Abstract: A conditioned vestibule for a cold storage doorway is provided having a trackless, bi-folding door operated by an actuator that rotates a first arm portion. The first arm portion rotates about a first end. A second arm portion is connected pivotally to a second end of the first arm portion at a hinge. The second arm portion rotates relative to the first arm portion at the hinge, in response to movement of the actuator. A door body is connected to at least one of the first and second arm portions. In one embodiment, the vestibule further includes an air curtain, including a fan that circulates air across a doorway opening across into which the first and second arm portions extend, a discharge means that discharges the air across the opening, and a return means that communicates discharged air to the fan.

Abstract: A method is presented for enforcing a privacy policy concerning management of personally identifiable information in a centralized manner through a privacy proxy agent. A proxy intercepts a message from a first system to a second system, e.g., from a server to a client, and determines whether the message is associated with an operation on personally identifiable information; if not, then the proxy sends the message to the second system, but if so, then the proxy determines whether the operation on the personally identifiable information is compliant with a privacy policy and with user preference information with respect to the privacy policy for a user who is associated the personally identifiable information. If the message is compliant with the privacy policy and user preference data, then the proxy sends the first message to the second system; otherwise, an error indication is returned to the first system.

Abstract: A method is presented for processing data for a privacy policy concerning management of personally identifiable information. A proxy intercepts a first message from a server to a client and determines that the first message initiates collection of personally identifiable information from a user of the client. The proxy then sends a second message to the client that requests consent from the user to the privacy policy. If the user provides consent within a third message that is received by the proxy from the client, then the proxy sends the intercepted first message to the client. If the user does not provide consent, then the proxy sends a fourth message to the server that fails the collection of personally identifiable information from the client by the server. The proxy may also obtain user preferences for options concerning management of the personally identifiable information by a data processing system.

Abstract: A method, system, and computer program product is presented for providing access to a set of resources in a distributed data processing system. A reverse proxy server receives a resource request from a client and determines whether or not it is managing a session identifier that was previously associated with the client by the reverse proxy server; if so, it retrieves the session identifier, otherwise it obtains a session identifier and associates the session identifier with the client using information that is managed by the reverse proxy server. The reverse proxy server then modifies the resource request to include the session identifier and forwards the modified resource request to an application server.

Abstract: A conditioned vestibule for a cold storage doorway is disclosed. The vestibule includes a frame that supports inner and outer moveable door-forming members. The vestibule also includes a heater that circulates air between the inner and outer door-forming members and a variable-speed fan that varies flow of the air between the inner and outer door-forming members. In one embodiment, the airflow from the fan increases upon the opening of the door-forming members and decreases upon the closing of the door-forming members.

Abstract: A method for establishing a secure context for communicating messages between a client and a server is presented that is compliant with the Generic Security Service application programming interface (GSS-API). The client sends to the server a first message containing a first symmetric secret key generated by the client and an authentication token; the first message is secured with the public key from the server's public key certificate. After the server authenticates the client based on the authentication token, the client then receives from the server a second message that has been secured with the first symmetric secret key and that contains a second symmetric secret key. The client and the server employ the second symmetric secret key to secure subsequent messages sent between the client and the server. The authentication token may be a public key certificate associated with the client, a username-password pair, or a secure ticket.

Abstract: A method, system, and computer program product is presented for restricting access to a set of resources in a distributed data processing system. A server determines a set of authorized resources for which a user is authorized to access; the set of authorized resources is a subset of the set of resources that are operational within the distributed data processing system. An evaluation is made about the availability of the set of authorized resources based upon state information about the set of authorized resources. A list of a set of entitled resources for the user is then generated; the set of entitled resources is a subset of the set of authorized resources. An indication of the set of entitled resources may be sent to the user, after which the system would respond to requests for the user to access the set of entitled resources.

Abstract: A method, system, apparatus, and computer program product are presented for processing cookies that are transmitted from a server through a proxy server to a client that is operated by a user. The proxy server detects that a response message from the server for the client has an associated cookie. The proxy server extracts a domain identifier associated with the server from the response message, and the proxy server retrieves a set of parameters that contain domain identifiers that are associated with indications of whether to block transmission of cookies from servers associated with the domain identifiers. The proxy server then processes the cookie in the response message in accordance with the retrieved set of parameters and the extracted domain identifier, either blocking or not blocking cookies from the identified domain. Blocked cookies are cached for subsequent use. Multiple sets of parameters may be configured by the user.

Abstract: A method is presented for performing authentication operations. When a client requests a resource from a server, a non-certificate-based authentication operation is performed through an SSL (Secure Sockets Layer) session between the server and the client. When the client requests another resource, the server determines to step up to a more restrictive level of authentication, and a certificate-based authentication operation is performed through the SSL session without exiting or renegotiating the SSL session prior to completion of the certificate-based authentication operation. During the certificate-based authentication procedure, an executable module is downloaded to the client from the server through the SSL session, after which the server receives through the SSL session a digital signature that has been generated by the executable module using a digital certificate at the client. In response to successfully verifying the digital signature at the server, the server provides access to a requested resource.

Abstract: A conditioned vestibule for a cold storage doorway is disclosed. The vestibule includes a frame that supports inner and outer moveable door-forming members. The vestibule also includes a heater that circulates air between the inner and outer door-forming members and a variable-speed fan that varies flow of the air between the inner and outer door-forming members. In one embodiment, the airflow from the fan increases upon the opening of the door-forming members and decreases upon the closing of the door-forming members.

Abstract: A system for decrypting an encrypted message comprises first and second decryption devices, the first decryption device having a higher security than the second decryption device. The system further comprises means for dividing the encrypted message into blocks, and means for providing at least the first block of the message to the first decryption device and for providing a plurality of further blocks of this message to the second decryption device. An output of the first decryption device is used as input of the second decryption device. The second decryption device operates according to a block chaining method for decrypting the plurality of further blocks.

Abstract: An integrated circuit comprises a first processing unit and a non-volatile memory for storing a key. The first processing unit is arranged to carry out a cryptographic algorithm using the stored key. The non-volatile memory comprises at least two non-volatile memory elements, each memory element storing a share of a key used in the cryptographic algorithm. Each memory element is connected to the first processing unit by an independent bus.

Abstract: A method of providing a secure communication between first and second devices is described. The method includes encrypting a random key using an encryption key at a first device and transferring the encrypted random key to the second device for encryption of data communicated from the second device to the first device. The encrypted data received from the second device is decrypted using the random key. The method typically includes transferring a control word encrypted with an encryption key to the second device for decryption, and encryption using the random key. The encrypted control word received from the second device is then decrypted using the random key. The invention extends to a method of enabling a decoder, and to a decoder, to decode a data stream. It also extends, inter alia, to a method of authenticating an enabling device and to an enabling device.

Abstract: Access to files by accessing programs, where files comprise other files, programs and data is controlled. An initial access class is assigned to each file and to each accessing program. An access class comprises an integrity access class and a secrecy access class. An integrity access class comprises rules governing modification of data contained in files and a security access class comprises rules governing disclosure of data contained in files. An integrity access class comprises a set of rules for allowing the performance of a read function, and another set of rules for allowing the performance of write/execute function. An execute function comprises transferring and chaining, where chaining comprises starting another process running at potentially different secrecy and integrity access classes. A secrecy access class comprises a set of rules for allowing the performance of a write function, and another set of rules for allowing the performance of read/execute function.

Abstract: A system for broadcasting data signals in a secure manner comprises means for encrypting the data signals using a first key, means for broadcasting the encrypted data signals to subscribers, means for decrypting the encrypted data signals at each of the subscribers using the first key, and means for encrypting the first key using a second key. The second key is different for each group of subscribers having a common interest in a type of programs. The system further comprises means for broadcasting the encrypted first key to all subscribers and means for decrypting the encrypted first key at each of the subscribers using the second key. The second key is a combination of a key common to all subscribers and a difference key which is unique per type of programs. Means are provided for encrypting the common key and for broadcasting the encrypted common key to all subscribers, the subscribers having means for decrypting the encrypted common key at each of the subscribers.

Abstract: In a method for providing a secure communication between two devices, a first device generates a random key (Ci) and transfers this key to a second device in a first message encrypted using a public key. The second device decrypts the first encrypted message by means of a corresponding secret key to obtain the random key (Ci) and this random key is used to encrypt and decrypt all transmissions between these devices. In a decoder for a pay TV system, comprising a conditional access module and a smart card, this method is applied to provide a secure communication between the control access module and the smart card and/or between the decoder and the conditional access module.

Abstract: A cryptographic key recovery system that is interoperable with existing systems for establishing keys between communicating parties. The sender uses a reversible key inversion function to generate key recovery values P, Q and (optionally) R as a function of a session key and public information, so that the session key may be regenerated from the key recovery values P, Q and (if generated) R. Key recovery values P and Q are encrypted using the respective public recovery keys of a pair of key recovery agents. The encrypted P and Q values are included along with other recovery information in a session header accompanying an encrypted message sent from the sender to the receiver. The key recovery agents may recover the P and Q values for a law enforcement agent by decrypting the encrypted P and Q values in the session header, using their respective private recovery keys corresponding to the public keys.

Abstract: In a method and apparatus for controlling the operation of a signal decoder in a broadcasting system, a broadcast signal and an encrypted signature are generated and the signature is added to the signal. The signal together with the signature is broadcasted and received in the decoder, where the signature is decrypted and compared with a verification value. If a match occurs, further operation of the decoder is allowed. If a match does not occur, further operation of the decoder is disallowed.

Abstract: A cryptographic key recovery system that operates in two phases. In the first phase, the sender establishes a secret value with the receiver. For each key recovery agent, the sender generates a key-generating value as a one-way function of the secret value and encrypts the key-generating value with a public key of the key recovery agent. In the second phase, performed for a particular cryptographic session, the sender generates for each key recovery agent a key-encrypting key as a one-way function of the corresponding key-generating value and multiply encrypts the session key with the key-encrypting keys of the key recovery agents. The encrypted key-generating values and the multiply encrypted session key are transmitted together with other recovery information in a manner permitting their interception by a party seeking to recover the secret value.

Abstract: A method and apparatus for verifiably providing key recovery information to one or more trustees in a cryptographic communication system having a sender and a receiver Each communicating party has its own Diffie-Hellman key pair comprising a secret value and corresponding public value, as does each trustee The sender non-interactively generates from its own secret value and the public value held by the receiver a first shared Diffie-Hellman key pair comprising a first shared secret value, shared with the receiver but not with any trustee, and a corresponding public value. For each trustee, the sender then non-interactively generates an additional shared secret value, shared with the receiver and the trustee, from the first shared secret value and the public value corresponding to the secret value held by the trustee. The sender uses the additional shared secret value to encrypt recovery information for each trustee, which is transmitted to the receiver along with the encrypted message.