Abstract: Apparatus, system, and method having a first counter to record a number of invalid authentication requests, a first timer to set a first time period based on a value of the first counter, and an authentication module associated with the first counter and the first timer to receive an initial authentication request that includes a username and when said username is invalid, the module is to invalidate any subsequent authentication requests under the username during the first time period regardless of whether the subsequent requests includes a valid username. The system further includes a communication medium. The method includes receiving an authentication request with new information in a first session, validating the new information, and caching the validated new information in the first session.

Abstract: A procedure for login in a case where a prescribed job is executed in an image processor is simplified. An image processor includes: input unit accepting an input of user authentication information from a user; user authentication unit performing user authentication by comparing the inputted user authentication information with the stored user authentication information to authorize execution of processing; and temporary ID generation unit generating an temporary ID if the user authentication is successful to store the temporary ID, being related to the user authentication information, wherein the input unit accepts an input of the temporary ID and the user authentication unit compares the inputted temporary ID with the stored temporary ID to thereby perform the user authentication and to authorize execution of the processing.

Abstract: A gateway obtains a server side certificate which is signed with a key used for signing zone data for a DNS discovery procedure of discovering the gateway by a mobile node and transmits the signed server side certificate to the mobile node in an authentication procedure of authenticating the gateway. The mobile node verifies the server side certificate received in the authentication procedure of authenticating the gateway, using a public key used for verifying a given zone in the DNS discovery procedure of discovering the gateway based on the signed zone data received for the gateway.

Abstract: A system and method for facilitating secure client server communication using elliptical curve cryptography and certificateless public key infrastructure has been disclosed. The system includes a secret key generation means which generates a secret key of m-bits based on the elliptic curve diffie hellman algorithm. The system further includes a session key generation means which makes use of said secret key and elliptic curve diffie hellman algorithm to generate a session key. The session key is used to facilitate secured communication between the client and the server.

Abstract: The present disclosure describes, e.g., electronic tickets, coupons and credits. In some cases these electronic objects are represented by imagery or audio. One claim recites a handheld apparatus including: an input for receiving an electronic coupon or credit, the electronic coupon or credit comprising audio; electronic memory for storing a received electronic coupon or credit; an audio output for outputting the received electronic coupon or credit, in which the electronic coupon or credit is intended to be applied to a purchase or transaction; and an electronic processor programmed for controlling output of the received electronic coupon or credit. Of course, other claims and combinations are provided too.

Abstract: The cryptographic scheme subdivides time into periods with an index j=0, 1, 2, etc. A public key indicates elements u and v of a first cyclic group G1 of prime order p and, for each period j, an integer sj between 0 and p?1 and elements g1,j of the group G1 and g2,j, wj and hj of another cyclic group G2 of order p. The private key of a member of the group indicates an integer xi between 0 and p?1 and, for each period j, an element Ai,j of the group G1 such that Ai,n=[Ai,n-1/g1,n-1]1/(xi?sn) for 1?n?j. To sign a message during a period j?0, the member selects two integers ? and ? between 0 and p?1, calculates T1=u?, T2=Ai,j·v?, S1=g2,j? and S2=e(Ai,j, hj)? where e(., .) is a bilinear map of G1×G2 onto GT, and determines according to the message the data that justify the fact that the elements T1, T2, S1 and S2 are correctly formed with knowledge of the private key of the member for the period with index j.

Abstract: Embodiments of methods, apparatuses, systems and/or devices for processing a certificate are disclosed.

Abstract: A digital signature generation apparatus includes memory to store finite field Fq and section D(ux(s, t), uy(s, t), s, t) as secret key, section being one of surfaces of three-dimensional manifold A(x, y, s, t) which is expressed by x-coordinate, y-coordinate, parameter s, and parameter t and is defined on finite field Fq, x-coordinate and y-coordinate of section being expressed by functions of parameter s and parameter t, calculates hash value of message m, generates hash value polynomial by embedding hash value in 1-variable polynomial h(t) defined on finite field Fq, and generates digital signature Ds(Ux(t), Uy(t), t) which is curve on section, the x-coordinate and y-coordinate of curve being expressed by functions of parameter t, by substituting hash value polynomial in parameter s of section.

Abstract: An online game commerce system, in one embodiment, provides an architecture for enabling the interactive trade, collection, advertisement, purchase, and sales of video game components through the representation and use of an online marketplace such as an auction, store, trading hub or similar expression within a video game. For example, an online race car game purchased at a retail store comes with five different starter cars, but game players are offered the opportunity through an online store or auction accessible through the game to purchase additional cars for $5 each or a new engine for existing cars for $1.00 each. After the initial release of the game, game publishers may offer new cars and race tracks downloadable online for a price of $5.00 each or a promotional offer of $20 for any combination of five.

Abstract: A system for storing information having a predetermined use which requires the information to be secured. The information may comprise credit card details used to complete a transaction. The system includes: (a) A client system for storing an encoded version of the information and an identifier. The encoded version is generated from first data of the information and an encoded version of the second data of the information. The information can be generated from the first data and the second data, and the predetermined use is infeasible with only one of the first data and the second data. (b) A remote server for storing the second data and an encoded identifier generated from the identifier. The client system sends at least the encoded version of the second data to the remote server. The client system or the remote server is able to generate the information from the first data and the second data.

Abstract: A genuine detection part for a product formed by a label with a continually repeating pattern and with a sticker over the pattern. The position of the sticker is converted to a number, and encrypted with a private key, to form a signature. The product is only legitimate if the signature matches the position of the sticker on the pattern.

Abstract: A method of handling a server delegation for a first server in a service system supporting a device management (DM) protocol is disclosed. The method comprises receiving a delegation message with a first signature from a second server via a delegation session, wherein the second server has a control of a plurality of management objects of a client; generating a delegation request message comprising the delegation message and the first signature; and sending the delegation request message with a second signature to the client in the service system, to obtain the control of the part of the plurality of management objects of the client.

Abstract: Methods, apparatus, including computer program products, and systems implement and use techniques relating to electronic signatures. In one implementation, a one-way hash is calculated for an electronic document and a digital watermark representing the one-way hash is embedded in a signature document. Based on a user input, the signature document having the embedded digital watermark is altered, and the electronic document is associated with the signature document. The electronic document and the signature document together comprise a signed electronic document. The user input can include biometric information, such as a handwritten signature or a voice recording. For additional security, the one-way hash can be encrypted before a representation of the hash is embedded in the signature document.

Abstract: A fast batch verification method and apparatus are provided. In the method of batch-verifying a plurality of exponentiations, (a) a predetermined bit value t is set to an integer equal to or greater than 1; (b) a maximum Hamming weight k is set to an integer equal to or greater than 0 and less than or equal than the predetermined bit value t; (c) n verification exponents si are randomly selected from a set of verification exponents S (n is an integer greater than 1, i is an integer such that 1?i?n), where the set of verification exponents S include elements whose bit values are less than or equal to the predetermined bit value t and to which a Hamming weight less than or equal to the maximum Hamming weight k is allocated; (d) a value of verification result is computed by a predetermined verification formula; and (e) the verification of the signatures is determined to be passed when the value of verification result satisfies a pre-determined pass condition.

Abstract: One embodiment is an information processing device for obtaining an HMAC, including a padding circuit for generating first key data by adding a first constant with respect to secret key data when a secret key length of input secret key data is shorter than a block length of a hash function, setting the secret key data as second key data when the secret key length is equal to the block length, generating third key data by adding the first constant with respect to a first digest value when the secret key length is longer than the block length, and performing an exclusive OR operation with a second constant with respect to one of the first key data, the second key data, or the third key data to calculate first data; a hash calculation circuit for obtaining the first digest value and obtaining a second digest value; and a control unit for managing a processing state for calculating the HMAC, wherein the hash calculation circuit outputs a first midway progress value when interrupting a calculation process of the f

Abstract: An image managing method includes dividing the original moving image into a header and a body and generating the group hash value of the header portion, generating the hash value of each item of still image data, connecting the group hash value of the header portion and the hash value of each item of still image data to generate connected hash values, generating a group of the connected hash values as a hash value list, generating the hash value of a Huffman table on the basis of cutting out one still image, and signing to generate signature information of the original moving image, using the group hash value of the header portion, the hash value of the Huffman table, and the hash list as verification data of the original moving image, by adding a digital signature of a video recording terminal to it.

Abstract: A method of and device for granting access to content on a storage medium, including obtaining cryptographic data from a property, such as a wobble, of the storage medium, reading helper data from the storage medium, and granting the access based on an application of a delta-contracting function to the cryptographic data and the helper data. The delta-contracting function allows the choice of an appropriate value of the helper data, such that any value of the cryptographic data which sufficiently resembles the original primary input value leads to the same output value. Substantially different values of the cryptographic data lead to different values of the output.

Abstract: An encoding method comprises generating a character map of an alphanumeric character string, identifying runs of like character type symbols in sequential positions, and removing the runs of character type symbols from the character map. The center for the center infix run is determined, and the characters of each character type are encoded into binary encoded substrings. A decoding method comprises parsing the one or more run fields in the alphanumeric header to determine a number of characters of each type of a plurality of character types represented in the binary encoded string, generating a character map having a string of character type symbols representing the binary encoded string, including determining a reduced character map, centering the character type symbols for a center infix run about the center of the reduced character map, completing a final character map, and decoding each binary encoded string.

Abstract: A method and system for verifying authenticity of an application in a computing-platform operating in a Trusted Computing Group (TCG) domain is provided. The method includes computing one or more integrity measurements corresponding to one or more of the application, a plurality of precedent-applications, and an output file. The output file includes an output of the application, the application is executing on the computing-platform. Each precedent-application is executed before the application. The method further includes comparing one or more integrity measurements with re-computed integrity measurements. The re-computed integrity measurements are determined corresponding to one or more of the application, the plurality of precedent-applications, and the computing-platform.

Abstract: Methods and devices for the secure encryption, enrollment, verification, and decryption of biometric and biographical identification information. The unique sequence of steps and the use of a combination of visible watermarking, invisible-fragile watermarking decoding, invisible-robust extraction, and decryption watermarking and encryption provides multiple layers of protection with four biometric based keys and makes it practically impossible for the information to be tampered with.

Abstract: Technologies to transfer responsibility and control over security from player makers to content authors by enabling integration of security logic and content. An exemplary optical disk (200) carries an encrypted digital video title combined with data processing operations that implement the title's security policies and decryption processes. Player devices include a processing environment (e.g., a real-time virtual machine), which plays content by interpreting its processing operations. Players also provide procedure calls to enable content code to load data from media, perform network communications, determine playback environment configurations (225), access secure non-volatile storage, submit data to CODECs for output (250), and/or perform cryptographic operations. Content can insert forensic watermarks in decoded output for tracing pirate copies.

Abstract: A communication system for transmitting and receiving communication data together with signature data attached thereto for verifying the communication data. A transmission-side in-vehicle device of the system generates the signature data for each unit of communication data consisting of M×N (M>=N>=2) pieces of communication data, and repeatedly transmits M pieces of divided signature data in N rounds, attached to M×N corresponding pieces of communication data. A reception-side in-vehicle device of the system reconstitutes the unit of communication data from M×N pieces of received communication data, reconstitutes the signature data from M pieces of received divided signature data, and then verifies the reconstituted unit of communication data with the reconstituted signature data. This can prevent data missing of the signature data due to communication errors to thereby reliably verify the communication data.

Abstract: An information processing system in which information transfers between communication devices through a network is limited within a prescribed range by registering unique information obtainable within the prescribed range into each device and permitting information transfer between devices which share common unique information, where the unique information is formed by a pair of public and secret unique information, a bridge device is controlled such that, upon receiving a proxy check request from a reception device, whether a transmission device is another bridge device or not is judged when the public unique information registered by the reception device is registered in the bridge device and one public unique information registered in the bridge device is registered by the transmission device. Then, the secret unique information registered by the reception device is transmitted to the transmission device when the transmission device is not another bridge device.

Abstract: Signatures for multiple encodings is disclosed. In some embodiments, signatures for multiple encodings includes receiving a first signature of digitally signed data included in a first document having a first document encoding; receiving a second signature of digitally signed data included in the first document having a second document encoding; receiving a third signature of digitally signed data included in a canonicalized version of the first document having a canonical encoding, in which canonicalizing the first document includes providing a different order of data within the first document based on a canonical ordering; selecting a signature from the received first signature, the received second signature, and the received third signature, in which the first signature, the second signature, and the third signature are associated with the first document to provide a digitally signed first document; and verifying the digitally signed data using the selected signature.

Abstract: Some embodiments of the application provides methods and systems for providing camera fingerprinting by receiving a video frame from a camera, generating a confidence map based on an image characteristic associated with the video frame, generating a signature based on a sensor imperfection in the camera, weighting the signature based on the confidence map for each frame and generating a key based on the weighted signature over the plurality of video frames received. Other methods and systems are disclosed.

Abstract: A system for secure communication is provided. A random value generator is configured to generate a random value. A message validation code generator is coupled to the random value generator and configured to generate a message validation code based on a predetermined key, a message, and the random value. A one-time pad generator is coupled to the random number generator and configured to generate a one-time pad based on the random value and the predetermined key. And a masked message generator is coupled to the one-time pad generator and configured to generate a masked message based on the one-time pad and the message. A protected message envelope generator is coupled to the random value generator, the message validation code generator, and the masked message generator, and is configured to generate a protected message envelope based on the random value, the message validation code, and the masked message.

Abstract: A method for authentication of elements of a group, especially for authentication of sensor nodes in a preferably wireless sensor network is disclosed. The group has one specific element—leading element—with which each of the group elements can exchange information and wherein the authentication of the group elements takes place with regard to the leading element. The leading element sends an authentication request to the group elements wherein the authentication request is the same for all the group elements. The group elements each send authentication responses—based on the authentication request—to the leading element, with the authentication responses being different for each group element.

Abstract: Methods, systems, and apparatus are disclosed which enable flexible insertion of forensic watermarks into a digital content signal using a common customization function. The common customization function flexibly employs a range of different marking techniques that are applicable to a wide range of forensic marking schemes. These customization functions are also applicable to pre-processing and post-processing operations that may be necessary for enhancing the security and transparency of the embedded marks, as well as improving the computational efficiency of the marking process. The common customization function supports a well-defined set of operations specific to the task of forensic mark customization that can be carried out with a modest and preferably bounded effort on a wide range of devices. This is accomplished through the use of a generic transformation technique for use as a “customization” step for producing versions of content forensically marked with any of a multiplicity of mark messages.

Abstract: The present invention is a controller capable of preventing card makers from conducting unauthorized acts. The controller includes: a controller key storage unit 511 configured to hold a controller key that has been generated by a controller manufacturing device in advance; a decryption unit 522 configured to receive encrypted media key information that has been generated by a key issuance center that is authorized and to decrypt the received encrypted media key by using the controller key, the encrypted key information generated through encryption of key information with use of the controller key; and an encryption unit 526 configured to encrypt the decrypted media key again by using an individual key that is unique to the controller.

Abstract: Techniques for protecting the security of digital representations and of analog forms made from them, including a technique for authenticating an analog form produced from the digital representation, an active watermark that contains program code that may be executed when the watermark is read, and a watermark agent that reads watermarks and sends messages with information concerning the digital representations that contain the watermarks. A watermark agent may be a permanent resident of a node in a network or of a device or it may move from one network node to another. The watermark agent executes code which examines digital representations residing in the node or device for watermarked digital representations that are of interest to the watermark agent. The watermark agent then sends messages which report the results of its examination of the digital representations. If the watermarks are active, the agent and the active watermark may cooperate.

Abstract: A robust technique to prevent illicit copying of video information notwithstanding the use of image scaling. A watermark is embedded into the video signal (e.g., DVD's content or other video sources) at different scales (i.e., sizes). The watermark is maintained at each scale for a predetermined time duration that is sufficient to allow the detector circuit in a DVD-recorder, DVHS recorder, DVCR, or any other digital format recorder to detect, extract, and process information contained in the watermark. At the end of the predetermined time duration, the watermark is changed to a different scale preferably on a pseudo-random basis to ensure that each one of all the scales in a predetermined scaling range is achieved a predetermined number of times. Thereby the recorder shuts off a number of times during play of the content, each time the detector circuit senses the watermark.

Abstract: A method of signing a message, a base station for a wireless sensor network, a node for a wireless sensor network and a wireless sensor network are provided. The method comprises, generating a secret key for signing the message, the secret key being based on an identity of a signer; generating an offline signature; generating an online signature based on at least the offline signature and the secret key; and wherein the online signature is verifiable using a verification algorithm that does not require a pairing operation.

Abstract: A method is provided of authenticating a digitally signed message. A chain of messages is generated. A Winternitz pair of keys is generated for each respective message. A sequence number is assigned to each of the messages. Each of the sequence numbers cooperatively identify an order of Winternitz verifiers assigned to each of the messages. A signature to a first message in the chain of messages is signed using a digital signature algorithm private key. Signatures to each of the following messages in the chain of messages are signed using both Winternitz private keys and digital signature algorithm private keys. The signed messages are broadcast from a sender to a receiver. The first signed broadcast message is authenticated at the receiver by verifying the digital signature algorithm signature. At least some of the following signed broadcast messages are authenticated at the receiver by verifying only the Winternitz signature.

Abstract: An object of this invention is to protect the right of a content holder without any necessity of a special storage medium incorporating a copyright protecting mechanism when the content holder does not coincide with a content creator. Information for encryption key generation is input. An encryption key is generated from the information for encryption key generation. Encryption key verification data is acquired from a storage medium, and the validity of the generated encryption key is authenticated based on the verification data. Generated data is encrypted by using the encryption key whose validity is authenticated by the authentication. The encrypted data is stored in the storage medium.

Abstract: The invention pertains to a method, computer readable medium, and data processing system for generation of an asymmetric cryptographic key pair including reception of an arbitrarily selectable login name, calculation of a first data object key, whereby a random value and the login name are included in the calculation, and calculation of a second data object key from the first data object key, whereby the first and second data object keys form the asymmetric cryptographic key pair.

Abstract: A subscription-based computing device has hardware and a subscription enforcer implemented in the hardware. The enforcer has an accumulator that accumulates a usage value as the computing device is being used and an expiration value register that stores an expiration value. The enforcer allows the computing device to operate in a subscription mode without hindrance and with full use when the usage value is less than the stored expiration value, and allows the computing device to operate in an expiration mode with hindrance and without full use when the usage value reaches the stored expiration value to signal that the subscription for the computing device has expired.

Abstract: A system and method of authenticating a digital still image captured using a digital image capture device. To process the digital still image for later authentication, a signature data is transmitted from a remote location to the digital image capture device. Upon capturing the digital still image, an image identification is associated with the digital still image. The signature data is then applied to the captured digital still image to produce an authentication signature representative of the captured digital still image. The authentication signature is associated with the image identification and transmitted from the digital still image to the remote location for storage at the remote location. To verify the authenticity of the digital still image, the digital still image is transmitted to the remote location. The signature data for the transmitted digital still image is accessed and applied to the transmitted digital still image to produce a verification signature.

Abstract: The present invention constructs a compound type combined public key system on the basis of a combined public key CPK system. The combined key is combined by an identity key and a randomly defined key. The randomly defined key can be defined by a center, called a system key; and can be self-defined, called updating key. Combination of the identity key and the system key generates a first-order combined key. The first-order combined key is then combined with the updating key to generate a second-order combined key. The first-order combined key can be used for centralized digital signature and key exchange. The second-order combined key can be used for distributed digital signature, to provide individual with convenient key exchange and absolute privacy. A combining matrix, as a trust root, provides proof of integrity of identity and key, with no need of third party proof.

Abstract: Authentication and access control device (104) includes a first security key sub-system (110, 112, 114, 116, 118). The first security key sub-system is responsive to an input signal for providing a first key code required for permitting a user access to a controlled resource. The device advantageously also includes a second security key sub-system (110, 112, 114, 116, 118) for providing a second key code different from the first key code. The second key code is useful for authenticating the user or facilitating secure use of a particular controlled resource (102).

Abstract: The invention is directed to a method for a software provider to enable a software-acquiring entity to arrive from an existent first signed piece of code at a second signed piece of code. Both pieces of code were generated at the software provider by use of a first software archive generator under use of generation instructions. The software provider provides to the software-acquiring entity a difference code that comprises the steps necessary to arrive from the first signed piece of code at the second signed piece of code. The difference code is combinable at the software-acquiring entity with the first signed piece of code by a second software archive generator to generate the second signed piece of code. The second software archive generator is therefor to be fed with those generation instructions that were used by the first software archive generator for the generation of both pieces of code.

Abstract: Exemplary embodiments are directed to a method and apparatus for storage of data for a batch of manufactured items. The method comprises defining, by a lower limit identifier and an upper limit identifier, a range of unique item identifiers for the batch, wherein each manufactured item in the batch is allocated a unique item identifier falling within the range. The number of unique item identifiers allocated to the manufactured items is smaller than the number of unique item identifiers in the range. The unique item identifiers allocated to the manufactured items are defined by the lower limit item identifier of the range, the upper limit item identifier of the range and an indication of those item identifiers in the range which are not allocated to a manufactured item.

Abstract: A method for securely handling processing of information in a chip may include randomly selecting one of a plurality of data processes based on a random process index. A time interval may be randomly allocated on the chip, for processing the randomly selected one of the plurality of data processes. When the randomly allocated time interval has elapsed, the randomly selected one of the plurality of data processes may be initiated. The randomly selected one of the plurality of data processes may include one or both of accessing data and acquiring the data. Data may be verified by the randomly selected one of the plurality of data processes prior to the processing of the data. The data may be verified utilizing at least one digital signature verification algorithm, such as a Rivest-Shamir-Adelman (RSA) algorithm and/or a secure hash algorithm (SHA-1).

Abstract: A system for digitally signing electronic documents is disclosed. The system includes a mobile device, an application server and a database, the mobile device includes a requesting module and a digest encrypting module, the application server includes an obtaining module, a digest generating module and a merging module. The requesting module is configured for sending a request for a digital signature of an electronic document to the application server; the obtaining module is configured for obtaining the electronic document from the database; the digest generating module is configured for generating a digest of the electronic document, and sending the digest to the mobile device; the digest encrypting module is configured for encrypting the digest, generating an encrypted value, and sending the encrypted value to the application server; the merging module is configured for merging the encrypted value and the electronic document. A related computer-based method is also disclosed.

Abstract: A method is for securing and verifying an electronic certificate issued by an authority to an owner. The certificate is stored in the memory of a user unit operated by the owner. The user unit transmits all or part of the data of the certificate to the authority. Further, during an initialization phase, the method includes determining, by the authority, a network identifier pertaining to the user unit, and storing, by the authority, the identifier in connection with the data of the certificate. As such, the use of an electronic certificate by individuals other than the owner may be prevented. Further, damages to the owner, in the case of the theft or copying of a certificate, may be avoided.

Abstract: Methods, signals, devices, and systems are provided for using proxy servers to transparently forward messages between clients and origin servers if, and only if doing so does not violate network policies. In some systems, a transparent proxy uses a combination of standard-format HTTP commands, embedding auxiliary information in URLs and other tools and techniques to redirect an initial client request to one or more policy modules, such as a login server or an identity broker or an access control server. The policy module authenticates the request, and uses HTTP redirection to have the client transmit authorization data to the proxy. The proxy extracts the authorization data, directs the client to use a corresponding cookie, and subsequently provides the implicitly requested proxy services to the client in response to the client's subsequently providing the authorization data in a cookie.

Abstract: A measurement engine performs active platform observation. A program includes an integrity manifest to indicate an integrity check value for a section of the program's source code. The measurement engine computes a comparison value on the program's image in memory and determines if the comparison value matches the expected integrity check value. If the values do not match, the program's image is determined to be modified, and appropriate remedial action can be triggered. The integrity manifest can include a secure signature to verify the validity of the integrity manifest.

Abstract: To enable usage of content at a receiver which does not have a copying function even if copyright protection is provided. Model names of receivers not having a function enabling copying of content are held in an authentication processing circuit (151) of a transmitter (10). When a model name obtained from a connected receiver (40) is held, regardless of whether the content is copyright protected, a signal selection circuit (122) selects a terminal a side, a switch (123) is turned on, and an unencrypted signal is transmitted. When a change of the receiver (40) is detected by a hot plug detection function or a plug and play function at a processing circuit (152) during the transfer of a signal of copyright protected content without providing copyright protection, the selection circuit (122) is made to select a terminal b side or the switch (123) is turned off to suspend the transfer of the non-copyright protected signal. The information indicating the receiver is held in a tamper-proof updateable manner.

Abstract: A node apparatus changes a first access key unique to itself; changes a shared key same for node apparatuses; encrypts, using the shared key, the first access key and transmits it; receives an access key notification frame; decrypts it using the shared key, thereby obtaining a second access key; attaches, to a first plaintext frame, first signature data obtained by encrypting, using the shared key, data including a first value calculated from the first plaintext frame; encrypts the first plaintext frame using the second access key and transmits thus encrypted frame; receives a second encrypted frame; decrypts it by the first access key to obtain a second plaintext frame; obtains a second value by decrypting, using the shared key, a second signature data attached to the second plaintext frame; calculates a third value from the second plaintext frame; and confirms whether the second and third values are consistent.

Abstract: A restricted web site has features that are selectively exposed to clients. A screening web site interacts with clients and collects data about the clients using passive and/or active techniques. The screening site generates a token for the client, and includes data in the token identifying the token and describing the client. The token is encoded in a cookie and saved in the client's web browser. The client subsequently provides the token to the restricted site. The restricted site validates the token to ensure that it is legitimate, has not expired, and has not been used before. The restricted site selects one or more features to provide to the client based on the data about the client in the token and/or on other information. If the client does not present a token or the token is invalid, the restricted site does not expose any features to the client.

Abstract: A computer-implemented method, apparatus, and article of manufacture provide a framework for embedding a graphical processing unit (GPU) program in computer software. A GPU program, that can be loaded and executed by a GPU, is obtained and encrypted to create an encrypted GPU program. The encrypted GPU program is stored in a source code file for the computer software and then compiled.