Abstract: A system effecting a data reproducing method for a plurality of devices, for sending and receiving data by authenticating the plurality of devices with each other, said data reproducing method including: selecting, from a plurality of descrambling methods, a descrambling method corresponding to a type of said data, executing authentication by an authenticating method corresponding to the selected descrambling method, where the authenticating method is selected from a plurality of authenticating methods, and reproducing said data.

Abstract: Systems and methods are disclosed for inserting programs into broadcasted primary programs by a conditional access (CA) module that is inserted into a host device, such as a digital-ready television. The CA module utilizes primary and secondary program map tables and/or primary and secondary packet identifiers. A splicer splices the secondary packet identifiers, which is associated with a secondary program, into the primary packet identifiers, which is associated with a program, such as a broadcasted program. Additionally, the CA module may contain memory that is capable of storing the secondary program's packet identifiers and/or program map table that can be used for insertion into the primary program.

Abstract: This invention provides a system, method and computer program product to allow a user to access administrative security features associated with the use of a security token. The administrative security features provide the user the ability to unlock a locked security token, diagnose a security token, activate and deactivate a security token, request a replacement security token or temporary password or report the loss of a security token. The invention comprises a client application which integrates into the standard user login dialog associated with an operating system. A portion of the user dialog is linked to a remote server to access the administrative services.

Abstract: A proprietary portable audio player system for protecting digital content copyrights, which includes a proprietary portable audio player, a web access interface, and an online music server. The proprietary portable audio player has a hardware unique device identity. The proprietary portable audio player has a playback token acquirement mode and uses a first transmission medium to link with the online music server to thereby obtain a playback token for a corresponding music file playback. The online music server pre-stores a plurality of music files with compression formats, a plurality of playback tokens, and a mapping table. When a playback token signal from the web access interface is received, the online music server accordingly issues a playback token corresponding to a specific music file, updates the mapping table, and sends the playback token to the proprietary portable audio player through the first transmission medium.

Abstract: A communication system and device that enables free-hand drawn SMS (Short Messaging Service) messages to be transmitted and received from/to various user devices. A buffer device is inserted within a GSM compatible handset providing a buffer for both conventional SMS messages created by typing a message on the keypad of the handset and for free-hand drawn SMS messages created by drawing or writing the free-hand message on a data entry device. An optional OCR (Optical Character Recognition) facility can be provided in either the buffer device inserted within the handset or in a network server that receives the transmitted message and processes it for proper routing to the intended recipient.

Abstract: This invention is to appropriately cope with abnormal states. A control method according to the present invention includes: identifying an abnormal level according to abnormal level reference data stored in advance in an abnormal level reference data storage, from context relating to abnormalities, which has been collected in advance and stored in a context storage; and converting the identified abnormal level to an authentication strength level according to a predetermined authentication strength level setting rule, and causing an authentication server to carry out an authentication processing according to the authentication strength level. By carrying out such a processing, it becomes possible to cause the authentication server to carry out an authentication having an authentication strength level corresponding to an abnormal state.

Abstract: A mobile communication terminal for efficient digital broadcasting conditional access and a method of the mobile communication terminal.

Abstract: An image capture apparatus captures an image, and performs an authentication process with an external device. The image capture apparatus encrypts a captured image to generate an encrypted image if the authentication unit succeeds in performing the authentication process, and stores the encrypted image in a recording medium. The image capture apparatus displays whether the authentication unit succeeded in performing the authentication process, and whether the external device includes key information used in encrypting the captured image.

Abstract: In some embodiments, an electronic apparatus comprises a communication interface, an input/output interface, a processor, and logic to collect, in the electronic apparatus, a first identifier associated with a first communication device and second identifier associated with a second communication device, logic to establish a communication connection between the electronic apparatus and the first communication device, and logic to initiate, in the electronic apparatus, a connection request for a communication connection between the first communication device and the second communication device. Other embodiments may be described.

Abstract: An apparatus for generating copyright information for a secondarily processed content obtained by performing secondary processing on an original content, includes a secondary processed substance acquiring unit, a default license information generating unit, and a license information editing unit. The secondary processed substance acquiring unit acquires operation substances of the secondary processing performed on the original content. The default license information generating unit obtains rights expressions for the operation substances acquired by the secondary processed substance acquiring unit to generate default license information including the rights expressions as an initial value. The license information editing unit accepts selection of a desired rights expression by a user from the rights expressions of the default license information generated by the default license information generating unit to generate license information of the secondary processed content from the selected rights expression.

Abstract: A method for authenticating a user of certain service provided by a system through a first communication channel, in one aspect including receiving an access request from a first terminal of the user through the first communication channel; receiving an address or number of a second terminal of the user through the first communication channel; transferring data including an identification code, to the second terminal of the user through a second communication channel; receiving a user confirmation response, including the user identification code, from the second terminal of the user through the second communication channel; determining whether the identification code transferred to the second terminal is identical to the user identification code received from the second terminal; generating an authentication code if it is determined that both the user identification codes are identical to each other; transferring the user authentication code to the first terminal of the user through the first communication ch

Abstract: To solve problems in that a load on a VPN device is large in a case where the number of terminal devices increases in encrypted communication using a VPN technique, and that only communication between the terminal device and the VPN device is encrypted, thus disabling end-to-end encrypted communication, a communication system is provided, including: a terminal device; a plurality of blades; and a management server that manages the blades, in which: the management server selects a blade, authenticates the terminal device and the selected blade, and mediates encrypted communication path establishment between the terminal device and the selected blade; the terminal device and the blade perform encrypted communication without the mediation of the management server; and the management server requests a validation server to authenticate each terminal.

Abstract: A system and method for authenticating the source and ensuring the integrity of traffic data collected from probe vehicles while maintaining the privacy of the data's source. This is accomplished by dividing the traffic analysis functionality into two distinct responsibilities: data collection, including authentication and verification, and data processing, and assigning each responsibility to a different entity, such the first entity has access to authentication information which identifies the data's source but not to traffic information such as the source's location, and the second entity has access to the traffic information but not to the authentication information which identifies the data's source.

Abstract: Aspects of the present invention relate to systems, methods and devices for modifying and managing form documents with an application that receives input from an imaging device user interface and from other sources. Some aspects relate to a input field definition file that is transmitted to the imaging device and which comprises display parameters and UI options for prompting a user for field input and as well as instructions for obtaining field data from other sources.

Abstract: A group authentication method adaptable to a communication system is disclosed. The communication system includes a user group, a serving network, and a home network. The user group includes at least one mobile station. The home network pre-distributes a group authentication key to itself and all the mobile stations in the same user group and generates a mobile station authentication key for each mobile station. The home network generates a group list for recording related information of the user group. The home network has a database for recording the group list. The serving network has a database for recording the group list and a group authentication data received from the home network. The group authentication method includes following steps. The serving network performs an identification action to a mobile station. The communication system performs a full authentication action or a local authentication action according to the result of the identification action.

Abstract: A data providing system is provided which includes: a storage section which stores an encoded file obtained by encoding a data file to be distributed with a predetermined common key and an encoded information file obtained by encoding an information data file including information on the common key with a private key different from the common key; and a file transfer section which transfers the encoded file and the encoded information file from the storage section to external electronic device.

Abstract: When captured content is detected, the captured content is analyzed to determine whether any portion of the content is subject to digital rights management protection specified for content captured. Responsive to determining that the captured content is subject to a first digital rights management protection, a database is queried to select at least one digital rights management rule associated with a first restricted element specifying at least one first criteria for combining the first restricted element with at least one other element. A determination is made whether the first restricted element is combined with the at least one other element in the captured content. Responsive to detecting the first restricted element is combined with the at least one other element, the captured content rights controller determines a combined digital rights management protection rule reconciling the at least one first criteria for combining the first restricted element with the presence of the at least one other element.

Abstract: A system may account for the number of bounced e-mails by adding a number of records over the desired quantity to ensure that a minimum number of e-mails are not returned. To calculate an accurate number of extra records to identify, a system may need to track the percentage of messages returned and add a number of records equal to that percentage over the minimum number required by the particular campaign. However, unless the system accurately identifies a bounced e-mail as one originating from the system, spam or other unsolicited e-mail sent to the system may result in inaccuracies.

Abstract: The present invention encrypts authentication information into an image, document or recording. Briefly described, in architecture, one embodiment is a method comprising generating the original work; generating authentication data when the original work is generated, the authentication data comprising at least location information identifying the location where the original work is generated, the location information provided by a received signal from a remote device, date and time information identifying when the original work is generated, the date and time information provided by a received signal from a remote device, and biometric information identifying an originator of the original work; and encrypting the original work with the authentication data using a secret private key when original work is generated.

Abstract: A method in a communication network wherein users are authenticated based on network originated user identities is disclosed. The authentication method comprising the steps of receiving a network originated identity from a user and associating the network originated identity with at least one non-network originated identity stored in a data storage. When a non-network originated identity is received from the user, the non-network originated identity from the user is compared with the at least one non-network originated identity from the data storage. The user is authenticated if the comparison is valid.

Abstract: This specification describes technologies relating to imparting cryptographic information in network communications.

Abstract: Techniques are described for facilitating interactions between computing systems, such as by performing transactions between parties that are automatically authorized via a third-party transaction authorization system. In some situations, the transactions are programmatic transactions involving the use of fee-based Web services by executing application programs, with the transaction authorization system authorizing and/or providing payments in accordance with private authorization instructions previously specified by the parties. The authorization instructions may include predefined instruction rule sets that regulate conditions under which a potential transaction can be authorized, with the instruction rule sets each referenced by an associated reference token.

Abstract: An improved interactive network system is provided that allows the Network Operator to control the transfer of information to and from the network end users, the system preferably using triggers or markers embedded within the programming broadcast to users via the network. As a consequence of this system, the Network Operator is able to efficiently garner revenues from third parties transacting business over the network and to control the look and feel of programming offered to network users. Additionally the system can be used as a means of limiting network access, filtering programming, providing on-screen graphics or audible signals for particular programming types or providers, bookmarking programming, profiling network users, targeting advertising, and simplifying network transactions.

Abstract: In response to receiving an order (e.g., including payment for one or more software licenses), a license distribution manager allocates a specified number of software licenses for distribution to a corresponding customer's clients that utilize the licenses to operate software associated with a corresponding vendor software application. The license distribution manager can allocate one or more overdraft licenses for distribution to the customer in addition to the specified number of software licenses associated with the order. Accordingly, the license distribution manager can allocate extra software licenses (e.g., the overdraft licenses) and distribute more software licenses than are actually purchased by a respective customer. This enables the customer to use one or more provisional licenses (e.g., overdraft licenses) that support restricted use of the vendor's software application such as until the customer can replace the provisional licenses with corresponding purchased licenses.

Abstract: Techniques are described for facilitating interactions between computing systems, such as by performing transactions between parties that are automatically authorized via a third-party transaction authorization system. In some situations, the transactions are programmatic transactions involving the use of fee-based Web services by executing application programs, with the transaction authorization system authorizing and/or providing payments in accordance with private authorization instructions previously specified by the parties. The authorization instructions may include predefined instruction rule sets that regulate conditions under which a potential transaction can be authorized, with the instruction rule sets each referenced by an associated reference token.

Abstract: A system and method securely establishes a shared secret among nodes of a security appliance. The shared secret is established by distributing private keys among the nodes in accordance with a node ring protocol that uses a predetermined encryption algorithm to generate messages containing the keys. Briefly, each node is initially notified as to the number of nodes participating in the shared secret establishment. Each node generates a public-private key-pair, as well as a first message that includes the generated public key and an indication of the source of the generated public key (hereinafter “source generated public key”). The node then sends the first message to an adjacent node of the appliance. Upon receiving the first message, each node extracts the source generated public key from the message and stores the extracted information into a data structure of “partner” public keys.

Abstract: A joint subscriber management system includes a joint subscriber management unit for acting as a surrogate in performing a registration activity for enabling a receiver to receive a broadcast and/or an electronic commerce transaction. A reception unit receives a reception-limiting identification number of the receiver for receiving a specific broadcast, a broadcaster identification number of at least one broadcaster of a plurality of broadcasters, and registrant information concerning registration of a user allocated to the reception-limiting identification number. A generation unit generates a joint management identification number corresponding to the received reception-limiting identification number. A recording unit records the reception-limiting identification number, the joint management identification number, and the registrant information in a registrant information table in correspondence with one another.

Abstract: Computer operations whose execution would increase usage costs may require use of authorization and notification to prevent unauthorized execution. The computer operations may be designed to execute only if a authorization and notification routines are properly registered. The computer system customer establishes the authorization and notification requirements based on standard application programming interfaces to suit the customer's business practices and links the requirements to the computer operation. The computer operation determines if the authorization and notification are proper. If authorization is granted, the computer operation checks to see that the notification is proper, executes the computer operation, and then executes a notification module to notify the necessary personnel. Both authorization and notification routines return errors that are passed to the user through the computer operation.

Abstract: Metering is enabled through an arrangement in which a metering certificate is communicated to a mobile device using an over-the-air protocol. A metering trigger provides the metering certificate that includes a location to which metering data is posted by the mobile device and a public key of a public-private key pair, or alternatively provides a link to such metering certificate. A metering helper passes the metering certificate to a DRM system on the mobile device which collects metering data associated with the metering ID and uses the public key to encrypt the metering data into a metering challenge. The metering helper posts the metering challenge to the location. The metering service extracts the metering data from the metering challenge using a private key and generates a metering response that is received by the metering helper which prompts the DRM system to reset at least a portion of a data store in which the metering data is stored.

Abstract: A setting information distribution apparatus belonging to a first network, comprises: authentication unit that receives and authenticates an authentication request from a user terminal which requires an access authentication by using a network access authentication procedure between the user terminal and the first network; transmitting unit that transmits an authentication cooperation request which requires setting data to be set to the user terminal to another, network by using the network access authentication procedure and an authentication cooperation procedure between a plurality of networks; and distribution unit that distributes a first response message added with setting data to the user terminal by producing the first response message corresponding to the authentication request by adding the setting data included in a second response message corresponding to the authentication cooperation request.

Abstract: A communications system includes a first network that includes a plurality of entities and a router. The router includes a network address translator. A node is capable of communicating data units with entities in the first network. Each data unit includes security information, such as information according to the Internet Security Association and Key Management protocol (ISAKMP) and the Encapsulating Security Payload (ESP) protocol. The network address translator is adapted to convert a destination address in a received data unit from the node to an address of one of the entities based on the security information in the received data unit.

Abstract: A tamper-evident data management system uses public-private digital signature keys to control use of data and to ensure the fidelity of data that is stored on a customer's system for later collection by a computer vendor or that is sent to the vendor over a network. A computer system includes an application for collecting usage or metrics data from the computer system, for example. The metering application uses an application private key to digitally sign all metrics data prior to optionally storing the data in a data log file. The vendor can then use an application public key to validate the digitally signed entries. The digitally signed data entries may also be encrypted using a vendor public key prior to storage in the data log and may be decrypted using a vendor private key prior to validating the digitally signed data. The application and application private key may be stored on a smart card to discourage and detect tampering or may be stored on the computer system itself.

Abstract: A method of authorizing printing of a publication at a printer by a publisher in a network is provided, in which an alias identity of a user is created from both a sensing device identity and an application identity when the user interacts with a printed application tag associated with the publication using the sensing device, the publication is addressed to the user by the alias identity, the publication is signed using a private key of the publisher, the signed publication is sent to the printer, and it is confirmed that the signed publication may be printed at the printer by verifying the private key signature.

Abstract: An on-line service manages downloads of purchased digital content. Information regarding the digital content items that are purchased by each user and the terms of use of those purchased items is maintained. Information regarding the formats of digital content items that each device is adapted to receive is maintained. Upon determining that a user wishes to download a digital content item, the requested digital content is downloaded in an appropriate format for a particular digital device provided the recorded information indicates the content item has been purchased by the user and the download is within the quantity of downloads authorized by the terms of the purchase.

Abstract: A portable media player receives encrypted audio files and an encrypted content key from a central license server on the Internet. The media player supports digital rights management (DRM) by storing the encrypted audio file in its flash memory and disabling copying or playing of the audio file after a copy limit has been reached. The copy limit is a rule that is combined with the content key in a transfer key that can be encrypted together by the license server. The license server can detect cloning of the media player by reading a unique player ID from the player and detecting when too many accounts use the same unique player ID. The content key can be generated from polar coordinates of the unique player ID, player manufacturer, and song genre. A fingerprint sensor on the player can scan and compare the user's fingerprints to further detect cloning.

Abstract: A server architecture for a digital rights management system that distributes and protects rights in content. The server architecture includes a retail site which sells content items to consumers, a fulfillment site which provides to consumers the content items sold by the retail site, and an activation site which enables consumer reading devices to use content items having an enhanced level of copy protection. An activation site provides an activation certificate and a secure repository executable to consumer content-rendering devices which enables those content rendering devices to render content having an enhanced level of copy-resistance. The activation site “activates” client-reading devices in a way that binds them to a persona, and limits the number of devices that may be activated for a particular persona, or the rate at which such devices may be activated for a particular persona.

Abstract: A system, method and computer program product for guaranteeing a data transaction over a network are disclosed. When a data transaction between at least a server and a client is detected on a network, data transmitted via the network between the server and client during the data transaction is captured. At least one identifier is associated with the captured data. A timestamp is also generated for the captured data. The timestamp includes information therein identifying at least a portion of the identifier(s). The captured data, the identifier(s) and the timestamp are stored in one or more data stores. The identifier(s) associated with the stored captured data is also mapped to an entry in an index to permit retrieval of the stored data from the data store via the index.

Abstract: Disclosure of information is controlled selectively depending on users such that a plurality of users having different roles bearing no inclusive relation with one another can access the same area. Content is divided into a plurality of areas. For each of the areas obtained by division, secret keys (encryption/decryption keys in symmetric-key cryptography) are generated. The generated keys are encrypted using public keys in public-key cryptography, which are set in advance for the users depending on their respective roles. In the case where the content is to be disclosed to a plurality of users having different roles, the encryption of secret keys is performed separately for each user. These encrypted contents and encrypted secret keys are used to generate encrypted text.

Abstract: A novel method and apparatus for protection of streamed media content is disclosed. In one aspect, the apparatus includes control means for governance of content streams or content objects, decryption means for decrypting content streams or content objects under control of the control means, and feedback means for tracking actual use of content streams or content objects. The control means may operate in accordance with rules received as part of the streamed content, or through a side-band channel. The rules may specify allowed uses of the content, including whether or not the content can be copied or transferred, and whether and under what circumstances received content may be “checked out” of one device and used in a second device. The rules may also include or specify budgets, and a requirement that audit information be collected and/or transmitted to an external server. In a different aspect, the apparatus may include a media player designed to call plugins to assist in rendering content.

Abstract: This invention relates to a digital combined apparatus including an operation panel, a reader/writer which writes/reads data on/from a recording medium, and a controller which controls the operations of the operation panel and reader/writer. When the reader/writer reads out ID information of the user from the recording medium on which at least the ID information is recorded, the operation panel displays a user authentication window which prompts the user to input a password for identifying himself or herself.

Abstract: Using a password (?), a client (C) computes part (H1(<C,?C>) of the password verification information of a server (S), and together they use this information to authenticate each other and establish a cryptographic key (K?), possibly using a method resilient to offline dictionary attacks. Then over a secure channel based on that cryptographic key, the server sends an encryption (EE<C,?>(sk)) of a signing key (sk) to a signature scheme for which the server know a verification key (pk). The encryption is possibly non-malleable and/or includes a decryptable portion (E<C,?>(sk)) and a verification portion (H8(sk)) used to verify the decrypted value obtained by decrypting the decryptable portion. The signing key is based on the password and unknown to the server. The client obtains the signing key using the password, signs a message, and returns the signature to the server.

Abstract: The present invention discloses a system and methods for biometric security using hand geometry recognition biometrics in a transponder-reader system. The biometric security system also includes a hand geometry scan sensor that detects biometric samples and a device for verifying biometric samples. In one embodiment, the biometric security system includes a transponder configured with a hand geometry scan sensor. In another embodiment, the system includes a reader configured with a hand geometry scan sensor. In yet another embodiment, the present invention discloses methods for proffering and processing hand geometry scan samples to facilitate authorization of transactions.

Abstract: An examination apparatus includes a receiving part, an acquisition part, and an examination part. The receiving part receives a public key certificate and identification information of the communication device from the device, which conduct the authentication process by using the public key encryption and sends the public key certificate used for the authentication process only to a specific communication partner. The acquisition part acquires information showing the public key certificate corresponding to the identification information, from a location other than the device based on the identification information. And, the examination part examines the device based on whether or not the public key certificate received by the receiving part is proper, by referring to the information acquired by the acquisition part.

Abstract: In accordance with a broad aspect, a method is provided to securely configure a computing device. A configuration indication is received into the computing device, including receiving a digital signature generated based on the configuration indication. Generation of the digital signature accounts for a unique identifier nominally associated with the computing device. The received configuration indication is verified to be authentic including processing the unique identifier, the received configuration indication and the received digital signature. The computing device is operated or interoperated with in accordance with the received configuration indication. In one example, a service interoperates with the computing device. For example, the computing device may be a portable media player, and the service may provide media to the computing device based on a capacity indication of the configuration indication.

Abstract: An ad hoc network includes a first node, a second node, and a third node. The first node and second node share a first shared secret key, and the first node and third node share a second shared secret key. The second node and third node share a temporal key. The first node generates a unique key, encrypts the unique key with a first shared secret key to generate a first encrypted unique key and transmits the first encrypted unique key to the second node. The first node encrypts the unique key with a second shared secret key to generate a second encrypted unique key and transmits the second encrypted unique key to the third node. To establish the temporal key, the second node decrypts the first encrypted unique key and the third node decrypts the second encrypted unique key thereby each generating the unique key.

Abstract: A cellular phone company closes a contract with a user to the effect that the cellular phone company collects a predetermined basic charge from the user together with a communication charge. When the user intends to print out a contents, the user sends authentication information given to him/her to a contents server from his/her cellular phone. The contents server authenticates the user based on the authentication information, and sends contents data for browsing to the user's cellular phone, if authentication is successful. The user's cellular phone sends print request information to a printer. The printer acquires corresponding contents data for print-out from the contents server in accordance with the print request information, and prints out the contents. The cellular phone company collects the basic charge and the communication charge from the user based on the contract.

Abstract: A host securely transmits content to a peripheral thereof. The peripheral has a symmetric key (PK) and a copy of (PK) encrypted according to a public key (PU) of an entity ((PU(PK))). In the method, the host receives (PU(PK)) from the peripheral, and sends (PU(PK)) to the entity. The entity has a private key (PR) corresponding to (PU), applies (PR) to (PU(PK)) to obtain (PK), and sends (PK) back to the host. The host receives (PK) from the entity, encrypts at least a portion of the content according to (PK), and transmits the encrypted content to the peripheral. The peripheral may then decrypt the encrypted content based on (PK). A bind key (BK) encrypted by (PK) ((PK(BK))) may accompany (PU(PK)), where the content is to be encrypted according to (BK). Thus, (PK) is not revealed to the host.

Abstract: A method for authorizing a computer program having a number of features for use with a product includes: receiving license data generated using a first key, the license data specifying a unique identifier associated with the product and specifying at least one feature authorized for use with the product; using a second key associated with the first key, obtaining the unique identifier from the license data; retrieving a product identifier from the product; determining whether the unique identifier corresponds to the product identifier; and based on the determination, authorizing use of the at least one feature with the product.

Abstract: One embodiment of the present invention provides a system that can expire encrypted-data. During operation, the system receives an expiry-request that includes object-identifying information, which can be used to identify a set of database objects that contain the encrypted-data, wherein a database object can be a table, a partition, a row, or a column in a row. Furthermore, a database object can have an expiration time, and it can be stored in an archive, which is typically used to store large amounts of data for long periods using a slower, but cheaper storage medium than the storage medium used by the database. The system then identifies a set of keys for the encrypted-data using the object-identifying information. Next, the system deletes the set of keys, thereby expiring the encrypted-data. Note that, deleting the set of keys ensures that the secure key repository does not contain any stale keys associated with expired encrypted-data.

Abstract: An integrated circuit has a first component that has a dynamic characteristic that varies among like integrated circuits, for example, among integrated circuits fabricated using the same lithography mask. Operating the first component produces an output that is dependent on the dynamic characteristic of the first component. A digital value associated with the integrated circuit is generated using the output of the first component, and then the generated digital value is used in operation of the integrated circuit.