Abstract: The remote servicing of a secure computer system employs an intermediate network entity accessible to both a remote service provider and to an agent running on the secure computer system to be serviced. A service provider's computer runs a manager software module, while the system being serviced, or an agent on its behalf, runs an agent software module. An intermediary software module runs on the intermediate network entity. The mutually accessible intermediate network entity may be located outside firewalls protecting the system to be serviced or inside such firewalls though with the firewalls configured to allow selected access. Access to the intermediate network entity is limited by secure access protocols. After authentication, the manager submits to the intermediary one or more directives to be executed by the agent. The intermediary then sends the directives to the agent over a secure connection to the agent.

Abstract: A system, method and computer program product for guaranteeing a data transaction over a network are disclosed. When a data transaction between at least a server and a client is detected on a network, data transmitted via the network between the server and client during the data transaction is captured. At least one identifier is associated with the captured data. A timestamp is also generated for the captured data. The timestamp includes information therein identifying at least a portion of the identifier(s). The captured data, the identifier(s) and the timestamp are stored in one or more data stores. The identifier(s) associated with the stored captured data is also mapped to an entry in an index to permit retrieval of the stored data from the data store via the index.

Abstract: A system and method for enabling broadcast programs to be copied once only by consumer recorders includes writing a unique media identification on each blank disk to which content is to copied in a read-only area of the disk before it is initially recorded. Also, a one-way key management media key block is written to the disk. A content key is derived by combining a media key, derived from the media key block, with the media identification. Additionally, to facilitate copying the content one time only, an exchange key is established between the recorder and a sender such as a satellite receiver or a disk player that is associated with the recorder, and the exchange key is modified with special numbers representing control commands including copy once and copy no more. The exchange key is then encrypted using the content key and then hashed with a nonce to render a bus content key. The bus content key is then used to encrypt the data for copying the data to a disk.

Abstract: A method and system for a source device to simultaneously perform authentication and key exchange (hereinafter referred to as “AKE”) protocols with multiple sink devices. In a communication network that comprises a source device and multiple sink devices in compliance with the 5C Digital Transmission Content Protection specification, the present invention discloses a method and system for using a multiple client state machine comprising a multiple client state machine table to allow the source device to track at which stage each sink device is undergoing within a 5C DTCP AKE protocol. Specifically, an embodiment allows the source device to receive an audio/video control command or response associated with the 5C DTCP AKE protocol from a particular sink device, access the table to determine at which stage that sink is undergoing within the 5C DTCP AKE protocol, and process the AV/C command or response depending on that stage.

Abstract: A semiconductor memory card comprising a control IC 302, a flash memory 303, and a ROM 304. The ROM 304 holds information such as a medium ID 341 unique to the semiconductor memory card. The flash memory 303 includes an authentication memory 332 and a non-authentication memory 331. The authentication memory 332 can be accessed only by external devices which have been affirmatively authenticated. The non-authentication memory 331 can be accessed by external devices whether the external devices have been affirmatively authenticated or not. The control IC 302 includes control units 325 and 326, an authentication unit 321 and the like. The control units 325 and 326 control accesses to the authentication memory 332 and the non-authentication memory 331, respectively. The authentication unit 321 executes a mutual authentication with an external device.

Abstract: A method and system for identifying a work in a data transfer. In accordance with this invention, a data transfer is received. The media content of a work is then read from the data transfer. The media content is then used to generate a fingerprint of the work. The fingerprint is then used to identify the work. A report including the identity of the work is then generated.

Abstract: A system for controlling the distribution and use of digital works using digital tickets. In the present invention, a “digital ticket” is used to entitle the ticket holder to exercise some usage right with respect to a digital work. Usage rights are used to define how a digital work may be used or distributed. Each usage right may specify a digital ticket which must be present before the right may be exercised. Digital works are stored in repositories which enforce a digital works usage rights. Each repository has a “generic ticket agent” which punches tickets. In some instances only the generic ticket agent is necessary. In other instances, punching by a “special ticket agent” residing on another repository may be needed.

Abstract: A media object authentication system uses layers of security features based on digital watermarks embedded in media objects. The system generates a first digital watermark with a message payload carrying data about the object, such as a hash of text data printed on the object. The first digital watermark is combined with a content signature derived from features of the media object, such as frequency domain attributes, edge attributes, or other filtered version of the media signal (e.g., image photo on a secure document) on the media object. This combination forms a new digital watermark signal that is embedded in the host media object. To verify the object, the digital watermark payload is extracted and compared with the data about the object. The combined digital watermark and content signature is also evaluated to authenticate the media signal on the media object.

Abstract: A tokenless authorization of an electronic check between a payor and a payee using an electronic identicator and at least one payor bid biometric sample is described. The method comprises a payor registration step, wherein the payor registers with an electronic third party identicator at least one registration biometric sample, and at least one payor checking account data. An electronic financial transaction is formed between the payor and the payee, comprising at least one payor bid biometric sample, wherein the bid biometric sample is obtained from the payor's person, in a transaction formation step. Preferably in one transmission step the payor bid biometric sample is electronically forwarded to the electronic identicator. A comparator engine or the identification module of the electronic identicator compares the bid biometric sample with at least one registered biometric sample for producing either a successful or failed identification of the payor.

Abstract: The present invention relates to an optical disc authentication method and apparatus. The method, wherein each disc has a plurality of ways and a plurality of sectors in each way, includes the steps of measuring the quantity of sectors in each of a defined quantity of ways to provide a disc fingerprint comprising way sector quantity values for an original disc and a target disc and authenticating the target disc.

Abstract: The present invention provides an encryption system, by which it is possible to safely distribute a common crypt key for decrypting data on an encrypted DVD-ROM by simple devices and procedure. A terminal equipment 1 comprises a DVD-ROM drive, means for sending a key data request to a center device via communication line, and means for decrypting the encrypted common crypt key using a combination of a part of BCA data and a membership number. A center device 2 comprises means for authenticate a user by searching a user data base 23 in response to the key data request, means for obtaining BCA data of the user by searching a BCA data base 21, means for obtaining a common crypt key by searching a key data base 22, and means for encrypting and transmitting the common crypt key using a combination of a part of BCA data and a membership number.

Abstract: A digital media distribution system includes a distribution center and an utilization device that communicates with, and receives digital media from, the distribution center. Restrictions are transferred with the digital media that limit the use of the digital media on the utilization device independently of the distribution center.

Abstract: A semiconductor integrated circuit is provided, which includes: a first circuit; a second circuit; a data BUS; and first and second encryption/decryption circuits for encrypting/decrypting data transmitted between the first and second circuits on the data bus. The first encryption/decryption circuit is for encrypting data output from the first circuit, outputting the encrypted data to the data BUS, decrypting an encrypted data received from the second encryption/decryption circuit, and providing the decrypted data to the first circuit. The second encryption/decryption circuit is for decrypting the encrypted data received from the first encryption/decryption circuit, providing the decrypted data to the second circuit, encrypting data output from the second circuit, and outputting the encrypted data to the data BUS.

Abstract: A system, method and article of manufacture are provided for remotely controlling content stored on a local computer connected to a network system such as the Internet. The invention allows content such as DVD Video content to be locked so that play can only be accomplished through verification of user identity and also allows augmentation and supplementation of the content provided by the video from a remote server. In addition, upon verification of user client credentials, the present invention allows the locally stored content to be supplemented with additional content delivered over the network system. Furthermore, the present invention allows content stored locally on a client device to be remotely controlled to play synchronously on a plurality of client devices.

Abstract: A cable television system provides conditional access to services. The cable television system includes a headend from which service “instances”, or programs, are broadcast and a plurality of set top units for receiving the instances and selectively decrypting the instances for display to system subscribers. The service instances are encrypted using public and/or private keys provided by service providers or central authorization agents. Keys used by the set tops for selective decryption may also be public or private in nature, and such keys may be reassigned at different times to provide a cable television system in which piracy concerns are minimized.

Abstract: The method of cryptological authentification in a scanning identification system comprising a base station, which supplies energy via the alternating field to a transponder connected to the object to be identified, includes the following method steps. For essentially the entire communication between the base station and the transponder, the base station generates an inquiry signal. Upon receiving the inquiry signal transmitted by the base station, the transponder responds with an identification number stored in its memory. The base station then encodes a first bit sequence it has generated by using a key bit sequence that is allocated to the identification number of the transponder, and transmits the second bit sequence obtained in this manner to the transponder. When the second bit sequence is received, the transponder generates a checking bit sequence from the second bit sequence, and, following the complete reception of the second bit sequence, transmits this checking bit sequence to the base station.

Abstract: A method of authenticating a pair of correspondents C,S to permit the exchange of information therebetween, each of the correspondents having a respective private key, e, d and a public key, Qu, and Qs derived from a generator element of a group and a respective ones of the private keys e,d, the method comprising the steps of: a first of the correspondents C generating a session value x; the first correspondent generating a private value t, a public value derived from the private value t and the generator and a shared secret value derived from the private value t and the public key Qs of the second correspondent; the second correspondent generating a challenge value y and transmitting the challenge value y to the first correspondent; the first correspondent in response thereto computing a value h by applying a function H to the challenge value y, the session value x, the public value an of the first correspondent; the first correspondent signing the value h utilizing the private key e; the first correspondent

Abstract: At least one musical composition is transmitted via a digital video disc together with bonus information relating to the musical composition and an approved interactive data required when a user accesses the bonus information. An arbitrary interactive data is entered by the user accessing the bonus information. The transmitted musical composition is reproducible regardless of the entered interactive data. However, a reproduction of the bonus information is allowed only when the entered interactive data agrees with the approved interactive data.

Abstract: Method and system for issuing and using anonymous and pseudonymous prepaid payment cards through the existing credit card and debit card infrastructure.

Abstract: The invention relates to a process of restriction the access of a terminal to a telecommunication network. The invention includes using the current user authentication procedure usually implemented in telecommunications systems for authenicating users, so as to verify the users's rights of access in relation to certain criterions, such as, the destination of the call, its time, and its duration.

Abstract: A method for providing authentication, authorization and access control of software object residing in digital set-top terminals creates a fingerprint (“signature”) for each software object, associates each fingerprint with a service tier, encodes each association and creates an association table containing the information and downloads the association table to the digital set-top terminal. In addition, the method utilizes an entitlement management message, sent to each set-top terminal, indicating what software objects the set-top terminal may utilize, and provides a system routine at the digital set-top terminal that is invoked whenever software object is about to be utilized. The entitlement management message contains the access rights given to a particular set-top terminal, which must match the software object's access requirements for the software object to be utilized.

Abstract: A cable television system provides conditional access to services. The cable television system includes a headend from which service “instances”, or programs, are broadcast and a plurality of set top units for receiving the instances and selectively decrypting the instances for display to system subscribers. The service instances are encrypted using public and/or private keys provided by service providers or central authorization agents. Keys used by the set tops for selective decryption may also be public or private in nature, and such keys may be reassigned at different times to provide a cable television system in which piracy concerns are minimized.

Abstract: A tokenless authorization of an electronic check between a payor and a payee using an electronic third party identicator and at least one payor bid biometric sample is described. The method comprises a payor registration step, wherein the payor registers with an electronic third party identicator at least one registration biometric sample, and at least one payor checking account. In a payee registration step, the payee registers a payee identification data with the electronic third party identicator. An electronic financial transaction is formed between the payor and the payee, comprising payee bid identification data, a transaction amount, and at least one payor bid biometric sample, wherein the bid biometric sample is obtained from the payor's person, in a transaction formation step. Preferably in one transmission step the payee bid identification data, the transaction amount, and payor bid biometric sample are electronically forwarded to the third party electronic identicator.

Abstract: The present invention provides a signing apparatus used for signing by a user on usage information of a source provided in a format made available by the use of key information. The apparatus includes a unit for generating the usage information which is to be signed, a unit for performing a first computation by utilizing the key information which has been encrypted and the usage information, a unit for performing a second computation by utilizing a user's private key and a result of the first computation. The apparatus further includes a unit for performing a third computation by utilizing a result of the second computation, and thereby generating the key information which has been decrypted and a result of the computation performed on the usage information by utilizing the user's private key. The apparatus further includes a unit for making the source available by utilizing the decrypted key information.