Abstract: The present invention makes use of techniques such as those described by Boneh and Franklin to allow for the realization of a pseudo-asymmetric encryption scheme whereby one public encryption corresponds to a plurality of private decryption keys. This scheme therefore provides a solution to the problem of inefficient use of bandwidth in asymmetrical encryption schemes which inherently require that a plurality of encryptions of data be broadcast to a plurality of receivers. The invention further ensures that the advantage of traceability, typical found in asymmetric encryption schemes, is maintained due to the characteristic that each receiver uses a unique traceable decryption key. The traceability thus achieved by the present invention allows for the revocation of a security module which has been involved in the abusive use of conditional access data, particularly by means of clones of security modules whose security has been compromised.

Abstract: A secure, layered logout of a user session is implemented in a web-based management tool, such as a middleware appliance. A logout strategy is provided to include a set of security levels of varying sensitivity, with each security level having a set of permissions associated therewith and that are enforced upon a timeout. Preferably, each succeeding security level in the set of security levels is reached as time increases from an idle time associated with the user session. Upon expiration of a timeout associated with a security level, the set of permissions associated with the security level are then enforced against at least one managed object while the user session continues. As each next security level is reached, the set of permissions associated with the security level are then enforced (with respect to the managed object or against one or more other managed objects), once again while the user session continues.

Abstract: The invention proposes a method for transmitting a message to a plurality of user entities in a network by using a multicast service, comprising the steps of encrypting a multicast message by using ciphering, and sending the encrypted multicast message to the plurality of user entities simultaneously. The invention also proposes a corresponding multicast service control device and a corresponding user entity.

Abstract: In one embodiment of the invention, a system and method for error tolerant delivery of data is provided. A data file is received for transmission which includes metadata and data. The metadata includes mandatory portions and optional portions, which are grouped together, respectively. The mandatory portions of the metadata include file control data. The file is parsed into packets and transmitted as a data stream to a plurality of receiver devices. In some cases this data stream may be transmitted multiple times for redundancy. Once the data stream is received, the receiver device may look for transmission errors in the control data of the data stream. If such an error is present the data stream is discarded; otherwise, the receiver device converts the data stream back into the native file format and stored for later playback or queued processing.

Abstract: According to one embodiment, computer system is disclosed. The computer system includes a central processing unit (CPU) to simultaneously operate a trusted environment and an untrusted environment and a chipset coupled to the CPU. The chipset includes an interface to couple to a management agent, and protected registers having a bit to indicate if the management agent is provided access to resources within the trusted environment.

Abstract: A method for detecting at least one traitor computer system among a plurality of receiver computer systems including: assigning a version of protected content to each of the plurality of receiver computer systems that are currently identified as innocent by a content protection system that monitors distribution of protected content to the plurality of receiver computer systems; recovering at least one unauthorized rebroadcast of the content; generating a score for each of the plurality of receiver computer systems with respect to the recovered unauthorized rebroadcast; calculating a threshold independent of an estimation of maximum traitor computer systems; checking a highest score against the threshold; incriminating a receiver computer system having the highest score above the threshold as a traitor computer system; and removing any unauthorized rebroadcasts overlapping with the traitor computer system. The process may be repeated from generating scores until all traitors are identified.

Abstract: A method to manage members of a group of decoders having access to broadcast data, each group member sharing a common broadcast encryption scheme (BES) comprising the steps of, in a stage for a decoder to become a group member, receiving keys pertaining to the position in the group according to the BES, receiving a current group access data comprising a current group access key, and in a stage of accessing broadcast data, using the current group access data to access the broadcast data, and in a stage of renewing the current group access key, sending a first group message comprising at least a next group access key encrypted so that only non-revoked decoders can access it, said group message being further encrypted by the current group access key, updating the current group access key with the next group access key.

Abstract: A device, receives a unicast packet designating a unicast source and a unicast destination, and determines whether the received unicast packet is a Data Register message. The device extracts information relating to a multicast packet encapsulated within the unicast packet when the unicast packet is a Data Register message, and performs a security policy lookup based on the extracted multicast packet information to identify a security policy associated with the multicast packet. The device determines whether the identified security policy authorizes forwarding of the unicast packet, and establishes a multicast data session when the identified security policy authorizes forwarding of the unicast packet. The device establishes a multicast control session based on the multicast data session, where the multicast control session authorizes transmission of PIM-related control messages associated with the multicast packet.

Abstract: A method and an apparatus are provided for generating an encryption key for broadcast encryption. The method of generating the encryption key for the broadcast encryption includes generating a first encryption key with respect to all nodes, configured in a plurality of depths, from a root node to a plurality of leaf nodes, and generating a second encryption key with respect to each intermediate node between the root node and the plurality of leaf nodes, wherein the generation of the second encryption key comprises generating any one of first and second keys using the first encryption key depending on whether a first child node, connected to a sibling node of the intermediate node, is on a left path or a right path of the intermediate node.

Abstract: Provided is a method of protecting a content consumer's privacy. The method includes classifying contents into content groups, encrypting the contents using different encryption keys, generating a plurality of decryption keys each of which can decrypt all contents in each of the content groups, and provides the generated decryption keys to authorized clients, wherein each client is provided with a different decryption key.

Abstract: A communication device receives secure communication frames on which a security transform has been performed to permit authentication. The communication device maintains an authentication history and a local time varying parameter. In multi-hop communication, the communication device provisionally verifies the freshness of a received secure communication frame by verifying that identifying information extracted from the frame is not already present in the authentication history and that a received time varying parameter extracted from the frame is not older than the local time varying parameter by more than a certain margin. If these freshness tests both pass, the frame is authenticated. If authentication succeeds, the frame is transmitted on the next hop without performance of a new security transform.

Abstract: Direct Anonymous Attestation involves a Signer using a credential supplied by an Issuer to anonymously prove to a Verifier, on the basis of a public key of the Issuer, the Issuer's attestation to the Signer's membership of a particular group. To facilitate membership revocation, the Issuer updates the public key at intervals, and also effects a complementary updating to the Signer's credential unless the Signer has ceased to be a legitimate group member. A non-updated credential is inadequate to enable the Signer to prove its Issuer attested group membership to a Verifier on the basis of the updated Issuer public key.

Abstract: In an embodiment, a server determines to update at least one group session key (GSK) parameter for a given multicast group, the at least one GSK parameter configured to permit encryption, decryption and/or authentication of multicast messaging exchanged between members of the given multicast group during a multicast communication session. The server sends a notification to a plurality of multicast group members of the given multicast group that an update of the at least one GSK parameter for the given multicast group is available. At least one of the multicast group members receives the notification and sends a provisioning request to retrieve the updated at least one GSK parameter, the provisioning request including information specific to the given multicast group member. The server generates and encrypts the updated at least one GSK parameter and sends the encrypted at least one GSK parameter to the at least one multicast group member.

Abstract: A method is provided in one example implementation and the method includes interacting, via a first communication resource manager located in a first domain, with a second communication resource manager located in a second domain. The method further includes determining whether to establish a link for multicasting between users in the first domain and users in the second domain, and the link between the domains is established based on presence data of at least one user in the first domain and at least one user in the second domain.

Abstract: A system and method for receiving first information from a primary individual and establishing the primary individual as a first trusted user using the first information. Second information is then received from an interested subscriber, the second information including information relating the interested subscriber to the primary individual and establishing the interested subscriber as a second trusted user using the second information. A triggering event is received from the primary individual, where the triggering event includes third information verifying the primary individual as the first trusted user. An indication is provided to the interested subscriber based on the triggering event.

Abstract: A virtual machine computing platform uses a security virtual machine (SVM) in operational communications with a risk engine which has access to a database including stored patterns corresponding to patterns of filtered operational data that are expected to be generated during operation of the monitored virtual machine when malware is executing. The stored patterns may have been generated during preceding design and training phases. The SVM is operated to (1) receive raw operational data from a virtual machine monitor, the raw operational data obtained from file system operations and network operations of the monitored virtual machine; (2) apply rule-based filtering to the raw operational data to generate filtered operational data; and (3) in conjunction with the risk engine, perform a mathematical (e.g., Bayesian) analysis based on the filtered operational data and the stored patterns in the database to calculate a likelihood that the malware is executing in the monitored virtual machine.

Abstract: A device supports the processing of multiple active applications in a processor through a mapping system that securely identifies and differentiates commands issued by clients. An entity selection signal is generated by the mapping system to signal the processor to process an algorithm and provide services for a specific client using the commands identified for that client and data permitted by a client tracking system for that client. Other data accesses and commands identified for other clients are restricted when processing the algorithm.

Abstract: The present disclosure is directed to systems and methods including accessing a first private value, generating a first intermediate value based on the first private value, receiving a second intermediate value that is based on a second private value, generating a first comparison value based on the second intermediate value, receiving over the network a second comparison value that is based on the first intermediate value, comparing the first comparison value and the second comparison value to generate a result, and displaying the result, the result indicating that the first private is greater than the second private value when the first comparison value is less than the second comparison value, and the result indicating that the first private value is less than or equal to the second private value when the first comparison value is greater than the second comparison value.

Abstract: The claimed invention relates to system and method for providing encrypted content via a distribution network 630 with efficient key distribution and distribution network assignment. The claimed invention assigns users to content-specific distribution network in which the content is broadcast. This makes the content access much more efficient by conducting the authorization at the time of joining the content-specific distribution network and providing the content to entitled users through broadcasting. The claimed invention provides additional security by removing a user from the content-specific distribution network when his entitlement is no longer valid.

Abstract: A network device, such as an access control server, verifies the integrity of other network devices requiring access to a secure multicast. The network device receives a health status report from the other network devices and grants or denies access to the secure multicast based on a comparison of the health status report with a set of one or more stored policies. The network device then provides group keys to authorized network devices. The network device may also include a monitoring module that monitors activities of authorized network devices. Where the network device monitors authorized network devices, authorized network devices with behavior that fails to satisfy one or more behavioral policies will have their authorization revoked and will no longer have access to the secure multicast.

Abstract: A first communication apparatus that functions as a providing apparatus that provides an encryption key or as a receiving apparatus that receives an encryption key provided by a providing apparatus, and that performs a key sharing process for sharing an encryption key with another apparatus, confirms whether or not the first communication apparatus functioned as the providing apparatus in the key sharing process performed among a plurality of apparatuses present on a network in which the first communication apparatus is joining; compares identification information of a second communication apparatus that has newly joined the network with identification information of the first communication apparatus; and determines whether or not the first communication apparatus is to function as a providing apparatus in the key sharing process performed between the first and the second communication apparatuses based on the result of the confirmation and the comparison.

Abstract: Various embodiments of a system and method of digital rights management with authorized device groups are described. Various embodiments may include a system including a digital rights management (DRM) component configured to receive a private key of an authorized device group. In various embodiments, the receipt of the private key of the authorized device group may indicate the system is an authorized member of a group of devices permitted to access content items protected by a common public key associated with the authorized device group. In various embodiments the DRM component may be configured to, for each given content item of multiple content items that are encrypted with different content keys, decrypt an encrypted content key from the given content item with the private key of the authorized device group and decrypt content from the given content item with the decrypted content key.

Abstract: A system and method for performing a security check may include using at least one processor to periodically check a status of a flag, generate and store a baseline representation of modules stored on the device where the flag is determined to be set to a first state, and, where the flag is determined to be set to a second state, generate an active representation of modules stored on the first device, compare the active representation of modules to the baseline representation of modules, and, responsive to a determination in the comparing step of a difference between the baseline and active representations of modules, output an alert. The flag status may depend on an association of the device with one of a plurality of authorization policies, each mapped to one of the two states. Results of the comparison may be appended to an activity log of the device.

Abstract: Methods, systems, and apparatuses, including computer programs encoded on computer-readable media, for receiving a plurality of metadata associated with a plurality of media items. Each metadata includes a ranking score and a resource locator of the media item. Queuing media item identifiers based on the plurality of metadata and ordering the queue based on the ranking scores. Retrieving a portion of a highest-ranking unplayed media item and providing the portion to a content playback device. Receiving vote indications for an unplayed media item. The ranking score of the unplayed media is updated item based on the received vote indications. The unplayed media items are reordered in the queue based upon the updated ranking score of the unplayed media item. Retrieving a portion of a highest-ranking unplayed media item in the reordered queue and providing the portion to a content playback device.

Abstract: A request to receive multicast data, associated with a multicast group, may be transmitted. The request may be transmitted via a tunnel. Group keys may be received in response to the request. The group keys may be based on the multicast group. An encapsulated packet may be received via another tunnel. The encapsulated packet may be processed, using the group keys, to obtain a multicast packet associated with the multicast data. The multicast packet may be forwarded to at least one multicast recipient.

Abstract: A system and method for discovery and/or authentication of clients to a network, particularly a managed network, substantially without requiring the client and/or access device to transmit an unencrypted address or identification.

Abstract: In one embodiment, a method can include: (i) sending a request to join a group to a service broker; (ii) receiving from the service broker a list of key servers servicing the group; and (iii) sending registration information to a selected one of the key servers in the list.

Abstract: In a terminal device for controlling access to multicast services over a broadcasting network, an application outputs a user-preselected broadcast service request to a router that receives the broadcast services. The request contains an address of the selected service. The device includes a filtering entity that compares the address in the request with addresses in an address list generated on the basis of at least one filtering criterion, in order to authorize the transmission of the selected service from the router to the application so that the service is delivered when the address is included in the list.

Abstract: Disclosed is an inter-entity coupling method for service protection in a broadcast environment including a terminal and a broadcast network, which includes a Broadcast Service Application (BSA), a Broadcast Service Distribution (BSD) and a Broadcast Service Management (BSM) function. The method includes executing enrollment and service joining procedures for the terminal, wherein the terminal acquires a group key in the enrollment procedure and acquires a Rights Object (RO) for the service in the service joining procedure; receiving a message including a traffic key in the terminal; acquiring the traffic key from the message using the RO; receiving an encrypted service encrypted by the BSD in the terminal; and decrypting the encrypted service using the traffic key in the terminal.

Abstract: A data protection system includes terminals, and an encryption device that encrypts distribution data distributed to each terminal. Each terminal corresponds with one node on a lowest level of a tree structure having hierarchies. A data protection system excludes nodes on the lowest level, determines a plurality of combination patterns that include combinations of two or more of all four nodes that are reached one level below the node, decides an individual decryption key for each determined combination pattern, and decides an individual decryption key for each node on the lowest level. The data protection system prescribes nodes that are reached from the node on the lowest level and a terminal to the node on the highest level that is an invalid node.

Abstract: An IP server sends e-mail to a mobile device MS. This e-mail includes an application specifier that specifies startup of a Java application stored in mobile device MS and a data specifier that includes data used in operations executed by mobile device MS in accordance with a Java application. On the other hand, the ADF for the Java application stored in mobile device MS includes trusted source data containing a plurality of e-mail addresses that indicate trusted origins. Mobile device MS compares the e-mail transmission origin address with the trusted source data. Mobile device MS, only in the case where the transmission origin address of the received e-mail is included in the trusted source data, starts up a Java application based on an application specifier included in said e-mail, and uses data included in said data specifier in operations executed by that Java application.

Abstract: In one embodiment, a Home Agent receives a Mobile IP registration request from a group member, where the group member is a Mobile Node. The Home Agent generates a mobility binding for the group member that associates the group member with a care-of address, wherein the group member is a member of one or more groups. The Home Agent generates a Mobile IP registration reply, where the Mobile IP registration reply identifies one or more key servers. Each of the one or more key servers serves at least one of the one or more groups and is adapted for distributing group cryptography material to members of each group that is served by the corresponding key server. The Home Agent sends the Mobile IP registration reply to the group member, thereby enabling the group member to obtain cryptography material for at least one of the one or more groups from at least one of the one or more key servers to enable the group member to use the cryptography group material to securely communicate with other group members.

Abstract: Methods of automatically populating a secure group list in a key variable loader and of providing keys to a secure group are presented. After a user selects a secure group and encryption algorithm using inputs of the loader, the loader provides a group identifier and corresponding key for the group. The group identifier, encryption algorithm, and key are transmitted to a portable communication device over a physical connection between the two while a device identifier of the communication device is transmitted concurrently to the loader. The key variable loader automatically populates a stored list of subscribers of the group with the device identifier. When it is desired to transmit a new key to all of or fewer than all of the subscribers, one of the subscribers is connected with the loader and used to wirelessly transmit a new key to the remaining subscribers.

Abstract: A system and method efficiently deletes a file from secure storage, i.e., a cryptainer, served by a storage system. The cryptainer is configured to store a plurality of files, each of which stores an associated file key within a special metadata portion of the file. Notably, special metadata is created by a security appliance coupled to the storage system and attached to each file to thereby create two portions of the file: the special metadata portion and the main, “file data” portion. The security appliance then stores the file key within the specially-created metadata portion of the file. A cryptainer key is associated with the cryptainer. Each file key is used to encrypt the file data portion within its associated file and the cryptainer key is used to encrypt the part of the special metadata portion of each file. To delete the file from the cryptainer, the file key of the file is deleted and the special metadata portions of all other files stored in the cryptainer are re-keyed using a new cryptainer key.

Abstract: In one embodiment, an apparatus associated with securing a Resource Reservation Protocol (RSVP) with dynamic group keying is provided. The apparatus may include a group key logic that interacts with a dynamic group key management logic. The dynamic group key management logic provides a group key to members of a set of RSVP-capable devices. The apparatus also includes an RSVP authentication logic to determine whether a received RSVP message was provided by a member of the set of RSVP-capable devices. The determination is made using implicit authorization that depends on the group key and that does not depend on a challenge/response protocol. In one embodiment the apparatus is a router.

Abstract: Methods, systems and apparatus are provided for source authentication. In accordance with the disclosed embodiments, a key-management server generates a key-delivery message that includes a key data transport payload secured with a group key, and a source authentication payload. Upon receiving the key-delivery message at a communication device, the communication device may verify whether the source authentication payload of the key-delivery message is valid. When the source authentication payload is determined to be valid, the communication device thereby authenticates that the key-delivery message was transmitted by the key-management server.

Abstract: The invention relates to a method of controlling access to multicast IP flows. Following connection to a collection equipment by a user terminal, the method consists in: transmitting an access authorization request message from said collection equipment to an access control server; and, subsequently, upon successful verification of the user access right, transmitting an access authorization acceptance message comprising at least one multicast filter from the server to the collection equipment or, in the absence of a successful verification, transmitting an access refusal message from the server to the collection equipment in order to inhibit the connection of the user terminal. The invention is suitable for multicast broadcasting over an IP, Internet and/or corporate network.

Abstract: The invention provides a method, system, device and computer program product for setting up a secure session among three or more devices or parties of a communication group, including authenticating a key agreement between the devices or parties of the communication group, wherein the devices of the group start, preferably after a key is computed or agreed, a protocol, preferably a multi-party data integrity protocol, for authenticating the key agreement.

Abstract: A method and apparatus for updating a group key of a group corresponding to a binary tree are provided. The method includes updating keys of leaf nodes that correspond to new members, in response to a join of at least two new members joining the group; determining whether both of two child nodes of a single ancestor node are updated when updating a key of the single ancestor node of the leaf nodes; establishing one of the two child nodes as an update use node when both the two child nodes are updated; and updating a key of the ancestor node using the updating node. Thus, the group key may be effectively updated with respect to multi-join.

Abstract: Packet sequence number checking through a VPN tunnel may be performed by assigning sequence numbers on a per-priority class basis to packets traversing the VPN tunnel. In one implementation, a network device may receive a packet that is to be transmitted over a VPN tunnel, the packet including control information that includes at least a QoS priority class of the packet. The network device may extract the priority class of the packet from the control information and generate a sequence value that describes an arrival sequence of the packet relative to other received packets of the same priority class as the packet. The network device may additionally generate an IPsec header for the packet, the IPsec header including the sequence value and the priority class of the packet; attach the IPsec header to the packet; and transmit the packet through the VPN tunnel.

Abstract: A multicast host for communicating information published about any one of a set of topics to one or more authorised subscribers to those topics, the set of topics being partitioned into one or more partition elements, each partition element having a partition element encryption key associated therewith, wherein each of the one or more partition elements is a disjoint proper subset of the set of topics, the host comprising: means for receiving information relating to a topic; means for determining a partition element for the topic; means for retrieving a partition element encryption key associated with the partition element; means for encrypting the information with the retrieved partition element encryption key; and means for communicating the information to the one or more authorised subscribers.

Abstract: In a method of registering a plurality of client devices with a device registration server for secure data communications, a unique symmetric key is generated for each of the client devices using a cryptographic function on a private key of the device registration server and a respective public key of each of the client devices, and a broadcast message containing the public key of the device registration server is sent to the client devices, in which the client devices are configured to generate a respective unique symmetric key from the public key of the device registration server and its own private key using a cryptographic function, and in which the unique symmetric key generated by each client device matches the respective unique symmetric key generated by the device registration server for the respective client device.

Abstract: In a typical peer-to-peer network, any user of the peer-to-peer network may request a lookup of a key and its associated value. To limit access to a stored key-value pair, a user node may generate a registration message for a key-value pair. The value may include the payload to be stored at the storage node, and an access list containing one or more retrieval identifiers indicating one or more users authorized to access the payload. In some cases, the registration message may also include an encrypted payload which is encrypted with a group key. The group key may be included in the registration message, and may be encrypted with an encryption key which is known by the authorized user.

Abstract: Address information is requested of a data processing apparatus upon receiving, from the data processing apparatus, data to be transmitted to a network in order to confirm whether an external apparatus is using a specific address. The address information transmitted from the data processing apparatus in response to the request is registered in a communication control apparatus.

Abstract: A platform of Trust Management software which is a single, customizable, complete distributed computing security solution designed to be integrated into an enterprise computing environment. Digital Network Authentication (DNA) is the centerpiece of the system of the present invention. It is a unique means to authenticate the identity of a communicating party and authorize its activity. The whole mechanism can be thought of as a trusted third party providing assurances to both clients and servers that each communicating entity is a discrete, authenticated entity with clearly defined privileges and supporting data. Furthermore, the level of trust to be placed in the authorization of every entity communicating within the system is communicated to every entity within a distributed computing environment.

Abstract: A method for upgrading a Rights Object (RO) includes: acquiring, by a Digital Rights Management (DRM) Agent, RO related information of the RO that requires updating from a Secure Removable Media (SRM) Agent; providing, by the DRM Agent, the RO related information to a Rights Issuer (RI), and obtaining a new RO from the RI; and interacting, by the DRM Agent, with the SRM Agent to upgrade the RO that requires updating on the SRM by means of the new RO. According to the embodiments of the present invention, the DRM Agent acquires RO related information which is stored on the SRM and does not have Move rights, and interacts with the RI to move the RO out from the SRM, so as to move the RO without the Move rights out from the SRM.

Abstract: A method performed in a network element coupled between a subscriber end station and an AAA server for avoiding AAA processing by at least temporarily suppressing AAA access-request messages for a rejected subscriber end station. The network element receives subscriber session-request messages from the subscriber end station. Subscriber session-request messages include information for verifying an identity that the network element transmits to the AAA server as AAA access-request messages. The network element receives AAA access-response messages corresponding to the AAA access-request messages. Responsive to an AAA access-response message, the network element determines that additional AAA access-request messages should be, at least temporarily, suppressed with regards to the subscriber end station. Responsive to determining, the network element suppresses any additional AAA access-request messages from being transmitted to the AAA server.

Abstract: A method of encrypting broadcast and multicast data communicated between two or more parties, each party having knowledge of a shared key, is provided. The key is calculated using values, some of which are communicated between the parties, so that the shared key is not itself transferred. Avoiding the transfer of the key offers several advantages over existing encryption methods.

Abstract: Provided is a method of controlling content access in a home network. The method includes: (a) defining a predetermined sub group and allocating a sub group key for the sub group; and (b) checking whether a user belongs to the sub group and transmitting the sub group key to a user device requested by the user, wherein the user device obtains an encrypted content key using a domain key and the sub group key. Since a content key is twice encrypted using a domain key and a sub group key and transmitted to a user device, it is possible to provide authorized content access to a user.

Abstract: A revocation examination method and apparatus for a device are provided. The method includes: storing information regarding revoked nodes; receiving from the device an identifier (ID) of the device and a revocation examination request message including an ID of a leaf node corresponding to the device; examining whether the device corresponding to the ID of the leaf node is revoked with reference to the information regarding revoked nodes; and transmitting a response to the revocation examination request message based on a result of the examining.