imprint. A second communication channel is then secured from the first computer to the second computer using the first imprint, the second communication channel suitable for sending the outgoing authenticated data stream to the second computer.

Abstract: A system and method for implementing data transfer security mechanisms. The method includes a first component transferring a data type handler object to a second component. The second interface invokes an interface accessible through the date type handler object which includes instructions that are executed by the second component to implement a data transfer security mechanism. Further, the data type handler interface can be encrypted, include cryptographic keys, and/or include digital signatures.

Abstract: One embodiment of the present invention provides a system that facilitates access to encrypted data on a computing device based on a security-posture of the computing device. During operation, the system assesses the security-posture of the computing device upon which the encrypted data is stored. If the assessed security-posture meets specified criteria, the system provides the computing device with a key which enables the computing device to access the encrypted data.

Abstract: We present technology that allows layman computer users to simply create, provision, and maintain secured infrastructure—an instant PKI. This technology can be used in a wide variety of applications including wired and wireless networks, secure sensor networks (such as medical networks), emergency alert networks, as well as simply and automatically provisioning network devices whether secure or not.

Abstract: Authentication information is generated for a group where members within a group are able to communicate with each other, but a non-members is not able to participate in that communication. The authentication information provides the determination of whether the member belongs to the group.

Abstract: One embodiment of the present invention provides a system that uses a portable security token (PST) to facilitate cross-certification between a first certification authority (CA) and a second CA, wherein the first CA and associated subscriber devices constitute a first public-key infrastructure (PKI) domain, and wherein the second CA and associated subscriber devices constitute a second PKI domain. During operation, the system uses the PST to transfer certification information between the first CA and the second CA, wherein the PST communicates with the first CA and the second CA through a location-limited communication channel. Next, the system uses the certification information to issue a cross-certificate to the first CA. Note that the cross-certificate is signed by the second CA.

Abstract: A system, method and article of manufacture are provided for affording a cryptographic service utilizing a server on a network. Initially, a client is identified utilizing the network. A first key is established, and a tunnel is generated on the network. Thereafter, information is received at the server from the client utilizing the tunnel. Such information is encrypted by the client using the first key. At the server, cryptographic work is performed using the first key.

Abstract: A system, method, and article of manufacture are provided for pricing a cryptographic service on a network utilizing one or more cryptoservers. A request for a cryptographic service is received from a user utilizing a network. The request is received by a cryptographic service provider. A contract is generated based on a variable pricing scheme in response to the request. The contract is sent from the cryptographic service provider to the user utilizing the network. A method is also provided for auditing a security provision on a network utilizing a cryptoserver. A cryptographic key is obtained such as by obtaining it from a trusted source or generating the key. A plurality of users are allowed to request that a cryptoserver use the cryptographic key to sign a message in violation of a security provision. It is determined whether the cryptoserver signed the message in response to the request.

Abstract: A document server residing on a network behind a firewall provides secure access to documents or services residing thereon. A first user outside the firewall communicates with the document server over an established first secure session to generate a token in a database of tokens on the document server. The first user digitally signs the public key of a second user and an identifier of the token. The first user transmits a URL token to the second user that identifies the location of the document server and the token identifier. When the second user outside the firewall redeems the URL token at the document server, the document server and the second user establish a second secure session. The document server authenticates the URL token against the second secure session before providing the second user with access to the document or service.

Abstract: A system, method and article of manufacture are provided for secure operation of a network device. A digital certificate is assigned to a network user. A command for operation of a network device and the digital certificate are received from the network user. A cryptographic key stored in the network device is utilized to authenticate the digital certificate of the network user. Operation of the network device is enabled if the digital certificate of the network user is authenticated. According to another aspect of the present invention, a system, method and article of manufacture are provided for secure identification of a network device. A digital certificate is assigned to a network device. A command for operation of the network device is received from a network user. The digital certificate is sent to the network user. The network user utilizes a cryptographic key to authenticate the digital certificate of the network device.