Abstract: A first key is generated at a server from contents information of contents data to be distributed. A second key is generated at the server from a variable parameter, a H/W key ID, and the first key, and then the generated second key is sent to a user terminal. From the variable parameter, the H/W key ID, and the second key, the first key is decrypted at the user terminal. The contents data to be distributed is encrypted by using the first key at the server. The encrypted contents data is sent to the user terminal. The encrypted contents data is decrypted at the user terminal by using the decrypted first key.

Abstract: A method and apparatus which protects software against unauthorized use which is bound to at least one certain hardware device. The hardware device includes unique hardware identification sequences like unique hardware numbers/addresses, serial numbers or other embedded hardware characterization sequences. A special license key has to be passed to the software at the first activation. The license key contains among other things encrypted hardware identification sequences which are compared with the read out sequences of the accessible hardware devices. The use of the software features is permitted if the sequences match.

Abstract: The memory card is comprised of memory that stores a username and password for each respective network address or universal resource locator (URL). The information is encrypted to preclude unauthorized access to the memory. A controller controls operation and access to the card. A bus interface couples the card to various buses, such as a universal serial bus. When the card is attached to an electronic device that is accessing a particular URL, the consumer enters the password or other unlock request information. Once the unlock request is validated, the username and password associated with that particular URL is transmitted to the browser on the electronic device that is requesting the information.

Abstract: In a media protection system and method, an original media item is encrypted before it is distributed. A digital encryption key for the media item is stored on the consumer's personal smart token. To play the media item, the user inserts the media item into his player along with his smart token, and the digital encryption key is extracted by a hardware decryption module (HDM) in the player (or host device), and is used to determine that the decryption key is linked to the HDM. Once that determination is made, the HDM decrypts the media item as it is played. The HDM provides a USB or other standard interface between a plug connected to the player (or host device) and a socket which receives the smart token. The HDM comprises a decryption processor, a control processor, an internal memory, an external interface, and a memory element, such as a read-only memory (ROM). The HDM is implemented as a self-contained, tamperproof subsystem of the media protection system with which it is associated.

Abstract: The invention concerns a process to protect a vulnerable software working on a data processing system against its unauthorized usage using a processing and memorizing unit. The process comprises defining: 1) a set of dependent functions whose dependent functions are liable to be executed in a processing and memorizing unit 2) a set of triggering commands, said triggering commands being liable to be executed in the data processing system and to trigger the execution in a processing and memorizing unit, of the dependent functions 3) for each triggering command, an order 4) a method of renaming of the orders 5) restoring means designed to be implemented in a processing and memorizing unit during a usage phase, and enabling to restore the dependent function to execute, from the renamed order.

Abstract: Processing information in an electronic device is carried out by at least one processing block for controlling the operation of the electronic device, and a memory. At least a first private key is used for processing information. At least a protected mode and a normal mode are established in the processing block. Part of the memory can be accessed only in said protected mode. At least said first private key is stored in the memory that is accessible in said protected mode.

Abstract: The present invention provides a self-decoding type encrypted file which can be decoded with encrypted data received from a transmitting side even when a receiving side has no decoding software, and its utilization method. According to the self-decoding type encrypted file and the utilization method thereof, the self-decoding type encrypted file is generated which integrally retains a decoding execution program for decoding the encrypted information together with encrypted data; the file is transmitted from a transmitting side PC; and on a receiving side PC, legal personal identification information is entered, whereby the encrypted data associated with the self-decoding execution program is decoded to extract data. Therefore, even when a decoding program is not installed in the receiving side PC, the encrypted data can be decoded by the self-decoding execution program retained integrally with the encrypted information.

Abstract: The invention provides a transparent encryption infrastructure which allows the user to point-and-click on columns and tables to encrypt data. The creation of triggers and views are also easily implemented, to encrypt and decrypt data, to manage the encryption keys and to grant and revoke access to a column. Public and private key pairs are hashed and encrypted with a valid password. The process or encryption starts by creating a randomly generated symmetrical key, encrypting the symmetrical key with the private key for each user authorized to decrypt the data, and storing the encrypted symmetrical key, along with the user's name and the column name, in the database.

Abstract: The present invention is directed toward using patterns in APDU to perform identification data substitution. According to one or more embodiments of the present invention, a user inserts a smart card into a card reader connected to a client computing device. Then, the user enters a PIN. The PIN is embedded into an APDU which is sent to the card reader and is presented to the smart card. The APDU contains special patterns that specify to the card reader where and in what format the PIN should be embedded into a prototype APDU that is constructed in the card reader and presented to the card for verification.

Abstract: The problem of providing and interacting with a number of different security mechanisms in a clustered data processing environment is solved by providing a Mechanism Abstract Layer which presents a consistent interface to applications running on the various nodes within the cluster. Mechanism Pluggable Modules are provided for each security mechanism that one wishes to employ. The Pluggable Modules provide a mechanism for mapping individualized security mechanism parameters through an interface with the Mechanism Abstract Layer. This provides a consistent interface for applications running on the nodes and it also avoids costly adaptations that would otherwise be necessary to accommodate new security mechanisms or variations in prior security mechanisms.

Abstract: A method, program, and system for receiving personal identification information by means of a telecommunication device are provided. The invention comprises sending a communication transmission, and concurrent with receiving the communication transmission, sending a second transmission, wherein the second transmission contains personal identification information about the party sending the communication transmission. This personal identification information is independent of the identity of the device used to send the communication transmission and may include such information as name, telephone number, business name, address, email, and fax.

Abstract: Methods, systems, and computer program products are disclosed for protecting the security of resources in distributed computing environments. The disclosed techniques improve administration and enforcement of security policies. Allowed actions on resources, also called permissions, (such as invocations of particular methods, read or write access of a particular row or perhaps a particular column in a database table, and so forth) are grouped, and each group of permissions is associated with a role name. A particular action on a particular resource may be specified in more than one group, and therefore may be associated with more than one role. Each role is administered as a security object. Users and/or user groups may be associated with one or more roles. At run-time, access to a resource is protected by determining whether the invoking user has been associated with (granted) at least one of the roles required for this type of access on this resource.

Abstract: Challenge-response and probative methods together or independent of each other enable detection of devices participating in denial of service (DOS) and distributed DOS (DDOS) attacks upon a network resource, and upon identification of devices participating in attacks, minimize the effect of the attack and/or minimize the ability of the device to continue its attack by placing the attacking devices in a state of reduced or denied service.

Abstract: An apparatus and method for providing access rights information on computer accessible content are provided. The apparatus and method provide a mechanism through which access rights information is provided in association with information and content such that use of the information and content is controlled based on the access rights information. The apparatus and method include access rights information tags being associated with information and content to control access to the content. In alternative embodiments, the access rights information is implemented as metadata files rather than as tags. These metadata files are associated with content files and are processed when the access to the content is requested. In addition, when HTML content, which has associated ARI tags, is downloaded, the ARI tags may be stored as HTML code in a metadata file. The filesystem may then use a web browser or the like to parse and interpret the HTML code when access to the content file is desired.

Abstract: A system and method for enabling a remote control to automatically and dynamically set-up a V-chip in a consumer appliance. The remote control is configured with an ID code which ID code is transmittable to the consumer appliance. Within the consumer appliance is stored a plurality of V-chip parameter tables. The consumer appliance is responsive to the ID code transmittable by the remote control to select one of the plurality of V-chip parameter tables to be used by the V-chip to determine accessibility to programming.

Abstract: A household device installed in a house is connected to an open-type connectionless network from the outside. The household device establishes a connection through the network and maintains it by transmitting data packets continuously to a network server within a certain period of time. A user terminal outside the house gains access to the household device through the network server.

Abstract: The present invention protects network devices from overload and from network packet flood attacks (such as Denial of Service and Distributed Denial of Service attacks) that would otherwise consume available resources, and possibly cause system failure or compromise the system by allowing intrusion. The invention, termed an intelligent cache management system is used to free allocated resources (memory, in particular) for reuse, when under sustained attack. One exemplary embodiment of a cache management system of the present invention is used in connection with session-type packet processing devices of a computer network. The system comprises a memory management database for storing communication traffic classification and memory threshold values, and a memory monitor for tracking overall memory usage and determining when the memory threshold values stored in the memory management database are reached. A cache classifier is used to determine a class into which a given session of communications traffic falls.

Abstract: A method, computer program product, and apparatus for presenting data about security-related events that puts the data into a concise form is disclosed. Events are abstracted into a set data-type. Sets with common elements are grouped together, and summaries of the groups—“situations” are established from groups whose severity exceeds a threshold value. These groups and situations are then propagated up a hierarchical arrangement of systems and further aggregated so as to provide summary information over a larger group of systems. This hierarchical scheme allows for scalability of the event correlation process across larger networks of systems.

Abstract: Network reference models and configuration tools utilizing a database engine providing deduction facilitate automatic or semi-automatic configuration of security software packages based on security policies. One or more associated databases provide a central repository of information about the network and its security goals. The associated databases may further provide a central repository of information about network events, such as possible attacks and benign events that could be confused with attacks. Taken together, the database engine and associated databases facilitate automated generation of detailed security goals. The security goals can then be used by various configuration modules to configure security software packages installed within the network.

Abstract: A method and apparatus for remote control and/or monitoring of a multimedia system includes processing that begins when a hand held device transmits a remote control/monitoring request to a server. The processing continues once a communication path is established between the hand held device and the server by having the server determine remote control and monitoring privileges of the hand held device. If the hand held device has at least a minimum level of remote control and monitoring privileges, the processing continues as the server processes the remote control/monitoring request with respect to at least one client to produce operational monitoring data. The processing continues as the server provides the operational monitoring data to the hand held device via the communication path.

Abstract: A Security Association (SA) lookup table is maintained at a network interface. The SA data is stored in a memory external to the network interface, for example, in the memory of a host electronic system in which the network interface provides network access. The lookup table stores sufficient information for the network interface, or another system component, to access the SA data. When a cryptography operation is to be performed, the SA data is retrieved from the external memory and delivered to the processor performing the cryptographic operations. In one embodiment, destination Internet Protocol (IP) address and the IPSec protocol are checked after the SA data is retrieved from the external memory. In one embodiment, the lookup table entries contain only an offset value from a base address value to locate the SA data.

Abstract: A system for accessing data from any location and any device including those behind firewalls, proxy servers, address translations and other devices, while securing the data and network. The access may be by voice or wireless connection and the data may be PIM data such as calendaring or scheduling information or email. The system employs a secure peer network between data sources regardless of their location enabling data access devices to retrieve or submit data from any Internet enabled device from any location. Messages are tunneled to HTML that passes through firewalls. A Queue Manager in the EPN Server software creates a unique queue for data source which can only be accessed by the data source. The user with a browser enabled device can then access the EPN Server by providing the necessary credentials, such as user id and password, and can then access the data in the data sources for which the user is permissioned.

Abstract: A system for accessing data from any location and any device including those behind firewalls, proxy servers, address translations and other devices, while securing the data and network. The system employs a secure peer network between data sources regardless of their location enabling data access devices to retrieve or submit data from any Internet enabled device from any location. Messages are tunneled to HTML that passes through firewalls. A Queue Manager in the EPN Server software creates a unique queue for data source which can only be accessed by the data source. The user with a browser enabled device can then access the EPN Server by providing the necessary credentials, such as user id and password, and can then access the data in the data sources for which the user is permissioned. The data source maintains a non-persistent connection through a polling algorithm and services the request in the queue.

Abstract: A device in one example comprises a standalone universal serial bus keyboard emulator and an ultrasonic sensor component. The standalone universal serial bus keyboard emulator is coupled with a computer through a universal serial bus port. The ultrasonic sensor component is coupled with the standalone universal serial bus keyboard emulator. The ultrasonic sensor component communicates one or more signals to the standalone universal serial bus keyboard emulator that serve to allow the standalone universal serial bus keyboard emulator to make a determination of entry to or exit from a predetermined proximity of the computer by a user. The determination of entry to or exit from the predetermined proximity of the computer by the user causes the standalone universal serial bus keyboard emulator to send a corresponding entrance or exit user configurable keystroke sequence to the computer through the universal serial bus port.

Abstract: A system for securing and tracking usage of transaction services or computer resources by a client computer from a first server computer, which includes clearinghouse means for storing identity data of the first server computer and the client computer(s); server software means and client software means adapted to forward its identity data and identity data of the client computer(s) to the clearinghouse means at the beginning of an operating session; and a hardware key connected to the client computer, the key being adapted to generate a digital identification as part of the identity data; wherein the hardware key is implemented using a hardware token access system, a magnetic card access system, a smart card access system, a biometric identification access system or a central processing unit with a unique embedded digital identification.

Abstract: The present invention relates to secure PIN entry in a distributed network. According to one or more embodiments of the present invention, a client connected to a server contains logic that is used to keep the PIN within the network computer and not send it over the network. In one embodiment, the server sends an instruction to the networked computing device telling it to capture a PIN locally. This instruction causes the networked computer to enter a secure PIN entry mode which logically disconnects the keyboard from the server. Upon receipt of the instruction from the server, one embodiment of the present invention receives keyboard entries on the client computer and places them into a local buffer. The client continues buffering the keyboard entries until an indication that the process is complete. Upon completion of the keyboard entries, they are translated into ASCII characters by the client and sent from the local client buffer to the smart card where the PIN may be verified.

Abstract: A method and system is provided by a Central-Entity, for identification and authorization of users over a communication network such as Internet. Central-Entity centralizes users personal and financial information in a secure environment in order to prevent the distribution of user's information in e-commerce. This information is then used to create digital identity for the users. The digital identity of each user is dynamic, non predictable and time dependable, because it is a combination of user name and a dynamic, non predictable and time dependable secure code that will be provided to the user for his identification.

Abstract: Personal Video Recorders permit a user to digitally record Multi-media programming for subsequent replay by a user. The present invention comprises a PVR device that has the added facility of secure recording, and playback mechanisms that operate in response to the input of at least one unique user authorization instruction, thereby preventing minors or other unauthorized users from the unauthorized recording, storage and playback of Multi-media programs.

Abstract: Methods for improving security in data storage devices are disclosed. The methods include a synchronization method by which an encrypted password, using any known encryption algorithm, keeps changing at each transmission from host to data storage device. Additionally, a security system for implementing the security method is provided.

Abstract: A power delivery system and a method for setting the parameters of the power delivery system. The effective resistance of the capacitors for each stage may be set to be substantially equal to the effective resistance of the previous stage, and the time capacitive constant of the capacitors may be set to be substantially equal to the effective inductive time constant of the previous stage.

Abstract: The present invention relates to a portable information apparatus which can realize electrical power for a longer period of time. Under the condition that the suspending mode is set, when an exclusive key is manipulated, a switch monitoring circuit detects this condition and issues an interruption to the CPU. In this timing, the CPU supplies the necessary electrical power to the CD-ROM controller, CD-ROM drive and audio circuit which are required for reproduction of CD. Thereby, a CD can be reproduced under the suspending mode.

Abstract: A data processing system includes a mechanism to periodically idle the normal system operation to allow recalibration of its interface circuitry by transmission of data with transitions and logic levels indicative of actual operation. Provision is made to protect actual data of the system from corruption during recalibration.

Abstract: The clock switch device of the present invention includes: a clock detector for receiving a plurality of clocks and clock selection data designating a clock to be selected, detecting whether or not the clock designated by the clock selection data among the plurality of clocks changes in signal level, and outputting the result as a detection signal; a control register for holding and outputting the clock selection data when the detection signal indicates that the clock designated by the clock selection data changes in signal level; and a selector for receiving the plurality of clocks and selecting a clock corresponding to the output of the control register among the plurality of clocks.

Abstract: The inter-symbol interference problem is reduced by detecting a data sequence indicating when a boost is needed on a ‘short pulse’, usually the first data pulse of the opposite polarity after a string of data pulses of the same value. A data decoder that detects when current compensation is required and an output driver that has the variable drive capability to change the drive current on the short pulse is used to boost the amplitude. The output driver is regulated by a phase locked loop which includes a voltage variable delay digitally controlled voltage variable reference capacitors in the phase locked loop circuit for receiving data from memory that contains the proper capacitor control voltage needed. The time required to charge the capacitor is constant and the delay is slaved to the clock period.

Abstract: An SD memory card host controller supplies a clock to an SD memory card and issues a read command. After that, the host controller stops supplying the clock to the SD memory card during latency of read data from receipt of a response to the read command from the SD memory card to readout of data. The host controller resumes supplying the clock immediately before a data cycle starts. Power savings can thus be achieved by controlling the clock to be supplied to the SD memory card.

Abstract: The present invention provides a clock control type processor which can permit and accommodate a temporary delay in a processing operation also in a system in which processing times are not constant, and realize the accommodation while reducing the power consumption as much as possible. In this clock control type processor, a block difference detection circuit 20 detects a difference between a processing block address and a writing block address and outputs a block difference signal 105, and a clock control circuit 16 controls a clock.

Abstract: A method for selectively retransmitting packets is disclosed. The method includes categorizing groups of packets in an order of importance. The order of importance is based on a scope of adverse impact that a loss of a particular group has on a quality of reconstructed original information. The method also includes selecting a subset of the groups of packets to be retransmitted. The selection is based on network condition parameters. The method further includes requesting retransmission of the subset of the groups of packets when a buffer occupancy condition is met.

Abstract: The present invention is a control technique for a data storage system, for performing exclusive control of duplicated volumes generated among separately established storage devices having a remote copy function, and uniquely determining the host device having exclusive control of duplicated volumes.

Abstract: A system of Flash EEprom memory chips with controlling circuits serves as non-volatile memory such as that provided by magnetic disk drives. Improvements include selective multiple sector erase, in which any combinations of Flash sectors may be erased together. Selective sectors among the selected combination may also be de-selected during the erase operation. Another improvement is the ability to remap and replace defective cells with substitute cells. The remapping is performed automatically as soon as a defective cell is detected. When the number of defects in a Flash sector becomes large, the whole sector is remapped. Yet another improvement is the use of a write cache to reduce the number of writes to the Flash EEprom memory, thereby minimizing the stress to the device from undergoing too many write/erase cycling.

Abstract: The present invention relates to a method and system for implementing protocol redundancy in a router. In particular, the invention relates to providing redundancy of multi protocol label switching (MPLS). In one aspect, the present invention provides MPLS redundancy wherein all protocol states are mirrored. An active processor provides MPLS operations. In the present invention, a standby processor is coupled to the active processor. During the initial synchronization, all protocol information from the active processor is forwarded to the standby processor. The protocol information can include event information and state information. Thereafter, any updates of protocol information are immediately forwarded to the standby processor in an orderly and controlled manner. Upon failure of the active processor, the standby processor takes over as the active processor. All MPLS protocol operations are performed on the new active processor.

Abstract: A data protection system and methodology that securely protects data in a computer system, so that a backup/recovery program will never be destroyed. According to the invention, the data protection system comprises a read only storage device and an operating system. The read only storage device is used for storing data needed by the computer system over a long period of time. The operating system is used for controlling operations of the computer system and managing the read only storage device. In one embodiment of the invention, the read only storage device has a backup/recovery means and a driver. The backup/recovery means can back up the data in the computer system and restore the computer system to a previous state. The driver can drive the backup/recovery means to back up the data and restore the computer system.

Abstract: A module is provided to support online cache diagnostics in a Linux operating system. The module is dynamically loaded to a kernel of the operating system. Upon activation, the module allocates memory for a user level program and a manager maps a contiguous buffer of memory from a kernel address space to a user process address space. The buffer is contiguous in both the physical and virtual address space. Physical memory displacement between access is controlled from the user level. Accordingly, the module enables allocation of contiguous lines of memory from the kernel to the user space in which control of the memory displacement occurs at the user level.

Abstract: A method is described for debugging reconfigurable hardware. In one example embodiment, debugging information is written for each configuration cycle into a memory which is then evaluated by a debugger.

Abstract: An incremental fault dictionary in which the diagnostic simulation results of current tests are stored for future use. Diagnostic simulation results are incrementally added to the fault dictionary, and information in the incremental fault dictionary is used to avoid expensive redundant fault simulations. The size of the incremental fault dictionary is maintained within user definable bounds by identifying and deleting faults that need not be maintained in the incremental fault dictionary. The incremental fault dictionary beneficially provides more accurate and faster diagnostics than a typical prior art diagnostic fault simulation.

Abstract: The present invention enables the modeling of plural outcomes resulting from a single stimulus, thereby allowing for automated test generation for non-deterministic software. In accordance with the present invention, a method, system, and computer program product are disclosed for testing software having a non-deterministic outcome. In accordance with the present invention, a set of rules is created, each rule having an associated stimulus, a precondition computation, and a computation procedure to produce the set of all valid outcome states. Each valid outcome state models one of several states that may result from applying the stimulus to any state which satisfies the precondition computation. Using these models, a test generation program is executed against the set of rules to recursively expand each path associated with an outcome state of a rule and outputting a list of valid possible outcomes, then selecting sequences of stimuli in accordance with coverage goals set by the test engineer.

Abstract: A microcomputer according to the present invention includes: collecting unit for generating and collecting a series of trace information for each execution process of a program to be evaluated in a preset sampling period for a predetermined number of repetitions; outputting circuit for outputting the series of the trace information for each repetition; and decimating circuit for deleting any of the trace information collected at each repetition so that the outputting circuit can output all of the trace information to be collected within the sampling period when the collecting circuit has finished repetitive collection process.

Abstract: A scan of computer files for predefined properties indicative of such things as viruses is disclosed. The scan is performed in a circular manner, such that when all of the files to be scanned have been scanned it starts again from the first file. The ability to update the data defining the properties to be scanned for during a scan is provided.

Abstract: A system and method for enabling execution stop and re-start of a test executive sequence or hierarchy of test executive sequences. Execution progress of a test executive sequence or test executive sequence hierarchy may be periodically stored. This may comprise performing or taking “snapshots” of the execution at various points during the execution. Performing a snapshot may comprise saving all data needed to restore and re-start the execution at the respective point. The criteria of when and where to perform the snapshots may be any of various criteria and may be specified in any of various ways.

Abstract: A test coverage tool provides output that identifies differences between the actual coverage provided by a test suite run on a program under test and the coverage criteria (e.g., the coverage criteria required by the test/development team management). The output from the test coverage tool is generated in the same language that was used to write the coverage criteria that are input to an automated test generator to create the test cases which form the test suite. As a result, the output from the coverage tool can be input back into the automated test generator to cause the generator to revise the test cases to correct the inadequacies. This allows iterative refinement of the test suite automatically, enabling automated test generation to be more effectively and efficiently used with more complex software and more complex test generation inputs.

Abstract: An operating system (OS) is used in a system with a processor that includes embedded real-time analysis components. The OS includes software objects which provide functionality in response to signals from the embedded real-time analysis components. In an example embodiment, the OS is a real-time OS (RTOS), the embedded real-time analysis components include an embedded event trigger component, and the software objects include a debug object that responds to signals from the embedded event trigger component. For instance, those signals may relate to program flow, data flow, or a hardware operation such as a cache miss, and the debug object may be a breakpoint handler, a trace handler, or an event sequence handler. In the example embodiment, the software objects in the RTOS provide functionality such as stack overflow detection, real-time task priority modification, and/or system scheduling error assertion for a real-time application. Alternative embodiments involve related methods and systems.