Abstract: A method and system for synthesizing electronic watermarks is disclosed. The method includes generating electronic watermark sounds for music data by converting harmonic overtones that match the music data into signals. The generated electronic watermark sounds are then synthesized into the music data. The synthesized electronic watermark sounds and the music data are then output via various ways. In one embodiment, an encoded music file is generated, which can be sent to a recipient via a network or recorded on any of various recording media for distribution.

Abstract: A method of maintaining electronic medical records, comprising the steps of receiving a medical transaction record, encrypted with an encryption key relating to a patient association of the file, accessing the encrypted medical transaction record according to a patient association; and further encrypting the encrypted accessed medical transaction record with an encryption key associated with an intended recipient of the medical record. The system and method according to the present invention presents a new business model for the creation, maintenance, transmission, and use of medical records, allowing financial burdens to be reallocated, for example more optimally or equitably, to decrease overall societal cost, or simply to provide a successful business model for a database proprietor. Secure entrusted medical records are held in trust by an independent third party on behalf of the patient, serving the medical community at large.

Abstract: Consumers may utilize computing devices to assist in the purchase and/or loyalty process, and in particular, the consumer may utilize a PDA to facilitate the purchase and/or loyalty process. During the purchase and/or loyalty process, the consumer may need to insure that any content downloaded or used in association with the PDA is secure in how it is collected, assembled, and delivered to the PDA device. This system and method secures the data from its source to when it is actually viewed or used by the authorized user. The PDA may have direct access to an Internet web site portal that offers secure personal content from a content provider, such as, for example, an on-line banking or financial institution. Using the web site portal, the content provider may offer personal or confidential data, such as financial information, to PDA users in a secure (e.g., encrypted) environment.

Abstract: Inventive embodiments relate to a method and apparatus for packet transmission control and packet charge data generation on wired/wireless network, especially, the apparatus can control the packet transmission and measure the amount of packet. The apparatus receives a packet data through a network and stores the packet data in a shared memory. After determining whether the packet data satisfies with a filtering rule, it deletes the packet data if the packet data satisfies with the filtering rule and transmits the packet data to destination otherwise. Then, it generates preliminary billing data corresponding to the packet data and transmits the preliminary billing data to a billing apparatus.

Abstract: An automated banking machine (10) with customizable transaction receipts is provided. The automated banking machine may include a computer (30), at least one printer device (24, 44, 46), at least one input device (14, 16, 32) and at least one transaction function device (20, 22, 26, 36). The machine may be in communication with a further computer (37) which includes a data store (38) with document templates (42) stored therein. Each of the document templates may be associated with template attributes (48). A document template from the data store may be selected responsive to at least one characteristic of: a printer device of the machine, a consumer using the machine, and/or a transaction function being performed at the machine. The machine may generate and print one or more documents using one or more printer devices of the machine responsive to the document template and the transaction function.

Abstract: Acoustic signal encoder is provided which comprises a subband filter band to divide an original signal into a plurality of frequency bands, a spectrum transformation circuit to detect the amplitude of a signal in each of the plurality of frequency bands in each of sub-blocks resulted by division of a block length for signal coding, process the signal amplitude in each band based on the detected amplitude and transform the signals divided in the frequency bans to spectra, a normalizing circuit and quantizing circuit to normalize and quantize the spectrum, respectively, and a code row generator to generate a code row from the signals processed by the above circuits.

Abstract: The invention provides a method and system for locally tracking network usage and enforcing usage plans at a client device. In an embodiment of the invention, a unique physical key, or token, is installed at a client device of one or more networks. The key comprises a usage application and one or more access parameters designated the conditions and/or limits of a particular network usage plan. Upon initial connection to the network, the usage application grants or denies access to the network based on an analysis of the current values of the access parameters. Therefore, network usage tracking and enforcement is made simple and automatic without requiring any back-end servers on the network while still providing ultimate flexibility in changing billing plans for any number of users at any time.

Abstract: A system and method for licensing the use of “plug-in” type software that plays audio, video, and three dimensional content which logs the network address from which content is downloaded and played by the plug-in client software, then sends this information to a billing system maintained by the plug-in software developer. This billing system can then bill the content provider that is associated with the network address based on the number of times the content is played by users of the plug-in software. The system and method can also employ a public key encryption scheme to ensure that the network address information received by the plug-in software is valid and to block the playing of content from content providers that are delinquent in their license payments.

Abstract: An authentication and network management system for Wi-Fi local area networks includes a network management device and a plurality of Wi-Fi local area networks coupled to the network management device. Each local network includes at least one access point device having a Wi-Fi radio. A plurality of end user devices are attachable to the network forming nodes thereof, and each end user device has input plugs, such as USB ports and the like, for coupling accessories thereto. An authentication device is provided in the network for authenticating the end user devices attached to the network. A plurality of authenticating keys is provided, with each key attachable to an input plug of an end user device. Each key contains a validation certificate therein, wherein the authentication device verifies the presence of a current validation certificate on a key coupled to the end users device prior to granting access to the network.

Abstract: The present invention relates to a method of distributing music comprising creating a structured audio file from an audio track, the audio track having two portions, the first portion comprising data to reproduce a lower quality version of the audio track by a media player and data in a second portion that can be used to reproduce a higher quality version of the audio track.

Abstract: A software application that enables secure storing, displaying, organizing and transferring of electronic medical records (EMR) at a health care provider's office for future visits, storage, billing, insurance audits, and follow up of prescriptions and prescribed treatments. The EMR consists of physician notes, dictation, lab reports, images, patient histories, records, and can be stored and transferred in a plurality of manners. A smart card contains a microprocessor and includes an embedded chip that requires a PIN for access. In use the smart card is accessible by the health care provider entering their key card and PIN as well as the patient entering their own smart card and PIN. The patient then receives updated information on their smart card from their doctor. Next the patient can use the card to provide information to their insurance company, a pharmacy, hospital, or another health care provider.

Abstract: A medical care record management system for managing the records of medical care covered by an insurance performs the steps of acquiring first information that is information regarding the result of a medical care when a medical institution conducts the medical care for an insured person insured; acquiring second information that is information integrating the information regarding the insured person with an signature of an insurer of the insurance generated based on the information regarding the insured person; generating the third information that is information integrating the first information with an signature of the insured person by generating the signature of the insured person based on the first information; and generating the fifth information that is information integrating fourth information including the second information and the third information, with an signature of the medical institution by generating the signature of the medical institution based on the fourth information.

Abstract: A method and system for the secure distribution of content to authorized persons. A content provider uploads encrypted content to the system and specifies the institutions or individuals to which the content is to be provided and release conditions under which it is to be made available. Encrypted content is made available to a recipient together with a decryption code, if the identity of the recipient can be confirmed through a validation procedure and if the release conditions are met. The release conditions may include a time and date at which the release is to occur. The encrypted content have an associated sample which may be streamed to the recipient so as to permit the recipient to assess whether to download the full encrypted content or not. In one embodiment, the validation procedure includes biometric validation of the identity of the recipient.

Abstract: A transaction for downloadable digital data is facilitated over an electronic network. A presence is maintained on the electronic network to which a consumer may connect. A page is transmitted from the presence to the consumer over the electronic network, the page including information concerning the downloadable digital data. A command is received from the consumer over the electronic network indicating that the consumer wishes the transaction for the downloadable digital data.

Abstract: Provided is a health care system including a key management server that receives from a server a request for a decryption key, with first identification information identifying a measuring apparatus, second identification information identifying vital sign data, and third identification information identifying the server. The key management server generates the decryption key using the first identification information, and stores fourth identification information identifying a server predetermined as a destination of the decryption key, and fifth identification information indicating the category of the vital sign data in correspondence with the fourth identification information. The key management server transmits the decryption key to the server, when the received third identification information matches the fourth identification information, and the received second identification information matches the fifth identification information.

Abstract: A system for remote data acquisition and private and secure and authenticated, centralized processing and storage is disclosed called the DataTreasury™ Repository System. The DataTreasury™ Repository System provides a secure system for the storage and retrieval of data comprising personal information, financial information, and general information. The identity of the users are held private through the use of a biometric as the sole personal identifier. The system acquires transactional data at at least one remote locations, encrypts the data, transmits the encrypted data to a central location, transforms the data to a usable form, performs identification verification using biometric data, generates informative reports from the data and transmits the informative reports to the remote location(s), while maintaining privacy, security, and authenticity of the user's data and biometric. To ensure the complete security of the system, all data is re-encrypted while in storage, or when it is in a state of nonuse.

Abstract: Apparatus and methods are described for providing employee cards to employees, such as PIV cards to federal employees, including provisioning the employees to a more than one agency (and more than one card) without requiring multiple instances of enrolling and adjudicating the employee. Representatively, a sponsor enters information about the employee into a computer-displayed form (e.g., web-based). Biometric identity information is collected for the employee, but if such has already begun or is complete for at least a first agency, the collected information is used for a second agency without redundant collection. In the event an adjudication level of the first agency is at least as stringent as it is for the second agency, the employee is eligible to receive an employee card for the second agency, in addition to an employee card for the first agency.

Abstract: A protection key for hardware includes a first storage area configured to store a key data used for permission to use software installed in a information processor, a second storage area configured to store a data table including a plurality of random numbers, a receiver configured to receive a cryptography key from the information processor, a coder/decoder configured to encrypt the key data based on the cryptography key by picking one random number from the data table, and a transmitter configured to transmit the encrypted key data to the information processor.

Abstract: A server device is connected to at least one client device over at least one network. The server device hosts a website having entry controller logic that accesses a cookie on a client device that is seeking access to the hosted website. The entry controller logic is configured to: (1) initiate authenticating logic if there is a registered user cookie; (2) grant the client device entry to the hosted website if there is no cookie and provide the client device with a new guest user cookie; (3) grant the client device entry to the hosted website if there is a valid guest user cookie; or, (4) initiate validating logic if the guest user cookie is invalid for some reason.

Abstract: Digital rights are associated with a semi-unique node identifier obtained or calculated from characteristics of a mobile device attached to a consumer device, rather than with the node identifier of the consumer device itself. The user of the consumer device may access the digital rights management encrypted content (which may come from local persistent storage or a network) by attaching the mobile device to the consumer device. In this way, the rights can be associated with the node identifier of the mobile device, and the rights are thus usable for the consumer device to access the encrypted content.

Abstract: A system and method that facilitates and effectuates distinguishing a human from a non-human user. A human interactive proof (HIP) employs a token bucket algorithm in order to reduce the success rate for a non-human user employing a guessing or artificial intelligence to solve a substantial number of HIP challenges. The algorithm can employ token buckets associated with IP address and user session from which the user is attempting to solve the HIP challenge. If a token bucket is empty the algorithm can treat a correct response as incorrect and refill a portion of the buckets for a further attempt. This forces two correct responses to be received by a user within the refill quantity for the users bucket(s) before the user is identified as human.

Abstract: An approach for establishing secure communication among multiple multicast groups using a multi-master directory is disclosed. The multi-master directory is on a per object and per attribute access controls basis. The event service nodes, which can implemented as event servers, are distributed throughout an enterprise domain. The attributes of the event service nodes include the group session key and the private keys of the event service nodes. A standardized authentication service is used to register publishers and subscribers. These publishers and subscribers can individually belong to multiple multicast groups under a readily scalable, secure network architecture.

Abstract: In a method and apparatus for the electronic distribution of digitised information on demand, remote and/or local mass data stores are used to store digitised information for use in the generation of products such as software media. Available products and related information can be searched, browsed and requested at a local fulfilment unit; or requests can be made remotely. The products generated and associated packaging, certificates of authenticity, instruction manuals and licence numbers may optionally include customer specific information, and customer given personalisation. Additional security features include storing essential parts of the digitised information remotely so that products can not be generated using only locally stored information; and recording the digitised information on the at least final segments of longer than standard format CDs preventing complete copies onto CDs of standard format.

Abstract: A general user given beforehand a proxy right by an administrator is allowed to register a special user having the right to use an apparatus in a range of the function right equal to that of himself by operating a special user setting window.

Abstract: The present invention includes a virtual customer database system for delivering personalized services to a consumer operating a communication device. The virtual customer database system includes an administrator and a distributed database. The distributed database may be selectively loaded by the administrator with customer related information extracted from participating businesses. The distributed database includes secure databases associated with each participating business and a public participant database. The administrator may process push and pull service requests by selectively querying the distributed database. Sensitive customer specific information may remain with each corresponding participating business while responses to the requests may include personalized customer specific information provided via a common interface standard.

Abstract: A secure licensing system and method where a licensed product is purchased by a first party from a second party and then conveyed by the second party to a recipient with an indication that the first party is an intended licensee of the licensed product. Identity of the recipient of the licensed product is verified using a biometric verification device and a biometric database, and the license associated with the licensed product is activated when the biometric verification device and the biometric database verify that the recipient of the licensed product is the intended licensee of this product.

Abstract: A recording system for applying access control processing to input data content and for recording access-controlled data content on a computer readable storage medium. The recording system includes an encryption apparatus for encrypting portions of the input data content and an access control memory device which securely stores information from which a private key of a public key/private key pair associated with a data content recording user or user group is derivable. The encryption apparatus and the access control memory device co-operate to provide access control data including content recorder access control data and default access control data. The default content access control data provides the same level of access to the input data content as the level of access available to the data content recording user/user group. A recorder is provided for recording the encrypted input data content and the content access control data on the computer readable storage medium.

Abstract: A method of adding a copy protection function to a program to be installed on a computer system comprising a copy protection unit is provided, said method comprising the steps of determining a decision section of the program, wherein information influencing the further course of the program is defined during execution of the program, as a function of the current running state of the program, and converting the decision section by means of code which is executable exclusively in the copy protection unit and which is executed in the copy protection unit during execution of the program.

Abstract: A system and method to verify a user's identity in an Internet-related transaction. One system and method use a personal computer having identification information, a card reader, and a personal identification card having access information, to verify a user's identity using the access information and the identification information. Another system and method use a personal computer, a card reader, and a personal identification card having access information, wherein the card reader is included as part of a mouse coupled to the personal computer and wherein a user's identity is verified using the access information. Another system and method use a personal computer, a fingerprint reader, a card reader, and a personal identification card having access information to verify a user's identity using the access information and the data of the fingerprint reader.

Abstract: A system is proposed for performing transactions with terminals which fundamentally allow a plurality of different transactions to be performed. The terminals (10, 11) are connected for this purpose via a terminal network (30) with at least one node computer (40, 41) via which they can be set up for performing a transaction. The suitability for performing a further, hitherto unprepared transaction can be provided later anytime without any special setup measures. A terminal (10, 11) requests for this purpose data providing the functionality required for performing the further transaction from a node computer (40, 41) following a trigger signal designating the further transaction. The transaction is then performed in interaction between a terminal (10, 11) and a node computer (40, 41).

Abstract: A decryption processing unit decrypts encrypted content data using a license key Kc. When an elapsed time after reception of the license key (Kc) does not exceed a hold time at a time of the license key (Kc) included in reproduction control information (ACp), reproduction of encrypted content data continues. When the elapsed time exceeds the hold time at a time, the license key (Kc) is discarded, and a reproduction control unit again obtains a license key (Kc) from a memory card. Discarding and reobtaining license key (Kc) continues until an allowable output count of license key (Kc) from the memory card becomes zero. As a result, a reproduction time of encrypted content data can be controlled safely.

Abstract: Medical prescriptions may be produced in electronic form and carry a plurality of encoded, encrypted data sets. The first data set may represent a unique prescription identifier and the second data set a patient identifier such as a PIN: Both data sets are encrypted and printed on the item, for example encoded in a data matrix. The patient may present a printed prescription to a chemist at which point the data matix symbol is canned to retrieve the encrypted data sets. The data set including the unique identifier may be sent to a remote location for decryption and comparison against a stored identifier to verify the prescription as genuine. The second data set may be decrypted and compared locally to verify that the person presenting the prescription is the patient or an authorised representative of the patient. If both data sets are vertified, the chemist maydispense the medicine. Further data sets may include details of the prescription and prescription history, and details of the doctor and the chemist.

Abstract: A method and system are disclosed to provide secure key selection using a secure device in a watercrypting environment. A license containing a product key of a watercrypted content and a client identifier is transmitted to a secure device for storage. An entitlement control message containing multiple content keys associated with the watercrypted content is further transmitted to the secure device, together with a request to provide a session content key from the multiple content keys, the session content key to be used to decrypt the watercrypted content. Finally, the session content key is received from the secure device in response to the request.

Abstract: A method of managing software use in a desired mode and with ease of handling upgrades or other changes includes a sales company or other software provider adding a password to software, inserting identification information into a dongle, and distributing the same to users. A secret key and an open key are prepared and the open key is transmitted to the user. When the user tries to obtain a license, the password is sent to the sales company. The sales company detects identification information based on the password, encodes the same by using the secret key, and sends the same to the user as encoded license information. The user decodes the encoded license information by the open key and matches the same against the identification information included in the dongle. If the information match, the software effectively starts up, while if not, the execution of the software is stopped.

Abstract: The inventive data processing apparatus initially generates verifying values for verifying integrity of contents data stored in a memory device, then stores the verifying values in correspondence with contents data, and then, using the verifying values, the data processing apparatus proves the act of tampering with the relevant contents data, where the verifying values are generated and stored in a memory device per category of contents data. Each of the categories is preset based on a controlling entity of enabling key blocks (EKB) which encipher and provide a contents key (Kcon) provided as a key for enciphering the kinds of categories or contents data. Because of this arrangement, it is possible to effectively and independently executes the process for probing the act of tampering with contents data per controlling entity of the enabling key blocks (EKB) for example.

Abstract: A disk bears a multimedia program and a player plays the program. The player is responsive to an image restraint token (IRT) to play the multimedia program only in a low resolution format and not in a high resolution format prior to an IRT expiration date. The player is then responsive to a key that is publicly available only on or after the expiration date and entered into the player to play the multimedia program in the high resolution format.

Abstract: An information recording method for recording content information in a recording medium having at least re-readable area, comprising converting, based on a first conversion rule ?1, first information including a first component for obtaining content control information, converting, based on a second conversion rule ?2, second information including a second component for obtaining the first information, and writing the converted first information and the converted second information into the re-recordable area of the recording medium.

Abstract: Described are methods, systems, and apparatus, including computer program products for providing customizable authentication for service provisioning. A first user is enabled to customize an authentication system associated with a service. Customizing the authentication system includes defining a first executable authentication rule for a second user and a second executable authentication rule for a third user. The second executable authentication rule is different from the first executable authentication rule. The second user is different from the third user. The first executable authentication rule is employed for determining access by the second user to the service. The second executable authentication rule is employed for determining access by the third user to the service.

Abstract: A data recording apparatus capable of preventing easily copying of information is disclosed with which, even if information is copied, the copied information cannot be reproduced, the data recording apparatus having a terminal to which encoder ID specific for the data recording apparatus is input, a recording unit for recording at least the encoder ID on an optical disk, and an encoding circuit for, in accordance with the encoder ID, encoding data supplied through a terminal and required to be recorded so that encoded data is, together with the encoder ID, recorded on the optical disk.

Abstract: A broadcast receiving method comprises storing first control information in a storage device, the first control information containing information unique to a receiver and required for the receiver to select broadcasted and encrypted contents information, and receiving second control information with a receiver via a bi-directional communications channel, the second control information being for updating at least some contents of the first control information, updating the first control information in the storage device on the basis of the second control information, receiving broadcasted key information independent from the receiver and required to decrypt the contents information, and selecting and decrypting the encrypted contents information based on the key information and updated first control information.

Abstract: A device and a method of preventing pirated copies of computer programs. The device has input and output devices for bidirectional data exchange with an electronic computer and a first memory element containing a data file that can be transferred to the electronic computer over the output device. In addition, a second memory element into which data can be written via the input device is also provided. The method includes the following steps. First, this device is connected to an electronic computer for bidirectional data exchange. Then a first data file containing an electronic key is transferred from the device to the electronic computer. Subsequently a second data file containing an identifier of the electronic computer is copied from the electronic computer to the device.

Abstract: A contents supply apparatus supplies sub-content that relates to main content. A DVD-ROM stores a bind key unique to the DVD-ROM and main content that is a digital work. A main player reads the bind key from the DVD-ROM, acquires sub-content that relates to the main content stored on the DVD-ROM, generates encrypted sub-content by encrypting the acquired sub-content based on the read bind key, and writes the generated encrypted content to an SD memory card. A sub-player reads the bind key from the DVD-ROM, reads the encrypted sub-content from the SD memory card, generates sub-content by decrypting the read encrypted sub-content based on the bind key, and plays back the generated sub-content.

Abstract: A system and method of transaction processing is provided and includes a transaction terminal accessing a communications network. The transaction terminal sends first transaction information for a transaction across the communications network to a server. The first transaction information, which may include an account number and a transaction amount, is received and processed at the server communicating with the communications network. At least a portion of the first transaction information is stored and made accessible via the Internet. The server sends second transaction information based on the first transaction information to a transaction processor.

Abstract: A wide-area emergency information management system includes a broadcasting entity (10) and delivers content to authorized receiver clients (20), such as PC's, laptops, wireless devices, etc. The specific content (26), which can include voice, text, video or any other information content related to a planned response to a given crisis or emergency such as enemy attack or natural disaster, is prepared in advance (28), tailored to the class of recipient receiver client and/or user (44), securely downloaded (32,36) and stored locally in a secure cache (21). In response to a small control file from a centralized emergency management authority, the receiver client system accesses the cache (21), decrypts the content (26), and delivers it to the end user.

Abstract: By providing a secure EEPROM (Electrically Erasable Programmable Read Only Memory) device or other non-volatile memory (NVM) in an arrangement of a master key system operation key (SOK) plus any subsequently installed SOK to control the configurable machine option attributes, various problems associated with machine option configuration and updates may be accommodated. At the initial install of either SOK type the identity of the machine is written to the NVM, i.e. the machine serial number. This is performed during the initial machine power up or reboot sequence. If the SOK type is a subsequently installed SOK, the option code(s) from the subsequently installed SOK are written to the master key SOK. As part of the power on or reboot routine the machine will check to ensure no tampering has taken place and that the machine identity and the NVM serial number location data match.

Abstract: An installation mechanism that securely installs encrypted software modules on a computer is described. The mechanism allows restricted software, such as domestic strength cryptography software, to be shipped directly to a user. The mechanism decrypts the software modules and installs the software modules on the computer only when at least one of a set of trigger files is present on the computer, thereby requiring that the computer be authorized for the restricted software. A setup program invokes each of a plurality of installation modules in order to install the software modules. Each installation module securely encapsulates an encrypted version of the software module and is programmed to decrypt the corresponding software module only when a genuine trigger file is detected.

Abstract: An information management method restoring electronic data using backup information upon the loss of electronic data stored on a recording medium. Information stored in a predetermined area of the recording medium having medium-specific information is encrypted using medium-specific information or a key generated therefrom and is derived outside the predetermined area.

Abstract: Methods, apparatus and machine readable medium are described for creating and using protected key blobs that require a particular portable token be present before use of the key or keys of the protected key blob is granted. Such protected key blobs may be used to establish a level of trust between a local user and the computing device.

Abstract: A system and method is provided for authenticating a device. A method includes receiving a certificate from the device, the certificate including a plurality of fields, including a field holding a digital signature from a certifying authority, verifying the digital signatures in the certificate, the verifying including at least one of verifying the certifying authority digital signature using the certifying authority public key; and verifying a device digital signature using a device public key, and receiving validation data from a source, the validation data identifying one or more data in the certificate as valid or invalid according to predetermined criteria, and if the digital signatures are verified and validated, transmitting a session key to the device to establish a secure communication channel.

Abstract: A system is described for uniquely mating components of a communication network such as a smartcard and a set-top box. When mated, the smartcard and set-top box are tied together and have a single identity. Further, the smartcard operates properly only when inserted into an authorized set-top box. Exchanges of information between both components are secured by encryption and authentication to guard against piracy of the exchanged information. The system provides the same authentication key to the set-top box and the smartcard. This key is used for authenticating communication between the set-top box and the smartcard. First, the authentication key is encrypted by a set-top box mating key. The set-top box employs this mating key to decrypt the authentication key. After it is derived, the authentication key is stored in the set-top box's memory. Further, the same authentication key is encrypted by a smartcard mating key.