Abstract: Provided in a reception device (10) for receiving a transmission signal (US) in which, adhering to a communications protocol, reception data (ED) can be transmitted to the reception device (10) from a transmission device (2, 3) are reception means (12) for receiving the transmission signal (US), and evaluation means (16) for evaluating the received transmission signal (US) and for emitting a bit sequence (BFT) received in the transmission signal (US), which bit sequence (BFT) may contain bits of reception data (ED) transmitted from the transmission device (2, 3) but also bits (SB) occasioned by an interference to the transmission signal (US), and checking means (18) for checking whether the received bit sequence (BFT) infringes a rule of the communications protocol, wherein the reception device (10) is designed to continue with the reception of the transmission signal (US) and the checking of the received bit sequence (BFT) following the occurrence of an infringement of the communications protocol.

Abstract: Performing a hash algorithm in a processor architecture to alleviate performance bottlenecks and improve overall algorithm performance. In one embodiment of the invention, the hash algorithm is pipelined within the processor architecture.

Abstract: A security model restricts binary behaviors on a machine based on identified security zones. Binary behaviors can be attached to an element of a document, web-page, or email message. The binary behavior potentially threatens security on the local machine. A security manager intercepts download requests and/or execution requests, identifies a security zone for the requested binary behavior, and restricts access based on the security zone. The binary behavior can identify a security zone according to the related URL. In one example, all binary behaviors associated with a security zone are handled identically. In another example, a list of permissible binary behaviors is associated with a security zone such that only specified binary behaviors are granted access. In still another example, a list of impermissible binary behaviors is associated with a security zone such that binary behaviors that are found in the list cannot initiate access.

Abstract: A system for generating secure documents includes a station for generating a plain document and a security image generator that generates a security image. The security image is then incorporated into the plain document. Each security image consists of a plurality of secure elements, each secure element being defined by two sets of parallel lines. Each secure element defines an alphanumeric character or other unique image that is visible under certain conditions, i.e., when inspected through a viewer. The technique can also be used to provide security images on a web page as a means of indicating that the web page is genuine.

Abstract: In response to a command to start restrictions on a communication service of a computer, the communication service is restricted by a countermeasures apparatus which replaces the communication address of a second computer, which has been stored in a first computer, with the communication address of the countermeasures apparatus, and replaces a communication address of the first computer, which has been stored in the second computer, with the communication address of the countermeasures apparatus. Accordingly, the countermeasures apparatus acquires a packet from the first computer to the second computer and determines whether or not this acquired packet is to be transmitted to the second computer.

Abstract: Ambient calculus-based modal logics for mobile ambients are disclosed. Formal analysis mechanisms or frameworks with which mobile ambients can be described, and within which policies such as security policies can be tested against those ambients, are disclosed. In one embodiment, a computer-implemented method receives at least one container, where each container has at least one process. The method applies the containers, including their processes, against a predetermined modal logic. The modal logic is based on ambient calculus, and provides for spatial relationships among the processes of the containers. The containers and their processes are output, as applied against the logic.

Abstract: To provide a content distribution system which can prevent use of content which has been temporarily stored after the valid period. A content distribution system (1) including a license server (101) which issues a license, a content server (102) which transmits the content, a terminal device (103) which controls use of the content based on the issued license. The terminal device (103) does not allow the use of the received encrypted content when it is judged that the encrypted content received from the content server (102) is not the content received in real time.

Abstract: When a computer system including a data storage apparatus having a data storage area storing encrypted data is modified to have plural encryption/decryption units, a computer cannot appropriately use the encrypted data storage area if a path including the encryption/decryption means is not adequately determined.

Abstract: In one embodiment, a network comprises a plurality of nodes that communicate with one another. A first node included in the plurality of nodes generates a plan comprising a plurality of marker states. Each marker state comprises a value for a property associated with the first node. When the first node broadcasts information indicative of a given marker state included in the plan, at least one node other than the first node verifies the value of the property included in the given marker state.

Abstract: A quantum-cryptographic communication system for quantum-cryptographic communication in an optical network, including a transmitter for transmitting a packet signal having a light pulse train representing an address and a single photon pulse train for quantum cryptography, and a router including a header analyzer for extracting the address information from the light pulse train of the packet signal and a gate switch for selecting one of the optical fibers. The router routes the packet signal by selecting an optical fiber used for the next transmission path according to the extracted address information by the header analyzer and by switching the path to the selected optical fiber by the gate switch.

Abstract: An authorization system is described that includes a first interface, a processing system, and a second interface. The first interface is configured to receive an authorization instruction from an enterprise and receive an authorization request from a user device. The authorization instructions indicate authorization parameters. The user device transfers the authorization request each time the application is selected for execution. The authorization instructions are based on a license obtained by the enterprise for an application and wherein a user device operated by a user has the application. The processing system is configured to process the authorization request and authorization parameters to determine if the execution of the application is authorized. The second interface is configured to transfer an authorized message to the user device if the execution of the application is authorized and transfer an unauthorized message to the user device if the execution of the application is not authorized.

Abstract: A cryptography device which reduces side channel information including a first computing block adapted to either encrypt or decrypt received first input data and to output the encrypted or decrypted first input data as first output data at a first data output, a second computing block adapted to either encrypt or decrypt received second input data and to output the encrypted or decrypted second input data as second output data at a second data output, and a control unit connected to the first and second computing blocks and adapted in a first operating condition on the one hand to partially or completely assign the first output data to the first computing block as the first input data and on the other hand to completely or partially assign the first output data to the second computing block as part of the second input data.

Abstract: A method and apparatus for logging based identification are described. In one embodiment, the method comprises extracting entries of a hash chained log that represents a series of previous transactions. The method may also comprise ordering hash values of the entries extracted from the hash chained log into an ordered list. In one embodiment, the method may further comprise producing a cryptographic hash of the ordered list.

Abstract: An indexing value may be determined, transparently with respect to a requester, based on a desired plaintext item of data and a cryptographic key. The indexing value may be used to access an entry in an indexing structure to obtain a corresponding database entry which includes a non-deterministically encrypted ciphertext item. In another embodiment, an indexing structure for a database may be accessed. Positions of items of the indexing structure may be based on corresponding plaintext items. References related to the corresponding plaintext items in the indexing structure may be encrypted and other information in the indexing structure may be unencrypted. A portion of the indexing structure may be loaded into a memory and at least one of the encrypted references related to one of the plaintext items may be decrypted. The decrypted reference may be used to access a corresponding non-deterministically encrypted data item from the database.

Abstract: A method and system for ensuring system security is disclosed. The method and system split a regular expression that corresponds to a number of patterns into sub-expressions. The dependency relationships among the finite automata that correspond to the sub-expressions are maintained. Then, as data units are put through these finite automata in a sequence that is based on the dependency relationships, suspected data units are identified. The suspected data units are the ones containing content that collectively matches one or more of the aforementioned patterns. Identification of the suspected data units is based on the merged results of the finite automata. Depending on the result of identifying the suspected data units, different actions are performed.

Abstract: A network connection system includes a client apparatus, an authentication server, and a connection server. The authentication server authenticates a user of the client apparatus and transmits a network address of the client apparatus to the connection server. When information indicating the transition to a connection wait state is received from the connection server, the network address of the connection server is transmitted to the client. The client apparatus transmits an encrypted user name and password to the network address. The connection server 11 conducts authentication using the encrypted user name and password.

Abstract: An apparatus and a method for validating compressed encrypted archive keys is described. In one embodiment, a pseudo-stream is generated for an archive. The pseudo-stream is made of a small amount of random text. The pseudo-stream is attached to a stream of the archive. The pseudo-stream and stream are compressed using the compression algorithm that includes validation data. The compressed pseudo-stream is then enciphered with an archive key.

Abstract: Searching for codes hidden in texts, such as the Bible, may involve application of a cipher to the text and then searching the enciphered text for codes.

Abstract: A recording medium including at least a lead-in region, a recording region in which information is recorded, and a lead-out region. In this configuration, medium information including medium identification information and relevant information is recorded in at least any one of the lead-in region, the recording region, and the lead-out region.

Abstract: Various embodiments are described herein for a mobile communication device that authenticates a smart battery prior to use. The mobile device includes a main processor and a device memory. The device memory stores first and second portions of security information used for authentication. The smart battery includes a battery processor and a battery memory. The battery memory stores a third portion of security information used for authentication. The main processor sends an authentication request including the first portion of security information to the battery processor, and the battery processor generates a response based on the first and third portions of security information and sends the generated response to the main processor. The smart battery is authenticated if the generated response matches the second portion of security information.

Abstract: Methods and systems are provided that allow multiple identity-based digital signatures to be merged into a single identity-based “aggregate” digital signature. This identity-based aggregate signature has a shorter bit-length than the concatenation of the original unaggregated identity-based signatures. The identity-based aggregate signature can be verified by anyone who obtains the public keys of one or more Private Key Generators (PKGs), along with a description of which signer signed which message. The verifier does not need to obtain a different public key for each signer, since the signature scheme is “identity-based”; the number of PKGs may be fewer than the number of signers.

Abstract: An anti-virus (AV) system based on a hardware-implemented AV module for curing infected computer systems and a method for updating AV databases for effective curing of the computer system. The hardware-based AV system is located between a PC and a disk device. The hardware-based AV system can be implemented as a separate device or it can be integrated into a disk controller. An update method of the AV databases uses a two-phase approach. First, the updates are transferred to from a trusted utility to an update sector of the AV system. Then, the updates are verified within the AV system and the AV databases are updated. The AV system has its own CPU and memory and can be used in combination with AV application.

Abstract: A password authentication mechanism is capable of determining whether a password has expired without referring to a database or other information repository. Additional information can be encoded in the password without unduly lengthening the password, so that the additional information can be extracted from the password when the user provides the password for authentication purposes. Thus, the password serves as an information-carrying data item as well as acting as an authentication mechanism. Such a password can be used, for example, to provide time-limited access to a vehicle in response to receipt of timely payment, and to disable the vehicle if payment is not made.

Abstract: System and method for verifying the authenticity of executable images. The system includes a validator that determines a reference digital signature for an executable image using the contents of the executable image excluding those portions of the executable that are fixed-up by a program loader. The validator then subsequent to the loading of the executable image determines an authenticity digital signature to verify that the executable image has not been improperly modified. In addition, the validator ensures that each of the pointers in the executable image have not been improperly redirected.

Abstract: A method is described that involves identifying a configuration file in response to a desire to obtain security services. The configuration file describes a security policy tailored for use in the environmental condition set under which the desire arose. The identifying is based upon at least a portion of the environmental condition set. The method also involves using information found within the configuration file to configure code that performs authentication and authorization services so that the code will implement the security policy.

Abstract: A unified and universal management system for one or more items of cryptographic equipment, comprising a federating portal that is adapted to allow a user to access services, one or more interfaces for the interchange of information between the management system and equipment outside the system, one or more modules having one or more sub-modules or technological bricks suitable to carry out a unified and universal management method.

Abstract: A method, system and article for encrypting data by applying an encryption process, wherein the encryption process includes storing progress data relating to the progress of the encryption process so that the encryption process may be resumed after an interruption. Even more specifically, after the interruption, progress data relating to the progress of the encryption process is accessed. Portions of the progress data are compared to determine the last encrypted data segment. After the last encrypted data segment, the encryption process at the data segment is resumed.

Abstract: A security mechanism affords data recovery engineers the ability to access and recover secure data from user files without knowledge of the user's password. The mechanism uses a launcher application to access the database by establishing a temporary, restricted user session. The launcher application also passes a handle to an industry standard database tool, allowing the data recovery engineer to recover the user file data. The recovered data then can be accessed by the software application.

Abstract: In a signature-based duplicate detection system, multiple different lexicons are used to generate a signature for a document that comprises multiple sub-signatures. The signature of an e-mail or other document may be defined as the set of signatures generated based on the multiple different lexicons. When a collection of sub-signatures is used as a document's signature, two documents may be considered as being duplicates when a sub-signature generated based on a particular lexicon in the collection for the first document matches a signature generated based on the same lexicon in the collection for the second document.

Abstract: Accumulated proof-of-work approaches for protecting network resources against denial-of-service attacks are disclosed. A client computer or other requester is required to perform work, such as repeatedly hashing a message until a specified number of bits is zero, as a condition for accessing a resource. Proof of the work performed by a legitimate requester is accumulated across multiple requests, so that established users of a resource are not penalized when proof-of-work is used to prevent a denial of service attack. Requesters who cannot show accumulated work greater than a specified threshold are required to perform additional work. In certain embodiments, work may be accumulated only within a specified time window, and the threshold may vary according to resource capacity or loading. Proof-of-work values may be communicated between the user and the resource in cookies.

Abstract: A system and method for enhanced security for external system management. A request to manage a system is received from a client at an interface. A determination is made whether a level of security is desired for the interface. If a level of security is desired for the interface, then identification information is obtained from the request and is converted into a format that is compatible with the system to be managed. A determination is made whether the system provides authorization for the client to manage the system.

Abstract: When a channel which is not scrambled is selected, an error occurs in a digital stream processed in a CA processing module, which causes noises to occur in video and audio signals to be viewed. If a FAT channel to be received is a channel that is not CA-scrambled, a digital stream is directly supplied from a FAT demodulator to a demultiplexer without passing the digital stream through an external processing module. As a result, no noise occurs in video and audio signals to be viewed because the video and audio signals are not influenced by an error of the digital stream that occurs in the processing module.

Abstract: A disclosed image forming apparatus has a cryptographic unit for performing a cryptographic function. The image forming apparatus includes a first managing unit for managing data representing first lists of cryptographic strengths authorized to be used separately for each subject that uses the cryptographic function; and a second managing unit for managing data representing a second list of cryptographic strengths set for the image forming apparatus. The cryptographic unit obtains the first list of the cryptographic strengths authorized to be used for the subject attempting to use the cryptographic function from the first managing unit. The obtained first list of the cryptographic strengths and the second list of the cryptographic strengths are logically multiplied to produce one or more first logical multiplication cryptographic strengths. The one or more first logical multiplication cryptographic strengths are usable to perform the cryptographic function.

Abstract: A technique for sanitizing data storage devices, such as magnetic disks, is disclosed. Logical data storage units such as files or portions thereof may be individually deleted and sanitized on a disk. A disk is divided into physical disk regions, each comprising one or more blocks. The contents of the disk are encrypted using a separate encryption key for each physical disk region. If a file or other data structure located in a first disk region and encrypted using a first encryption key is to be deleted, the logical portions (i.e., blocks) of that region that do not belong to the file are re-encrypted using a second encryption key, and the first encryption key is deleted.

Abstract: A software update device capable of communicating with a target update device via a network, the software update device including: a certification information setting unit for generating a first certification information, and transmitting the first certification information to the target update device via a first communication path; a certification requesting unit for transmitting a second certification information to the target update device, and requesting the target update device to execute a certification process with the first and second certification information; and a transmitting unit for transmitting an update software for updating a software of the target update device to the target update device via a second communication path when the certification process succeeds, the second communication path having a process load less than that of the first communication path.

Abstract: It is an object of the present invention to provide a wireless chip in which a hardware thereof is not required to be modified in each time that encryption algorithm with higher security is developed. In a wireless chip, a circuit capable of communicating information by wireless communication, a CPU, and a memory are included. In the memory, two or more regions, of each a region to which an encryption program is assigned and a region to which a decryption is assigned, are included. Accordingly, a wireless chip in which an encryption/decryption program can be rewritten without modifying a hardware structure can be provided.

Abstract: A computing system comprising a pocket personal computer and a reader are disclosed. The pocket PC is credit card-sized and comprises flash memory, and optionally a processor and a GPS chip. In some embodiments, the pocket PC also includes an operating system. The reader includes a monitor, a keyboard with docking port and an optional processor and at least one input/output USB connector. A user cannot interact with the pocket PC without the reader. The reader is a non-functioning “shell” without the pocket PC, however, when they are connected the system becomes a fully functional personal computer. To log on, a user provides security information, for example, a password or biometrics, such as fingerprints. The credit card size and capabilities of the pocket PC allows a user to easily carry virtually their entire computer in a pocket for use anywhere there is a reader.

Abstract: Provided is a technology with which an electronic document including a plurality of elements such as texts and images may be partially encrypt and decrypt. An encryption-processing control unit receives a selection of electronic data included in an electronic document and a selection of an encryption key for encrypting the electronic data from among encryption keys stored in a storing unit. The encryption-processing control unit generates encrypted area data including partially encrypted data obtained by encrypting the selected electronic data with the selected encryption key, positional information for specifying a position of the selected electronic data in the electronic document, and decryption information including information that may specify a decryption key with which the partially encrypted data may be decrypted, and adds the encrypted area data to the electronic document.

Abstract: A reader for interacting with a credit-card-sized pocket personal computer is disclosed. The reader and pocket PC comprise a computing system. The system comprises storage, a processor, a GPS chip and an operating system. The reader includes at least one input device such as a keyboard and at least one output device such as a display. A user cannot interact with the pocket PC without the reader. The reader is a non-functioning “shell” without the pocket PC, however, when they are connected the system becomes a fully functional personal computer. To log on, a user provides security information, for example, a password or biometrics, such as fingerprints. The credit card size and capabilities of the pocket PC allows a user to easily carry virtually their entire computer in a pocket for use anywhere there is a reader. In addition, the pocket PC provides security against unauthorized use, even if lost or stolen, since a password or fingerprints are required to access to the device.

Abstract: A system and method for preventing tampering and unauthorized access to digital data stored on a device. The system can include 1) a data store for containing digital data to be protected and a listing of processes permitted to access the digital data, 2) a filter driver for intercepting a request issued from a process to access the digital data, 3) a central processor, in communication with the data store, upon receipt of a notification of the intercepted request from the filter driver, deciding to grant or deny the request by determining whether the process issuing the request is on the listing of processes permitted to access the digital data, and 4) a monitor process for monitoring one or more software components of the system including the central processor, filter driver, and data store, and for identifying and preventing any unauthorized processes from accessing and tampering with the software components of the system.

Abstract: In the system which stores data sent out from an external equipment temporarily in a storage apparatus to output, to ensure the security of data during the storage period, there has been a conventional technique for the encryption of all received data. However, the encryption of all received data causes an increase of the load on the encryption processing and it causes such problems that much time is spent in processing of the system and efficiency is bad. In the invention, a NIC determines whether or not the data received from a host apparatus requires the encryption, and when it is determined that the data requires the encryption, the encryption processing of the data is carried out.

Abstract: The method employs interrelated cryptographic processes and protocols to provide reliability to vote casting, ballots recount, and verification of vote or poll results. These cryptographic processes and protocols jointly constitute a cryptographic voting scheme capable of meeting the specific reliability requirements of an electronic voting where voters remotely cast their votes. These reliability requirements include voter authentication and privacy; accurate results, the impossibility of coercion and sale of votes, verifying the final results and, if necessary, the secrecy of intermediate results before completing the vote or poll. The cryptographic voting method minimizes the confidence level to be placed on any of the electronic voting individual party and participants.

Abstract: This system relates to a secure encryption/decryption protocol for elevator displays and controls. The protocol uses an algorithm to scramble information before transmission and reassemble it after transmission. The system uses at least one block of data assembled into unencrypted N-bits of information. An encryption device encodes the data into at least one block of encrypted M-bits of information. A data encryption mask provides an encryption routine which also includes scrambling the data.

Abstract: The invention relates to a method for the provision of a device code for an electronic device, which is at least required for the first commissioning of the device code, whereby the device is inoperable without the input of the device code. The method is characterized in that the following procedural steps are carried out: Storage of a device number and an appropriate device code in a database, delivery of the device to a further processing site and readout of the device code stored in the database in conjunction with the device number, whereby the previous or simultaneous storage of a selected code number in the database in conjunction with the device number is required for readout.

Abstract: A digital watermarking method receives multimedia data, such as images or audio, in compressed or uncompressed form, and extracts a digital watermark while counteracting geometric distortions. To counteract geometric distortion, a watermark reading process translates the data before extracting the digital watermark. The reading process operates on compressed data such as JPEG or MPEG images, which are comprised of compressed blocks of image data.

Abstract: The present invention relates to an identification document for a subject. The identification document includes a substrate, and a visual image formed on the substrate. The visual image includes a face image of the subject in a first area, and invisible but retrievable embedded information formed in the face image in the first area but not formed in a second area of the visual image. The embedded information corresponds to the identity of the subject and is usable to identify the subject.

Abstract: An electronic apparatus that allows data to be written efficiently to an EEPROM with provisions made to greatly reduce the risk of the data stored in the EEPROM being altered in the field, and a production method for the same are achieved. The method is the production method for the electronic apparatus which comprises a board having a separable region and mounted with a central processing unit, an electrically alterable nonvolatile storage device, and a connector mounted on the separable region, and is configured so that when the region is separated, data cannot be written to the storage device by directly controlling an internal circuit of the central processing unit, and the production method for the electronic apparatus comprises: a writing step of writing data to the storage device by connecting an external apparatus to the connector and by directly controlling an internal logic circuit of the central processing unit; and a separating step of separating the region after the writing step.

Abstract: A method for authenticating a document in which a document key for the document is generated by examining one or more attributes of a physical media that underlies the document. An original image is then imparted onto the physical media so that the original image is associated with the document key in a way that enables a subsequent recovery of the document key from the original image. This tying together of the underlying physical media, through the document key, with an original image enables detection of a forgery which was performed either through an alteration of the original image, or ink stripping and re-printing, or a printing of the original image on another physical media.

Abstract: A method and circuit for preventing external access to secure data of an integrated circuit while supporting DFT is disclosed. In accordance with the method the integrated circuit is automatically placed into the test mode at integrated circuit power-up from a power-down state. At power up, secure data is other than present within a secure data-path of the integrated circuit. Access is provided to the secure data path via a second data path coupled with the first secure data-path. Via the access path, data other than secure data is provided to the integrated circuit, the data for performing test functions of the integrated circuit operating in the test mode. Once data other than secure data is provided to first secure data path, the test mode is terminated and access via other than the secure ports is disabled. The test mode is only re-entered by powering down the integrated circuit and re-initialising it.

Abstract: There is provided a license devolution system for devolving the right of using as to contents. The license devolution system makes it possible to copy or distribute contents while contributing to a protection of the copyright for the contents. Contents is encrypted with a first key. The first key and use information are encrypted with a second key consisting of a media ID for identifying a first storage medium in which the first key and the use information are stored. In order to devolve the right of using as to the contents, the contents is transferred to a second storage medium of a destination of devolution in the form of encryption. The first key and the use information are decoded with the media ID of the first storage medium, and further encrypted with the media ID of the second storage medium of the destination of devolution into storage in the second storage medium of the destination of devolution.