Abstract: A system and method include means for processing a cryptographic certificate adapted to provide security functionality. A register means is provided and means for adjusting the register means to account for services when the cryptographic certificate is processed. In accordance with another aspect, a system and method include a register means for storing funds. Means are provided for processing a digital token providing proof of postage payment and means are also provided for processing a cryptographic certificate adapted to provide security functionality. Means debit funds stored in the register means when the digital token is processed and when the cryptographic certificate is processed. Processing the cryptographic certificate may involve many functions such as providing security services and/or certificate management functions (including generating and verifying cryptographic certificates) and/or key management functions and/or access to any needed private keys to perform security services.

Abstract: A system including a secure LSI 1 establishes a communication path to/from a server 3 (UD1), and receives a common key-encrypted program generated by encryption with a common key and transmitted from the server 3 (UD6 and UD7). The received common key-encrypted program is decrypted to generate a raw program, and the raw program is re-encrypted with an inherent key to newly generate an inherent key-encrypted program, which is stored in an external memory.

Abstract: The described systems, methods and data structures are directed to a portable computing environment. A communication link is established between a portable device and a host device. The portable device is equipped with a processing unit and is configured to execute a process that is accessible by the host device. The host device includes an application configured to interact with the process on the portable device. The process on the portable device provides data to the application on the host device using the communication link. The application uses the data to provide a computing environment.

Abstract: The described systems, methods and data structures are directed to a portable computing environment. A communication link is established between a portable device and a host device. The portable device is equipped with a processing unit and is configured to execute a process that is accessible by the host device. The host device includes an application configured to interact with the process on the portable device. The process on the portable device provides data to the application on the host device using the communication link. The application uses the data to provide a computing environment.

Abstract: The described systems, methods and data structures are directed to a portable computing environment. A communication link is established between a portable device and a host device. The portable device is equipped with a processing unit and is configured to execute a process that is accessible by the host device. The host device includes an application configured to interact with the process on the portable device. The process on the portable device provides data to the application on the host device using the communication link. The application uses the data to provide a computing environment.

Abstract: A trusted authority delegates authority to a device. This delegation of authority is effected by providing a yet-to-be completed chain of public/private cryptographic key pairs linked in a subversion-resistant manner. The chain terminates with a penultimate key pair formed by public/private data, and a link towards an end key pair to be formed by an encryption/decryption key pair of an Identifier-Based Encryption, IBE, scheme. The private data is securely stored in the device for access only by an authorized key-generation process that forms the link to the end key pair and is arranged to provide the IBE decryption key generated using the private data and encryption key. This key generation/provision is normally only effected if at least one condition, for example specified in the encryption key, is satisfied. Such a condition may be one tested against data provided by the trusted authority and stored in the device.

Abstract: A method of accomplishing two-factor user authentication, comprising providing two separate user authentication methods, enabling a user to communicate authentication data for both authentication methods to a first web site using the internet, and enabling the communication of at least some of the authentication data from the first web site to a second web site also using the internet. Both web sites are thus involved in user authentication using the authentication data.

Abstract: A key management technique establishes a secure channel through an indeterminate number of nodes in a network. The technique comprises enrolling a smart card with a unique key per smart card. The unique key is derived from a private key that is assigned and distinctive to systems and a card base of a card issuer. An enrolled smart card contains a stored public entity-identifier and the secret unique key. The technique further comprises transacting at a point of entry to the network. The transaction creates a PIN encryption key derived from the smart card unique key and a transaction identifier that uniquely identifies the point of entry and transaction sequence number. The technique also comprises communicating the PIN encryption key point-to-point in encrypted form through a plurality of nodes in the network, and recovering the PIN at a card issuer server from the PIN encryption key using the card issuer private key.

Abstract: An image forming apparatus includes a document control service that generates authentication information corresponding to the request to output a stored document and transmits the authentication information to the network service, and a document output service that receives the authentication information from the network service, obtains the stored document corresponding to the authentication information, and outputs the obtained stored document. After authenticating the stored document, the document control service generates authentication information corresponding to a request to output the stored document from an external network apparatus. The document control service, the external network apparatus, and the document output service can exchange the authentication information instead of the stored document.

Abstract: This invention concerns a consumable authentication method for validating the existence of an untrusted chip. A random number is encrypted using a first key and sent to an untrusted chip. In the untrusted chip it is decrypted using a secret key and re-encrypted together with a data message read from the untrusted chip. This is decrypted so that a comparison can be with the generated random number and the read data message.

Abstract: Suppression malfunction of an authentication circuit for authenticating a battery pack. Signal line for applying an intermediate potential between the power supply and ground and for reading the potential of a thermistor for detecting the temperature is used as a transmission path for exchanging data between a battery pack and main device. A master-authentication circuit and slave-authentication circuit comprise level-correction circuits, which are connected to the signal line by way of a voltage-comparator circuit. The level-correction circuits are constructed such that they correct the signal applied to the signal line so that it is greater than or less than the unstable-region voltage, and outputs it to the input end of the authentication circuits, so that unstable-region voltage is not applied to the input end.

Abstract: Apparatus for parsing and tokenizing a data stream comprises: a storage component to store a history buffer containing an unencoded version of a previously encoded string; a comparison component to compare a string from the input data stream with the unencoded version of at least one previously encoded string; a second storage component store: an indicator that at least two matches were found by the first comparison component, and tokens corresponding to the matches; a summing component to sum potential token lengths to provide total potential token lengths; a second comparison component to compare total potential token lengths; a selection component to select a match corresponding to a shortest total token length to represent the string from said input data stream; and an emitting component for emitting tokens representing the match corresponding to the shortest total token length. The tokens may be used in, for example, compression or encryption.

Abstract: The described systems, methods and data structures are directed to a portable computing environment. A communication link is established between a portable device and a host device. The portable device is equipped with a processing unit and is configured to execute a process that is accessible by the host device. The host device includes an application configured to interact with the process on the portable device. The process on the portable device provides data to the application on the host device using the communication link. The application uses the data to provide a computing environment.

Abstract: The invention relieves an application programmer of the responsibility for managing access rights, by providing application code that is independent of the protection in a chip card. When an application, for example in a docking station, is given access to an object pertaining to another application in a chip card, two capabilities are created respectively in the applications, as objects, to protect all subsequent accesses to the object by filtering them through the two capabilities. On accessing an object pertaining to an application, if a second object pertaining to the other application is passed on to the latter, two other capabilities are added in the applications to protect access to the second object.

Abstract: A security and protection device (1) for protection of the data and executable codes of any fixed or portable computer system and that has a memory medium to be protected. The security and protection device (1) is located physically between the computer system (2) and the memory medium (MP) to be protected, in order to allow the computer system (2) access to the data and codes to be protected after execution of the protection functions independently of the machine code executed by the computer system (2) and requires no interaction with the processor of the system for the execution of these functions.

Abstract: This application is directed to a system for remotely directing a host device to perform an operation using a key. The key may include a communications circuitry for transmitting data, for example a key identifier or an instruction to perform an operation, within a personal area network created by the communications circuitry. When a host device is within the personal area network, the key may transmit data received by a transceiver on the host device. In response to receiving the data, the host device may perform an operation (e.g., an authentication operation). In some embodiments, the key may transmit data identifying an operation for the host device to perform. In some embodiments, the host device may store in memory key identification information and an associated operation which may be retrieved when the key is brought in proximity of the host device.

Abstract: The present invention discloses a system and method of leveraging mobile telephone provider assets and distribution network to securely deliver security tokens, such as PKI certificates. The invention is not limited to using a mobile telephony infrastructure and other pre-existing distributions can also be used. In the invention, a user requested security token can be delivered to a storefront associated with a mobile telephone provider. The storefront can be one proximate to a requesting user. An optional activation key can also be conveyed to the requesting user. The requesting user can be required to physically travel to the storefront to receive the security token. At the storefront, an identity of the requesting user can be verified, such as through photo identification. The security token can be provided when the requesting user has been successfully verified. Use of the security token can still require activation involving the activation key.

Abstract: A system and method to verify a user's identity in an Internet-related transaction. One system and method use a personal computer having identification information, a card reader, and a personal identification card having access information, to verify a user's identity using the access information and the identification information. Another system and method use a personal computer, a card reader, and a personal identification card having access information, wherein the card reader is included as part of a mouse coupled to the personal computer and wherein a user's identity is verified using the access information. Another system and method use a personal computer, a fingerprint reader, a card reader, and a personal identification card having access information to verify a user's identity using the access information and the data of the fingerprint reader.

Abstract: Techniques are disclosed for performing operations in an authentication token or other cryptographic device in a system comprising an authentication server. In one aspect, a code generated by the authentication server is received in the cryptographic device. The code may have associated therewith information specifying at least one operation to be performed by the cryptographic device. The cryptographic device authenticates the code, and responsive to authentication of the code, performs the specified operation. If the code is not authenticated, the operation is not performed. The code may be determined as a function of a one-time password generated by the authentication server. The function may also take as an input an identifier of the operation to be performed.

Abstract: An electronic system is disclosed. In one embodiment, the electronic system comprises a wireless communication adapter that includes an antenna for transmitting and/or receiving information and a connector configured to enable selective mating engagement of the connector with a connection port of an electronic device. In one embodiment, the wireless communication adapter is configured to communicate information between first and second electronic devices via the antenna. Other electronic systems, devices, and methods are also disclosed.

Abstract: Access control to data processing means, such as a smart card, is made secure by simulating a comparison block by block of part of a secret code with part of a presented code through a block-by-block comparison of part of the presented code and part of a determined number when the presented code is found to be erroneous. Each time the card is used, a constant number of operations are applied to the presented code and at least for part of the secret code, and at most for a complementary part to the determined number, thus avoiding different signatures of power consumption for different presented codes.

Abstract: A system and computer implemented method for providing a widget are described. The widget is portable, embeddable and for dynamically displaying multimedia content. The method and system include receiving a request corresponding to the widget and performing an authentication corresponding to the request. The method and system also include fulfilling the request if the authentication is successful.

Abstract: A mechanism for controlled sharing of files by clustered applications is provided. The mechanism expands a distributed file access protocol, such as the direct access file system protocol, by including an open with share token command and an open_downgrade operation to adjust the access and deny levels for a given resource.

Abstract: An illegal data use prevention system includes a registrar which issues first authentication information for a game machine reproducing data and second authentication information for a user-identifying IC card. The data is identified by the first authentication information and the second authentication information. The game machine contains the first authentication information and, for example, executes a game program in accordance with a result of determination as to whether the IC card contains the second authentication information. Thus, illegal use of data is effectively prevented.

Abstract: To provide an improved management structure of memory devices storing service-use applications. A card for a memory device applied to use various services is provided as one child card or more corresponding to each of the services, a parent card-stores data for child-card issue management, and the child-card issue processing is executed based on the parent card, such as parent card authentication. An issue certificate having a parent-card digital signature is stored in the child card, the issue certificate contains a service code and a child-card identification, and thus it becomes possible to confirm a service set in the child card based on the issue certificate as the parent-card signature data.

Abstract: A telecommunications system and method is disclosed for implementing a Policy Enforcement Point (PEP) for an Internet Service Provider (ISP) at the subscriber premises. This PEP enforces policies with respect to authentication of subscribers, authorization to access and services, accounting and mobility of the subscribers. These policies are defined by the ISP operator in a Policy Decision Point (PDP), which is a server connected to the Internet that communicates with the PEP. In addition, the ISP can supply an encryption key for the PEP and an encryption key for a particular subscriber. Thus, all communications between the subscriber and the PEP, as well as between the PEP and the PDP can be encrypted.

Abstract: A system on a chip (SOC) device is disclosed comprising external outputs, and external inputs. A first secure storage location is operably decoupled from all of the external outputs of the SOC device during a normal mode of operation. By being decoupled from all external outputs, representations of the data stored at the first secure device are prevented from being provided to the external outputs. The decryption engine is also included on the system on a chip, comprising a first data input, and a private key input coupled to a first portion of the first secure storage location, and an output coupled to a second secure location. The decryption engine is operable to determine decrypted data from data received at the first data input based upon a private key received at the private key input. The decryption engine is further operable to write the decrypted data only to the first secure memory location and the second secure location.

Abstract: The present invention provides a method and system for communicating via a handheld device to Internet applications such as customer relationship management applications. Automatically generated user information, such as an electronic mail (e-mail) address, containing a certification key is used to authenticate a mobile user's access to Internet applications. Access from mobile devices, such as personal data assistants, is possible because no password is required to log in. Other security measures may be used in conjunction with providing user information to ensure access only to authorized users.

Abstract: A trusted authentication chip for use in authenticating an untrusted authentication chip; the trusted authentication chip including a random number generator, a symmetric encryption function and two secret keys for the function, a signature function and a test function; wherein the trusted authentication chip generates test data including a random number and its signature, encrypted using a first of said secret keys and transmits the test data to the untrusted authentication chip, wherein the trusted authentication chip receives a data message and an encrypted version of the data message in combination with the random number from the untrusted authentication chip, the data message being encrypted using a second of said secret keys, wherein the test function operates to encrypt the random number together with the data message by the symmetric encryption function using the second secret key, compare the two versions of the random number encrypted together with the data message using the second key, and in the e

Abstract: An augmented boot code module includes instructions to be executed by a processing unit during a boot process. The augmented boot code module also includes an encrypted version of a cryptographic key that can be decrypted with a cryptographic key that remains in the processing unit despite a reset of the processing unit. In one embodiment, the processing unit may decrypt the encrypted version of the cryptographic key and then use the decrypted key to establish a protected communication channel with a security processor, such as a trusted platform module (TPM). Other embodiments are described and claimed.

Abstract: A system that allows secure processing in a case where a download-requesting terminal and a download-destination terminal are different devices is implemented. A content distribution server receives a ticket carrying a signature of a download destination from a terminal requesting downloading of content, and verifies the ticket to verify that a device serving as the download destination is a device authorized by the download-requesting terminal, thereby verifying the authenticity of the device serving as the download destination without directly authenticating the device serving as the download destination. Furthermore, a content-signing key [Ksig] or a hash value is exchanged as data that can be cryptographically processed only at the download-requesting device and the download-destination device, so that, for example, checking of the integrity of the content is allowed only at a legitimate download-destination device.

Abstract: First data to be sent by a first party to a second party is encrypted using an encryption key that is formed using at least a hash value generated by a keyed hash of at least one condition that typically serves as an identifier of an intended recipient of the first data. The encrypted first data is provided to a data recipient who requests a decryption key from the trusted party. The trusted party is responsible for verifying that the recipient meets the specified conditions before providing the decryption key. A valid decryption key is only provided if the correct conditions have been supplied to the trusted party.

Abstract: A method for calculating hashing of a message in a device communicating with a smart card involves storing a same hash function in said device and said smart card, wherein the message includes-data blocks including secret data and other public data, and wherein secret data is only known by the smart card, performing a calculation of the hash function of the secret data in the smart card, and performing the calculation of the hash function of all or part of other public data in the device.

Abstract: The present invention relates to a portable device configured to interact with any number of host computing devices. In operation, the portable device will initially appear to a host computing device as a known device type. The host computing device will be configured to interact with the portable device as the known device type. Upon such interaction, the host computing device will access indicia sufficient to identify the portable device as a second device type and instruct the host computing device to configure itself to interact with the portable device as the second device type.

Abstract: Production of a two dimensional technical data package is automated by a computer that receives and stores one or more customer defined data submittal rules for formatting a technical data package. The computer then executes one or more of the rules to create a linked set of output data files that comprises the technical data package. The computer creates a hierarchical product data tree structure comprising one or more nodes and one or more product attribute data fields for each node. The computer creates the technical data package file by linking parts files together in accordance with the product data tree structure. The technical data package created by the computer may be compressed and sent electronically to the customer avoiding the requirement of using cumbersome technology such as aperture cards.

Abstract: Sharing of data between one domain and at least one other domain over a network is facilitated by the use of tokens. A user token set in a cookie stored on the user's system at log-on to a first domain is used to create, or is associated with, a secure token passed by a first domain to a second domain when the user, in a session with the second domain, requests resources, access to which includes authorization by a first domain. The secure token facilitates various actions pertinent to a user in a session with said second domain, including, for example, the maintenance of an active, concurrent session between a user and a first domain, and authentication and authorization without log-on at a second domain or other domains.

Abstract: An information holding medium stores the common key of the user used in the common-key encryption method. In response to a user authentication request sent from an information processing apparatus, the user is authenticated by the common-key encryption method by using the common key stored in the information holding medium of the user. Only when the user has been authenticated, predetermined processing for making the information processing apparatus authenticate the user by the public-key encryption method is performed.

Abstract: This invention concerns a validation protocol for determining whether an untrusted authentication chip is valid, or not. The protocol may be used to determine the physical presence of a valid authentication chip and from that determine whether a consumable containing the chip is valid. In another aspect the invention also concerns a system for validating the chip. A random number is generated and encrypted with an asymmetric encryption function. It is then passed to an untrusted authentication chip where it is decrypted. The decrypted random number is then compared with the original random number, and in the event of a match the untrusted chip is considered to be valid.

Abstract: A technique to transmit data from a sender to a receiver via a network, preferably a LAN and/or the Internet etc., where the sender transmits the data to a base station, and where the sender is verified by a server, in particular a AAA-server etc. In order to prevent the transmission of data from an illegitimate sender at the expense of a legitimate sender to the greatest extent possible, the server transmits verification data from the server to the sender and/or base station.

Abstract: A method and system for overcoming the problems associated with certificate revocation lists (CRL's), for example, in a public key infrastructure. The invention uses a tree-based scheme to replace the CRL.

Abstract: Methods and devices are provided for two-way authentication. In one example, a method prompts a user for an account number and a PIN. Upon authentication of the account number and the PIN, an e-mail having a link to a new session is sent to the user. If the account number and the PIN were authenticated, a custom background preselected by the user is presented in the new session and a password is requested. Use of the custom background preselected by the user may help the user authenticate the computer system to which he is attempting to gain entry. Upon authentication of the password, entry to a computer system is permitted. To provide optional, enhanced anti-phishing capability, if the account number and the PIN were not authenticated, the an indication may be made that the e-mail message is being sent.

Abstract: A system for issuing cyber payment means (cyber notes, cyber checks, cyber payment certificates, etc.) marked with business identification information, on a computer network, and a method thereof are provided.

Abstract: A protocol appropriate for smartcard purchase applications such as those that might be completed between a terminal or ATM and a users personal card is disclosed. The protocol provides a signature scheme which allows the card to authenticate the terminal without unnecessary signature verification which is an computationally intense operation for the smart card. The only signature verification required is that of the terminal identification (as signed by the certifying authority, or CA, which is essential to any such protocol). In the preferred embodiment, the protocol provides the card and terminal from fraudulent attacks from impostor devices, either a card or terminal.

Abstract: The access network manager terminal 5 makes a communication quality agreement with the core network manager terminal 3, the core network manager terminal 3 conducts resource assignment of the core network 100 based on the communication agreement, notifies the access network manager terminal 5 of password information of the assigned resource and notifies the edge router 1a of password authentication information. The user terminal 4a communicates a password sent from the access network manager terminal 5 in response to a resource use permission request as being contained in a header of a packet and the edge router 1a authenticates the password of the packet based on the password authentication information.

Abstract: A method is disclosed wherein a user is provided with a replacement one-time password or secure transfer key for re-establishing secure access to information contained within at least one of peripheral memory storage device, a system to which the peripheral memory storage device is connected, or a system to which the peripheral memory storage device is remotely connected. The peripheral memory storage device containing the necessary additional security keys and processes to establish the new access rights in response to the one-time password or transfer key presented. No digital transmission from the peripheral memory storage device is undertaken thereby providing a self-contained security process without interception, decryption, re-working or hacking of remotely stored password information.

Abstract: Methods, apparatus and machine readable medium are described for creating and using protected key blobs that require a particular portable token be present before use of the key or keys of the protected key blob is granted. Such protected key blobs may be used to establish a level of trust between a local user and the computing device.

Abstract: Computer-processable communication authentication and validation methods and apparatuses are described according to various embodiments. In one embodiment, an authentication and validation method comprises encapsulating an untrusted payload with a header and an authenticator. The header can comprise a unique identifier and the authenticator can comprise at least a portion of a keyed-hash message authentication (HMAC) value based on the content of the header, the content of the payload, and a unique key maintained for each of one or more receiving devices.

Abstract: There is provided a portable digital device including: a display; a processor for rotating content shown on the display from a first orientation to a second orientation; a connector for connection of the portable digital device to a peripheral device; and at least two control devices for controlling at least two operational functions of the portable digital device. It is advantageous that the content shown on the display is automatically rotated from a first orientation to a second orientation by the processor when a functional connection to the peripheral device is made using the connector. The content may be rotated as a single entity or it may be rotated pixel-by-pixel. Depending on the peripheral device, the rotation may be either 90° or 180°. The functional connection may preferably be detected by the processor using a mechanical switch, an impedence meter and a combination of the aforementioned. There is also provided a method for automatically reconfiguring a setup of a portable digital device.

Abstract: A method of performing resource analysis on one or more cards of a computer system is described and disclosed. In an embodiment, the method includes identifying one or more affected hardware identifiers. Each affected hardware identifier corresponds to any of the cards. Configuration information of the computer system is gathered. Moreover, the configuration information is used to analyze the affected hardware identifiers to identify any affected resource of the computer system. The identification of any affected resource is independent of a system-wide hardware scan of the computer system. Furthermore, one of a plurality of severity levels is assigned to each identified affected resource based on predetermined criteria. The severity levels include a low severity level, a medium severity level, and a high severity level. Each severity level represents degree of impact to the computer system if functionality of the identified affected resource became unavailable.

Abstract: An embodiment generally relates to a method of accessing a secure computer. The method includes capturing an authentication state of a security token in response to a verification of user authentication information. The method also includes providing the authentication state to at least one application requiring authentication with the security token and accessing the at least one application.