Abstract: In the field of computer enabled cryptography, such as a keyed block cipher having a plurality of sequenced rounds, the cipher is hardened against an attack by a protection process which adds rounds to the cipher process. This is especially advantageous in a “White Box” environment where an attacker has full access to the cipher algorithm (process), including the algorithm's internal state during its execution. In one version, a specific number of rounds are added over those of a standard version of the cipher to both encryption and the complementary decryption. The added rounds are inserted immediately after the last of the standard rounds in the sequence. In another version, the added rounds are one or more opposing paired rounds of encryption/decryption or decryption/encryption which effectively cancel each other out, and may be inserted anywhere in the sequence of standard rounds.

Abstract: Dynamic encryption for network communication includes distributing a key to a network entity and storing the key into the key table. A key in the key table is used to encrypt data, and an index of the used key in the key table is attached to the encrypted data. The encrypted data is sent to the network entity. Dynamic decryption for a network communication includes receiving a key from a network entity and storing the received key into a key table. Encrypted data is received from the network entity. A key in the key table is located based on an index attached to the data and the data is decrypted with the located key.

Abstract: There is provided a communication device in which a network access authenticating unit executes a network access authentication process with an authentication server to establish a connection to a network, the authentication process including generation of information shared with the authentication server, a communication unit receives an authentication result message from the authentication server when succeeding in the network access authentication process, the authentication result message containing an authentication result indicating success in the network access authentication process and an encrypted network key; a key transport key generating unit generates a key transport key by use of the information generated in the network access authentication process; and a network key acquiring unit acquires a network key by decrypting the encrypted network key contained in the authentication result message with the key transport key, the communication unit encrypts data with the network key and transmits encry

Abstract: A system for enabling a virtual private network over an unsecured network includes a local network coupled to an internet server configured with a firewall. Coupled to both is an appliance that includes a cryptographic module. A remote modem, for example, a cellular modem, is coupled to a counterpart appliance that includes a compatible cryptographic module. The two modules are keyed to be exclusively, mutually responsive to each other and enable the transmission of encrypted data between the local network and the remote modem. The appliance coupled to the remote modem may further be coupled to either of a remote computer device or a remote network.

Abstract: Systems and methods for remotely personalizing payment devices for consumers are described. In an embodiment, a system includes a MOTAPS server computer that provides data preparation functions and a trusted service provider (TSP) personalization server computer. The system also includes a service provider computer operably coupled to the TSP personalization server computer, and a remote personalization device (RPD) operably coupled to the service provider computer. The RPD transmits personalization requests, receives personalization data, and personalizes a payment device before providing the personalized payment device to a consumer.

Abstract: A system and method for protecting access to authentication systems. A mediator may accept original authentication credentials from a client, may process the authentication credentials to provide processed authentication credentials and may forward the processed authentication credentials to an authentication system. Processing original authentication credentials may include encrypting at least one portion of original authentication credentials.

Abstract: During generation of an implicit certificate for a requestor, a certificate authority incorporates information in the public-key reconstruction data, where the public-key reconstruction data is to be used to compute the public key of the requestor. The information may be related to one or more of the requestor, the certificate authority, and the implicit certificate. The certificate authority reversibly encodes the public-key reconstruction data in the implicit certificate and sends it to the requestor. After receiving the implicit certificate from the certificate authority, the requestor can extract the incorporated information from the public-key reconstruction data. The implicit certificate can be made available to a recipient, and the recipient can also extract the incorporated information.

Abstract: A valid duration period for a digital certificate is established by a process that includes assigning numeric values to certificate term. The numeric value assigned to each certificate term is representative of the valid duration period. The method continues by identifying one certificate term, which may include requesting a user to select a certificate term. The method may include transmitting the requested certificate term to a server. The certificate term requested is sent via a certificate request. The server is configured to convert the numeric value associated with the requested certificate term into a duration counter value. The method may also include a certificate server receiving from the server, the certificate request including the duration counter value.

Abstract: There is a need to reduce the certificate verification time in a communication system. A communication system (10) includes a certificate authority (100) for performing authentication, a roadside device (110), a vehicle-mounted terminal (120), a first server (130), and a second server (140). The vehicle-mounted terminal transmits its own position information to the first server. The certificate authority acquires information about a vehicle-mounted terminal highly likely to appear according to place and time from the first server. The certificate authority allows the second server to verify validity of a certificate for a vehicle-mounted terminal acquired from the first server. The certificate authority generates a first list of vehicle-mounted terminals having valid certificates and a second list of vehicle-mounted terminals having invalid certificates according to place and time based on a verification result.

Abstract: A method and apparatus is provided that allows code signed by a master key to grant trust to an arbitrary second key, and also allows code, referred to as an antidote and also signed by the master key to revoke permanently the trust given to the second key.

Abstract: A plurality of computer nodes communicates using seemingly random IP source and destination addresses and (optionally) a seemingly random discriminator field. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are rejected. In addition to “hopping” of IP addresses and discriminator fields, hardware addresses such as Media Access Control addresses can be hopped. The hopped addresses are generated by random number generators having non-repeating sequence lengths that are easily determined a-priori, which can quickly jump ahead in sequence by an arbitrary number of random steps and which have the property that future random numbers are difficult to guess without knowing the random number generator's parameters. Synchronization techniques can be used to re-establish synchronization between sending and receiving nodes.

Abstract: A content transmission device for transmitting content, whose copying is controlled, includes an authentication section for performing an authentication procedure between the content transmission device and a content receiving device, a first copy-control-information processing section for processing first copy control information describing copy control information concerning the content, a second copy-control-information processing section for processing second copy control information including content information different from the first copy control information, and a content transmission section for generating and transmitting, to the content receiving device, a packet including a header including the first copy control information and the second copy control information, and a payload obtained by encrypting the content with a predetermined content key.

Abstract: A method is used to transparently create an encrypted communications channel between a client device and a target device. Each device is configured to allow audio/video communications between the client and target devices over the encrypted communications channel once the encrypted communications channel is created. The method comprises receiving from the client device a request for a network address associated with the target device, determining whether the request is requesting access to a device that accepts an encrypted channel connection with the client device, and in response to determining that the request is requesting access to a device that accepts an encrypted communications channel connection with the client device, providing provisioning information required to initiate the creation of the encrypted communications channel between the client device and the target device such that the encrypted communications channel supports secure audio/video communications transmitted between the two devices.

Abstract: Disclosed is an appliance, system, method and corresponding software application for encrypting and processing data. A symbol based encryption module may be adapted to encrypt data on a symbol basis such that some or all of the encrypted data remains processable.

Abstract: A system and method for providing access to data stored in encrypted form in a physically non-secure database without compromising security of the data in the physically non-secure database is disclosed. A representation of at least some of the data from the database in unencrypted form is stored in volatile memory associated with the server. The wildcard search is performed on the representation. Search results are displayed to the user to allow the user to select database contents to be retrieved. The user's selection is retrieved from the database and decrypted. Finally, the unencrypted selection results are provided to the user.

Abstract: A system and method for anonymous email, text messaging and social network communication between an initiator and one or more recipients. The system includes conversation tool which presents a menu page in which the initiator's telephone number, email address, social network identifier is submitted along with the recipient's telephone number, email address, or social network identifier, and a text message. The system includes a conversation server coupled to the communication network that receives the information from the menu page and forwards the text message to the desired number, address or identity. The conversation server includes an encryption/decryption engine that combines the initiator's number, address or network identity with the timestamp and then encrypts and embeds it into the text message. The reply containing the encrypted information is decrypted and routed by the conversation server. The communication tool hides the identities of the recipients from the initiator and the other recipients.

Abstract: A method and device for securely sharing images across untrusted channels includes downloading an encrypted image from a remote server to a computing device. The encrypted image may be encrypted at the time of uploading by another user. The current user of the computing device is authenticated using a facial recognition procedure. If the current user is authenticated and is determined to be authorized to view the decrypted image, the encrypted image is decrypted and displayed to the user. If the user becomes unauthenticated (e.g., the user leaves the computing device or another user replaces the current user), the encrypted image is displayed in place of the encrypted image such that the decrypted image is displayed only for authorized persons physically present at the computing device.

Abstract: Various methods for the secure exchange of private keys for authenticating a user to an RDP service are provided. One example method may comprise receiving a request comprising a session token to provide a user with access to an RDP service, and retrieving a username and password associated with the user using the session token. The method may further comprise assigning a time period of validity to the password. Furthermore, the method may comprise generating a first secret key based on user information, generating a second secret key based on the first secret key and a salt, and encrypting a packet comprising the password and the time period using the second secret key. Additionally, the method may comprise transmitting the username and encrypted packet to the device for authenticating the user with the requested RDP service. Similar and related example methods, apparatuses, systems, and computer program products are also provided.

Abstract: A method for transmitting a Rights Object (RO) includes generating a password key by encrypting a password, generating the RO using the password key, and transmitting the RO from a first device to a second device. The second device and the first device share the password and the second device generates the password key using the same encryption method as that used by the first device to generate the password key. The second device decrypts a Message Authentication Code (MAC) key and a Rights Object Encryption Key (REK) using the password key, decrypts a Content Encryption Key (CEK) using the decrypted REK, and verifies integrity of the RO using the decrypted MAC key. The second device can use and/or access content associated with the RO using the decrypted CEK. The CEK may be generated by the first device or may be the CEK from a Rights Issuer.

Abstract: In embodiments of load balanced and prioritized data connections, a first connection is established to communicate first data from a first server to a second server over a public network, where the first data is communicated from a private network to a first device or subnet that is connected to the second server. A second connection is established to communicate second data from the first server to the second server over the public network, where the second data is communicated from the private network to a second device or subnet that is connected to the second server. The second server can distinguish the first data from the second data according to an authentication certificate field that identifies one of a first communication interface of the first connection or a second communication interface of the second connection.

Abstract: A mechanism and method for managing credentials on an electronic device and providing encryption and decryption services for the electronic device comprising a mobile communication device, smart phone or other computing device. According to an embodiment the device is configured with an iOS based operating system. The device is configured with a data encryption service application and an associated secure data repository. According to an embodiment, the electronic device is configured to download and/or cache credentials from a credential management system operatively coupled to the device, comprising public-private key pairs in a PKI system. According to an embodiment, the electronic device is configured with or stores a digital verification signature. The data encryption service application is configured to encrypt/decrypt data (e.g. files, documents) and optionally digitally sign the encrypted file.

Abstract: To verify a pair of correspondents in an. electronic transaction, each of the correspondents utilises respective parts of first and second signature schemes. The first signature scheme is computationally more difficult in signing than verifying and the second signature scheme is computationally more difficult in verifying than signing. The first correspondent signs information according to the first signature scheme, the second correspondent verifies the first signature received from the first correspondent, using the first signature scheme. The second correspondent then signs information according to the second signature scheme and the first correspondent verifies the second signature received from the second correspondent, according to the second signature algorithm. The method thereby allows one of the correspondents in participate with relatively little computing power while maintaining security of the transaction.

Abstract: A system for performing authentication of a first user to a second user includes the ability for the first user to submit multiple instances of authentication data which are evaluated and then used to generate an overall level of confidence in the claimed identity of the first user. The individual authentication instances are evaluated based upon: the degree of match between the user provided by the first user during the authentication and the data provided by the first user during his enrollment; the inherent reliability of the authentication technique being used; the circumstances surrounding the generation of the authentication data by the first user; and the circumstances surrounding the generation of the enrollment data by the first user.

Abstract: There is provided a computing device for authentication. The computing device comprises a processor for processing digital data; a memory device for storing digital data including computer program code and being coupled to the processor; and an interface for sending and receiving digital data and being coupled to the processor. The processor is controlled by the computer program code to receive, via the interface, image selection data representing an image selection from a set of candidate images; and authenticate in accordance with the image selection data.

Abstract: A computing environment in which devices interoperate with a plurality of hardware components. Inconsistencies in user experience when operating devices that may use different components are avoided by generating a signature for the components. The signature may be computed as a function of a first key and one or more parameter values obtainable from the component. The signature and parameter values may be stored in the component's memory, and may be obtainable while the component is in operation as part of the computing device. The device may validate the component by performing at least one function based on the signature, the one or more parameter values obtainable from the component, and a second key, which may or may not be identical to the first key. The device may change its interaction with the component, depending on whether the component was successfully validated.

Abstract: Objects of an object set stored in an archive may be randomly accessed using the addresses of the objects stored in the archive. However, archives often fail to enable random access to the data within an object, without accessing other portions of the object, due to the variable compression of respective segments of the object. Random-access capabilities within the objects may be provided by segmenting the object into segments of a segment size, generating a block map specifying the block sizes of respective blocks corresponding to respective segments of the objects, and storing the block map in the archive as an object of the object set. Additionally, hashcodes may be calculated respective blocks and included in the block map in order to expose alterations of respective blocks, and/or to update an archive to an updated version of the archive by comparing the hashcodes and retrieving and substituting the updated blocks.

Abstract: A security technique to reduce the risk of unauthorized release of a software object. The technique allows identification of an individual responsible for the unauthorized release by marking each object with information, which acts as a fingerprint from which a person manipulating the object in a development environment can be identified. The development environment may be configured to quickly and automatically mark the object whenever a manipulation that may precede an unauthorized release occurs. To prevent circumventing the security technique, the object may be configured to enforce a requirement for a valid fingerprint such that the object is disabled if the fingerprint is removed or altered. Despite the marking, personally identifiable information is not revealed because the fingerprint is generated through a one-way cryptographic function performed on identifying information.

Abstract: The disclosure provides a method and a framework for secure data management, in which the method comprises: enabling, by an enterprise server, a user to download an enterprise application from the enterprise server using a computing device. User authentication credentials are provided by the enterprise server to a user when the user registers with the enterprise server. A unique client ID is assigned for the enterprise application downloaded by the computing device by the enterprise server. Keys for data encryption or decryption are generated by the enterprise server, for different services provided by the enterprise server based on a combination of the unique client ID, a user ID and/or a computing device ID.

Abstract: A computer system comprising a processor and a memory for storing instructions, that when executed by the processor performs a copy protection method. The copy protection method comprises executing a software loop of a first software application in a first operating system. A first call is executed in the software loop to a code portion. A decrypted code portion of the first software application is executed in a second operating system in response to the first call. The code portion is decrypted in response to a successful validation of the first software application.

Abstract: The object of the present invention is to provide a contents data utilization system in which the contents data is shared between a plurality of mobile communication terminals while the copyright is protected. When the contents data downloaded via a communication network is stored into an external memory of a mobile communication terminal, an SIM data processing unit generates a cipher key, using an IMSI that is an identifier stored in an SIM card inserted into the terminal 1. Using the cipher key, a contents data processing unit encodes the downloaded contents data, and stores it into an external memory. When the contents data is reproduced, the SIM data processing unit generates a cipher key, using the identifier stored in the SIM card, and decodes and reproduces the contents data stored in the external memory. Thereby, the contents data can be shared between a plurality of mobile communication terminals owned by the user having the SIM card.

Abstract: A self-encrypting drive allows finely grained control, i.e., the ability to create, protect, lock and unlock, of different volumes on the same drive. The different volumes enable multiple different operating systems to be booted, depending on the volume that is selected for booting.

Abstract: Techniques for secure data synchronization are described. In one or more implementations, techniques may be employed to conserve high cost data storage by storing larger portions of encrypted data in low cost storage, while storing relatively smaller encryption keys in higher cost storage. A device that is granted access to the encryption keys can retrieve the encrypted data from the low cost storage and use the encryption keys to decrypt the encrypted data.

Abstract: A method for distributing content. The method distributes a single media storage structure to a device (e.g., a computer, portable player, etc.). The media storage structure includes first and second pieces of encrypted content. Based on whether the device is allowed to access the first piece of content, the second piece of content, or both, the method provides the device with a set of keys for decrypting the pieces of the content that the device is able to access. The provided set of keys might include one or more keys for decrypting only one of the two encrypted pieces of content. Alternatively, it might include one or more keys for decrypting both encrypted pieces of content. For instance, the selected set of keys might include a first key for decrypting the first encrypted piece and a second key for decrypting the second encrypted piece.

Abstract: Security of information—both code and data—stored in a computer's system memory is provided by an agent loaded into and at run time resident in a CPU cache. Memory writes from the CPU are encrypted by the agent before writing and reads into the CPU are decrypted by the agent before they reach the CPU. The cache-resident agent also optionally validates the encrypted information stored in the system memory. Support for I/O devices and cache protection from unsafe DMA of the cache by devices is also provided.

Abstract: A method and apparatus for performing a function based on an executable code in response to receiving a request including function parameters are described. The executable code may be validated when loaded in a memory according to a signature statically signed over the executable code. A data location in the memory for storing the function parameters may be determined according location settings included inside the executable code. A target code location for storing a copy of the executable code may be determined based on the location parameters and the determined data location. A function is performed by executing the executable code from the target code location referencing the stored function parameters.

Abstract: Various embodiments of the present invention provide systems and methods for data processing. As an example, a data processing circuit is disclosed that includes a data detector circuit, a data decoder circuit, and a gating circuit.

Abstract: A power distribution device and a server rack system are provided. The server rack system includes a rack and at least one apparatus disposed therein. The power distribution device distributes electrical power to the apparatus. The power supply device includes a first conducting plate, an insulation layer and a second conducting plate that are sequentially superimposed, and a first and a second power columns inserted in the first and the second plates. The insulation layer is disposed between the first and the second conducting plates. The first and the second power columns are connected to a power supply unit in the rack to obtain electric power therefrom. Each output pin pair includes a first and a second output pins inserted in the first and the second conducting plates. The output pin pairs are connected to the apparatus in the rack to transfer electric power to the apparatus.

Abstract: A control system includes an input module, a control module, a switch module and a display module. The input module is configured to output test parameters to the control module. The control module is capable of outputting power on and power off control signals according to the test parameters. The switch module is capable of receiving the power on and power off control signals and is configured to output the signals to power a computer motherboard on or off accordingly. The computer motherboard is configured to output feedback signals to the control module after being successfully powered on. The control module displays test results on the display module according to the feedback signals.

Abstract: A computer device and frequency adjusting method for central processing unit are provided. The computer device including a CPU, a voltage regulator module, a clock generator, a power-on module, a chip set and an embedded controller. The power-on module activates the voltage regulator module, the clock generator and the CPU respectively. The voltage regulator module provides the operating voltage of the CPU. The clock generator provides the operating clock of the CPU. Before the CPU is activated, the embedded controller adjusts the operating clock and the operating voltage provided from the clock generator and the voltage regulator module the CPU, the CPU performs overclocking/downclocking directly by using the adjusted operating clock and the adjusted operating voltage after the CPU is activated.

Abstract: A relay and a data processing method are provided. The relay includes: a detection unit for classifying and detecting event oriented monitoring data and non-event oriented monitoring data from monitoring data; a storage unit for storing the detected monitoring data; a communication unit for receiving a request signal of the monitoring data from a monitoring device and transmitting corresponding monitoring data in response to a transmission request signal of the monitoring data; and a control unit for extracting event oriented monitoring data from the monitoring data and performing a control to transmit the monitoring data requested from the monitoring device.

Abstract: A semiconductor intergrated circuit device which enables a power-supply voltage terminal and an internal circuit to be isolated from each other in a noncontact operation of a semiconductor integrated circuit device for an IC card, including a first power supply circuit for rectifying and smoothing an AC signal supplied from an antenna, a second power supply circuit which includes a voltage control circuit for controlling a gate terminal voltage of a first MOS transistor, a substrate potential control circuit for forming a source voltage of the first MOS transistor as a substrate voltage, and a second MOS transistor which causes the substrate voltage and the gate voltage of the first MOS transistor to be conductive when using the first power supply circuit, and which causes the substrate voltage and the gate voltage to be nonconductive when using power supplied from an external terminal.

Abstract: An electric power information management apparatus includes a power meter that measures electric power data on electric power to be supplied from a storage battery of a vehicle to an electric power facility; a security module that associates and encrypts identification information corresponding to the vehicle and the measured electric power data; a communication device that transmits to an electric power management database the identification information corresponding to the vehicle and the electric power data encrypted by the security module to store the electric power data associated with the identification information in the electric power management database; and an electric power control device that extracts necessary electric power from the electric power facility and supplies the electric power to the storage battery of the vehicle corresponding to the identification information, based on the electric power data stored in the electric power management database, being associated with the identification

Abstract: In a method for transmitting data between a host computer and a slave device, the host computer connects to a slave device through a data communication port. The slave device is equipped with a power supply that includes at least one capacitor. The power supply is charged through the host computer using the capacitor when the host computer is powered on. The method controls the host computer sends data to the slave device, and controls the capacitor to discharge to provide power to the slave device for a period of time when the host computer is powered off, and stores the data packet into the slave device during the period of time. The method further retrieves the data from the storage device when the host computer is powered on, and resends the data to the slave device through the data communication port.

Abstract: A method includes monitoring, through a battery driver component of a embedded operating system executing on a data processing system deriving power from a battery, a state of the battery. The method also includes modifying, through a backlight driver component of the embedded operating system, an intensity level of a backlight of one or more Input/Output (I/O) devices of the data processing system from a current level associated with a normal operation thereof to an intensity level lower than the current level when the battery is detected to be in a critical state to prolong a lifetime thereof. The critical state is associated with a remaining charge on the battery being below a threshold required to maintain the data processing system in a powered on state.

Abstract: An electric storage device monitor includes a measurement unit detecting and obtaining a detected value, a power supply switch portion switching a power supply state of the monitor between a monitoring state and a low power consumption state, a wakeup timer to which an actuation time is set and starting counting time in response to switching to the low power consumption state and continuing counting time and outputting an actuation signal if reaching the actuation time, and a control unit. The switch portion switches from the low power consumption state to the monitoring state every time the wakeup timer outputs the actuation signal. The control unit controls the measurement unit to detect and obtain the detected value in the monitoring state, compares the detected value and a reference value, and changes the actuation time according to a comparison result of the detected value and the reference value.

Abstract: In an embodiment, a timer unit may be provided that may be programmed to a selected time interval, or wakeup interval. A processor may execute a wait for event instruction, and enter a low power state for the thread that includes the instruction. The timer unit may signal a timer event at the expiration of the wakeup interval, and the processor may exit the low power state in response to the timer event. The thread may continue executing with the instruction following the wait for event instruction. In an embodiment, the processor/timer unit may be used to implement a power-managed lock acquisition mechanism, in which the processor is awakened a number of times to check the lock and execute the wait for event instruction if the lock is not free, after which the thread may block until the lock is free.

Abstract: A data processor (1) includes a plurality of oscillation circuits (13 and 24) that individually generate a first clock signal (HCK) and a second clock signal (LCK) with a lower frequency, in which a CPU (10) performs data processing in synchronization with the oscillation output of an oscillation circuit selected by a clock switching circuit (22). In a state where the low power consumption mode is set, the data processor stops the first clock signal and maintains the oscillation of the second clock signal, selects whether or not to initiate the oscillation of the first clock signal in response to the trigger to cancel the low power consumption mode, and initiates the oscillation of the first clock signal without the CPU interrupt process which is enabled by the cancellation of the low power consumption mode.

Abstract: One embodiment of the present invention relates to a low-power micro-controller unit having both a standby micro-controller optimized for low power consumption and a main micro-controller optimized for high performance. A power supply is coupled to the main micro-controller and the standby micro-controller. The power supply provides power to one or more of the low-power, standby micro-controller and the high performance, main micro-controller by separate power supply paths, depending on system needs. The separate power supply paths allow the main micro-controller and the standby micro-controller operate independent of each other. During a low-power standby operating mode, power can be disconnected to the main micro-controller, while providing power to the standby micro-controller, thereby eliminating the leakage current associated with the large number of transistors in the main micro-controller, while still retaining the computational capabilities of the standby micro-controller.

Abstract: Operating system management of network interface devices is described. In one or more implementations, a determination is made by an operating system that network traffic associated with one or more applications of the computing device has completed. Responsive to the determination, a network interface device is caused to transition to a mode to reduce power consumption of the network interface device by the operating system.

Abstract: Provided herein is a computer implemented system for managing power supply for an electronic device. The system includes computer a learning component that is trained and constructs models according to usage patterns of the electronic device, a component providing a first phase of model building relating to usage of the electronic device; and a forecasting component that employs the learning component and models to generate predictions relating to usage of the electronic device.