Abstract: The inventive data processing apparatus initially generates verifying values for verifying integrity of contents data stored in a memory device, then stores the verifying values in correspondence with contents data, and then, using the verifying values, the data processing apparatus proves the act of tampering with the relevant contents data, where the verifying values are generated and stored in a memory device per category of contents data. Each of the categories is preset based on a controlling entity of enabling key blocks (EKB) which encipher and provide a contents key (Kcon) provided as a key for enciphering the kinds of categories or contents data. Because of this arrangement, it is possible to effectively and independently executes the process for probing the act of tampering with contents data per controlling entity of the enabling key blocks (EKB) for example.

Abstract: A computer system (for example a blade server system) includes a connection framework for receiving at least two replaceable units (e.g., service processor units). Where a first replaceable unit is provided in the connection framework, the first replaceable unit can, on a second replaceable unit being received in the framework, allow restricted use of a default admin user login without a password for up to the end of predetermined period following receipt of the second replaceable unit. On receipt of an admin login with a configured password during the period, or on expiry of the period, the system can revert to normal operation.

Abstract: A method and system is provided for accelerating the conversion process between encryption schemes. The system includes a board in a gateway. The board includes a controller to receive security parameters and data encrypted according to a first encryption scheme and control the transmission of the data. The system includes a hardware device coupled to the controller to decrypt the data and encrypt the data according to a second encryption scheme. The data is then transmitted to the controller to be forwarded out of the gateway.

Abstract: A data processing system accepts a removable storage media, which becomes electrically engaged with a system unit within the data processing system, after which the removable storage media and the hardware security unit mutually authenticate themselves. The removable storage media stores a private key of a first asymmetric cryptographic key pair and a public key of a second asymmetric cryptographic key pair that is associated with the hardware security unit, and the hardware security unit stores a private key of the second asymmetric cryptographic key pair and a public key of the first asymmetric cryptographic key pair that is associated with the removable storage media. In response to successfully performing the mutual authentication operation between the removable storage media and the hardware security unit, the system unit is enabled to invoke cryptographic functions on the hardware security unit while the removable storage media remains engaged with the system unit.

Abstract: An information processing system which is capable of promptly authenticating a combination of a disk array device accommodating a plurality of disk devices, and an information processing apparatus in which the disk array device is mounted. A first control section of a cartridge device as a disk array device stores ID information for use in authentication by an information processing apparatus, and a second control section of the information processing apparatus acquires the ID information from the first control section. The second control section authenticates the cartridge device by using the acquired ID information. A third control section of the information processing apparatus reads out information from hard disk devices contained in the cartridge device when the authentication by the second control section is successful.

Abstract: A method of transmitting contents, which are to be received at a reception side where a portion of the contents is previewed while the contents are not accessible for playing other than for a preview purpose, includes the steps of encrypting the contents by a first encryption key, generating information indicative of an elapsed time of the contents that indicates a relationship between positions on a time axis of the contents representing an amount of time that passes as the contents are played and a time count that accrues as a preview time when the contents are previewed, encrypting the first encryption key and the information indicative of an elapsed time of the contents by a second encryption key, thereby generating first encrypted information, encrypting the second encryption key and content-usage control information by a third encryption key, thereby generating second encrypted information, the content-usage control information indicating usage of the contents on the reception side, and transmitting the

Abstract: Methods and apparatus are provided for a cryptography accelerator to efficiently perform authentication and encryption operations. A data sequence is received at a cryptography accelerator. An encrypted authentication code and an encrypted data sequence is provided efficiently upon performing single pass authentication and encryption operations on the data sequence.

Abstract: A method for performing a cryptographic function including calling into an encryption framework to perform the cryptographic function, wherein calling into the encryption framework comprises sending a request to perform the cryptographic function from a kernel consumer, and processing the request and returning the result to the kernel consumer, wherein processing the request comprises determining whether the request is synchronous or asynchronous, and determining which cryptographic provider to use to perform the cryptographic function.

Abstract: A method that utilizes software and hardware mechanisms to meet the FCC requirement for a U-NII antenna to be an integral part of the device in which it operates, while providing wireless ready U-NII devices and CRUable U-NII radios. Enhancements are made to the software BIOS, including the inclusion of a table of approved radio-antenna PCI ID pairs to create an authentication scheme that verifies and authenticates the radio and antenna combination as being an FCC-approved unique coupling during boot-up of the system. The BIOS also comprises an OEM field that stores an encrypted secret key utilized to complete a second check of the radio model placed in the device. During boot up of the device, the PCI ID pairs from the BIOS are compared against the PCI ID of the radio and the secret key is checked against the radio model.

Abstract: A method for accessing discrete data includes transmitting a write command to a memory, determining whether each data following a header of the file needs to be encrypted according to a data format of a file that is to be written into the memory, transmitting the file header and each data following the file header to a logic unit, turning on the logic unit for encrypting the data determined to be encrypted and writing the encrypted data into the memory, turning off the logic unit for writing the data determined not to be encrypted into the memory directly, and sending a first response signal from the memory when the writing of the file is finished.

Abstract: A device and a method of preventing pirated copies of computer programs. The device has input and output devices for bidirectional data exchange with an electronic computer and a first memory element containing a data file that can be transferred to the electronic computer over the output device. In addition, a second memory element into which data can be written via the input device is also provided. The method includes the following steps. First, this device is connected to an electronic computer for bidirectional data exchange. Then a first data file containing an electronic key is transferred from the device to the electronic computer. Subsequently a second data file containing an identifier of the electronic computer is copied from the electronic computer to the device.

Abstract: A method and computer system for providing access to computer resources on a computer system and includes generating a token containing encrypted user information including credit, authorization, and authentication information. A request is initiated to open an encrypted computer resource stored on the computer system, and execution of a remote application manager component on the computer system is also initiated. The remote application manager component decrypts the token and authenticates a user using authentication information stored in the token. Whether the user is authorized and has sufficient credit are then verified. When the user is approved, the requested computer resource is decrypted and opened. Use of the computer resource is monitored to determine whether the user has sufficient credit to continue using the computer resource. A notification is provided when the monitored usage of the opened computer resource has exceeded the credit.

Abstract: Protecting client-side code is disclosed. In some embodiments, when a request for a page is received via a network from a client, an initial definition of the page is sent to the client wherein the initial definition comprises a client-side code configured to cause the client to request on an as-needed basis download of a client-executable code associated with the page. A client receives such an initial definition of a requested page from an associated server of the page via a network. When an indication that the client-executable code referenced in the initial definition of the page is required to be executed, the server is sent via the network a request to download the client-executable code.

Abstract: A method for transferring at least one data record from an external data source into a processor unit, e.g., and a suitably designed processor unit are described. In such a method for transcribing at least one data record from the external data source to a processor unit, the at least one data record is transmitted from the external data source together with additional information to a buffer memory of the process unit. A check of the admissibility of using the at least one data record is performed on the basis of the additional information. A blocking signal is generated when the check reveals that use of the at least one data record is not allowed. The at least one data record is then deleted from the buffer memory. An enable signal is generated when the use of the at least one data record is allowed. The additional information includes an identifier assigned individually to the processor unit, with the validity check being performed in the processor unit.

Abstract: The invention, an electronic book selection and delivery system, is a new way to distribute books and other textual information to bookstores, libraries and consumers. The primary components of the system are a subsystem for placing text in a video signal format and a subsystem for receiving and selecting text that is placed in the video signal format. The system configuration for consumer use contains additional components and optional features that enhance the system, namely: (1) an operation center, (2) a video distribution system, (3) a home subsystem, including reception, selection, viewing, transacting and transmission capabilities, and (4) a billing and collection system. The operation center and/or video distribution points perform the functions of manipulation of text data, security and coding of text, cataloging of books, messaging center, and uplink functions.

Abstract: Methods and systems are disclosed in which information is securely transmitted in a network comprising untrusted network devices. Setup messages are sent to a networking device, and based on the setup messages, light directing devices are configured to direct light along a path from an origin endpoint to a terminal endpoint, thus providing a path through the network. Through the path, a stream of light information is sent using a plurality of light pulses to carry out quantum-cryptographic key distribution.

Abstract: A method, apparatus, and system are provided for extending a trusted computing base (TCB). According to one embodiment, a first level trusted computing base (TCB) is generated having hardware components including a trusted platform module (TPM), and an extended TCB is formed by adding a second level software-based TCB to the first level TCB, and properties associated with the first level TCB are transferred to the second level TCB.

Abstract: Apparatus and methods for encrypting an identifier such as a PIN entered on a keypad. The apparatus may include a pad, an encrypting circuit adjacent the pad and a link coupling the pad and the encrypting circuit. The pad is for entering an identifier, and the circuit for encrypting the entered identifier. The pad may be a physical touch pad such as an N-wire-technology touch pad. Alternatively, the pad may be a virtual touch screen. The encrypting circuit may be a CPU along with a memory coupled to the CPU and programmed to encrypt. The CPU and programmed memory may be the first CPU programmable to encrypt the entered identifier, through which the identifier passes. The encrypting circuit may be a microcontroller programmed to encrypt. In still another variation, the encrypting circuit may be an application-specific integrated circuit (ASIC). The apparatus may include a housing that encloses the encrypting circuit and link. The housing would be resistant to access, tampering or tapping.

Abstract: The secure computer system comprises at least one computer having a processor operating under the control of a program on input data that can be associated with a code and delivering output data for output members. A security peripheral that is external but connected to the processor is provided to receive at least the input data codes, the operands, and the nature of the operation of each elementary operation performed by the processor, a code being calculated on each elementary operation performed by the processor in order to verify proper performance of all or part of the executed program. The system is applicable to processes for automatically running rail track systems.

Abstract: In accordance with one embodiment, a method for securing control words is provided. The method includes receiving scrambled digital content in a descrambler integrated circuit. The method further includes receiving an encrypted control word in the descrambler integrated circuit, decrypting the encrypted control word using a key stored in a register circuit of the descrambler integrated circuit, and descrambling the scrambled digital content in the descrambler integrated circuit using the decrypted control word.

Abstract: A method for matching templates and a system thereof. Each template includes a plurality of data chunks, each data chunk representing a minutia and comprising a location, a minutia angle and a neighborhood. The location is represented by two coordinates. In one embodiment, each coordinate and the minutia angle are quantized. The neighborhood includes positional parameters with respect to a selected minutia for a predetermined number of neighbor minutiae. In one embodiment, a neighborhood boundary is drawn around the selected minutia and neighbor minutiae are selected from the enclosed area. A reference template is compared to a measured template on a chunk-by-chunk basis. A chunk from each of the template is loaded into a random access memory (RAM). The location, minutia angle and neighborhood of the reference data chunk are compared with the location, minutia angle and neighborhood of the measured data chunk, respectively.

Abstract: An encrypting keypad module (30) comprising a keypad (40) and an encryption unit (42) is described. The encryption unit (42) includes an interpreter (56) for receiving a file (150) containing data and instructions for processing the data. The encryption unit (42) is operable to process the data in the file (150) by interpreting the instructions in the file (150). This enables a file (150) to be used to instruct the encryption unit (42) about the data that is to be operated on and the type of operations to be performed on the data.

Abstract: A server blade may comprise a processor and a network interface. The network interface can be configured to be connected to a network remote to the server blade. The server blade may be configured to detect a malicious code occurrence in traffic on the network. The server blade may be further configured as a field replaceable unit. Optionally, the server blade may further comprise an enclosure which encloses the processor.

Abstract: Methods and systems protect digital content such as premium content like movies, programs, and other types of digital audio/visual content. In some embodiments, an architecture and related methods protect content by maintaining the content in encrypted form, whether the content resides in video card memory (referred to herein as “VRAM”), or some other local or remote memory subsystem. The methods and systems enable video card co-processors, such as the graphics processing unit (GPU) to manipulate the encrypted content or data. In various embodiments, the content is maintained in an encrypted format and is unencrypted only when the GPU operates upon the data. After the GPU operates upon the data, the resultant data is re-encrypted and written to memory.

Abstract: Computer operations whose execution would increase usage costs may require use of authorization and notification plug-ins to prevent unauthorized execution. The command may be designed to only execute properly if the authorization and notification plug-ins are properly registered. The computer system customer designs the authorization and notification plug-ins based on standard application programming interfaces to suit the customer's business practices and links them to the computer operation. The computer operation executes the authorization plug-in to determine if the proper authorization plug-in parameters have been specified and verify that the command is authorized. If authorization is granted, the computer operation checks to see that the notification plug-in is given the correct parameters, executes the computer operation, and then executes the notification module to notify the necessary personnel.

Abstract: An operational system (10) includes a seed-bearing device (12) that has a seed (22). A key-determinative device (14) determines a key in response to the seed (22). A code-determinative device determines the code in response to the key. A controller performs a task in response to the code.

Abstract: Methods and systems protect digital content such as premium content like movies, programs, and other types of digital audio/visual content. In some embodiments, an architecture and related methods protect content by maintaining the content in encrypted form, whether the content resides in video card memory (referred to herein as “VRAM”), or some other local or remote memory subsystem. The methods and systems enable video card co-processors, such as the graphics processing unit (GPU) to manipulate the encrypted content or data. In various embodiments, the content is maintained in an encrypted format and is unencrypted only when the GPU operates upon the data. After the GPU operates upon the data, the resultant data is re-encrypted and written to memory.

Abstract: A method and apparatus for secure distribution of information over a network, comprising: encrypting payload information using a first encryption key in a first data processor; sending the payload information encrypted using the first encryption key to a second data processor; encrypting the payload information encrypted using the first encryption key using a second encryption key in the second data processor; and sending the payload information encrypted using the first encryption key and the second encryption key to a third data processor, and generating a decryption key based on the first encryption key and on the second encryption key, such that the decryption key is operable to compute the payload information by decrypting the payload information encrypted using the first encryption key and the second encryption key.

Abstract: A secure device is provided that can store programs therein, the secure device including: a low-protection level storage unit; a high-protection level storage unit; a program acquiring unit that acquires a program and corresponding additional information, the additional information used for determining a storage destination of the acquired program; an additional information analyzing unit that stores the acquired program in one of the low-protection level storage unit and the high-protection level storage unit, according to additional information; an area searching unit; a protection level judging unit; and a program storing unit.

Abstract: A plug and play device and an access control method, in which the plug and play device includes an access control device and a main function device. When the plug and play device is connected to a host, the access control device is first connected to the host to execute an authorization procedure. The user is not authorized if the authentication procedure rejects the user. In this case, the plug and play device denies the host control. Conversely, the user is authorized if the authentication procedure approves the user. In this case, the plug and play device connects the main function device to the host and accepts control by the host. After the host loads a proper driver, it may control the plug and play device.

Abstract: A method of provisioning a computer against computer attacks includes constructing a hierarchy characterizing different computer attacks and counter measures, and traversing this hierarchy to identify computer attacks and countermeasures relevant to a target platform. Detection and protection measures are collected in response to this traversing. These detection and protection measures are then downloaded to a security sensor associated with the target platform.

Abstract: An interface for facilitating facsimile transmission via a wireless communications device operatively connected to a wireless communications network, including: a modem suitable for being communicatively coupled to a facsimile machine; a controller coupled to the modem; and, a memory operatively coupled to the controller. The interface includes code to cause the modem to transmit a retrain request to the facsimile machine upon expiration of a given temporal period. The interface includes a circuit for selectively generating a ring signal corresponding to a plain old telephone service ring signal. The interface includes a circuit for selectively generating a hold signal corresponding to a plain old telephone service hold signal. And, the circuit includes code to cause the modem to transmit data indicative of white lines to the facsimile machine upon expiration of a given temporal period.

Abstract: The present invention is intended to quickly download contents while preventing unauthorized contents usage. PD authentication program authenticates telephone-integrated terminal device. Server authentication program authenticate key server. Server LCM controls the reception of a request for data for identifying key server and a key from telephone-integrated terminal device. On the basis of the data for identifying key server, server LCM sends a request for the key to key server and receives the requested key from key server. Key distribution program sends the key to telephone-integrated terminal device.

Abstract: A theft deterrent system that provides for the remote activation and deactivation of the protected equipment's primary functionality as well as for the geolocation of the equipment to assist in the recovery of the equipment. The remote control of the equipment's functionality is accomplished by including special circuitry in the protected equipment such that the functionality can be activated or deactivated remotely via a secure communications link. Associated with one form of such a secure link, and/or special circuitry, is the ability to determine the geolocation of the equipment. These dual features deter the theft of the equipment by rendering it useless without proper activation, and undesirable because of the locatability of the equipment and the threat of apprehension.

Abstract: A system for executing cryptographic services on a baseboard management controller separated from a main processor, with the baseboard management controller having isolated execution and memory with respect to the main processor. Cryptographic information is communicated between the baseboard management controller and the main processor to verify BIOS integrity and provide functionality consistent with Trusted Computer Platform Architecture.

Abstract: A method for preserving digital evidence of a computer misconduct, the method including the steps of: prior to the misconduct, installing an expansion card capable of retrieving and storing a memory image and register information from a digital electrical computer in which the expansion card is installed; connecting a switch to regulate the expansion card from a location other than the computer; at the time of the misconduct, using the switch to trigger the retrieving and storing of the memory image and the register information into the expansion card; and subsequent to the misconduct, extracting the expansion card to preserve digital evidence of the computer misconduct. This method can be carried out further by subjecting the memory image and register information from the expansion card with another computer to forensic analysis.

Abstract: The invention provides a device, used in a communication apparatus including a cipher-key generating module, for securing a subscriber's information. The device includes a storage module, a cipher-key acquiring module, an encrypting module and a decrypting module. The subscriber's information is stored in the storage module. The cipher-key acquiring module transmits an input to the cipher-key generating module, and then receives a cipher key generated by the cipher-key generating module in response to the input. The encrypting module retrieves the cipher key through the cipher-key acquiring module, retrieves the subscriber's information from the storage module, and encrypts the subscriber's information using the cipher key to generate an encrypted information. After generated, the encrypted information is stored into the storage module and replaces the subscriber's information.

Abstract: A method and system for processing packets allows consolidation of security processing. Security processing is performed in accordance with multiple security policies. This processing is done in a single front end processing block. Different security processes can be performed in parallel. Processing overhead is reduced by eliminating the need to redundantly check packet characteristics to assess the different security requirements imposed by security policies. Further, the present invention also substantially reduces the CPU cycles required to transport data back and forth from memory to a cryptographic coprocessor.

Abstract: In a communication system having a plurality of networks, a method of achieving network separation between first and second networks is described. First and second networks with respective first and second degrees of trust are defined, the first degree of trust being higher than the second degree of trust. Communication between the first and second networks is enabled via a network interface system having a protocol stack, the protocol stack implemented by the network interface system in an application layer. Data communication from the second network to the first network is enabled while data communication from the first network to the second network is minimized.

Abstract: An apparatus and method thereof for providing a secure path for a digital signal in an intelligent transceiver such as a bi-directional set-top box. A digital signal (e.g., a broadcast signal or a signal received via a cable modem) is received by the intelligent transceiver at a front-end device (comprising, for example, a tuner). The digital signal is descrambled (if it is scrambled) and encrypted (if it is not encrypted) by a first functional block (e.g., an interface card or point of deployment) coupled to the front-end device. Coupled to the front-end device via the first functional block is a second functional block for processing (e.g., decoding) audio and/or visual content within the digital signal. Integrated into the second functional block is a decryption engine for decrypting encrypted signals. Signals from the front-end device are received via the first functional block by the decryption engine integral to the second functional block.

Abstract: A system for receiving and processing digital video information such as a digital television broadcast, includes a modular platform which receives a plurality of hot pluggable cards. The platform is coupled by a high data rate graphics bus to a digital television display. The bus may provide encrypted information to prevent piracy of the video. Because the platform is modular in design, upgrades to the digital video system may be easily implemented using hot pluggable technology without changing the display. Thus, advances in electronics may be incorporated into the platform without necessitating that the owner replace the display.

Abstract: A peripheral card having a Personal Computer (“PC”) card form factor and removably coupled externally to a host system is further partitioned into a mother card portion and a daughter card portion. The daughter card is removably coupled to the mother card. In the preferred embodiment, a low cost flash “floppy” is accomplished with the daughter card containing only flash EEPROM chips and being controlled by a memory controller residing on the mother card. Other aspects of the invention includes a comprehensive controller on the mother card able to control a predefined set of peripherals on daughter cards connectable to the mother card; relocation of some host resident hardware to the mother card to allow for a minimal host system; a mother card that can accommodate multiple daughter cards; daughter cards that also operates directly with hosts having embedded controllers; daughter cards carrying encoded data and information for decoding it; and daughter cards with security features.

Abstract: In a microprocessor that internally has a microprocessor specific secret key, a key management unit is provided to carry out a key registration for reading out from an external memory a distribution key that is obtained in advance by encrypting the instruction key by using a public key corresponding to the secret key, decrypting the distribution key by using the secret key to obtain the instruction key, and registering the instruction key in correspondence to a specific program identifier for identifying the program into a key table, and to notify a completion of the key registration to the processor core asynchronously by interruption when the key registration is completed.

Abstract: A cryptographic device comprises a data stream interceptor, a main controller receiving input from the data stream interceptor, and a pair of data generating and storage controllers adapted to perform data transfer protocols with corresponding peer controllers of a data generating device and a data storage device, respectively, on command from the main controller. The cryptographic device further comprises a cipher engine programmed to transparently encrypt and decrypt data streams flowing between the data generating device and data storage device on command from the main controller. The cryptographic device does not utilize system resources associated with the data generating and storage devices during operation.

Abstract: A revocation list is registered a public ROM area. The revocation list designates at least one electronic device in which use of the storage medium by the designated electronic device is to be revoked. A controller receives from the electronic device which attempts to access, identification information indicative of the electronic device, and checks whether identification information corresponding to the received identification information is contained in the revocation list, thereby determining whether or not use of the storage medium by the electronic device which attempts to access should be revoked.

Abstract: A method and microcontroller for secure object sharing between applications executing on the microcontroller. A server application registers a delegate object with the operating system of the microcontroller. The delegate object permits access to the public interfaces of the server while enforcing security policies.

Abstract: It is sometimes desirable to protect a design used in a PLD from being copied. If the design is stored in a different device from the PLD and read into the PLD through a bitstream, an unencrypted bitstream could be observed and copied as it is being loaded. According to the invention, a bitstream for configuring a PLD with an encrypted design includes unencrypted words for controlling loading of the configuration bitstream and encrypted words that actually specify the design.

Abstract: Apparatus for a multiparty electronic service having at least one host computer being operative to maintain and enforce at least one machine-interpretable service specification (contract) for governing a service between the parties that interact in the processing of a service request. The at least one host computer determines, in accordance with the at least one service specification, the validity of a request and conditionally executes a sequence of processing steps as defined in the service specification. The at least one host computer is further operative to conditionally provide notifications to the contract parties. Machine-interpretable service specifications are negotiated between all parties that cooperate in the processing of a request. Machine-interpretable service specifications can be dynamically added to and cancelled from the system.

Abstract: In an authentication communicating semiconductor device to enhance protection against illegal copying, a logic analyzer probe or the like is connected to a CPU bus to suppress possibility in which the authentication process is intercepted and is analyzed to break the mechanism of illegal copy protection and the electronic device is modified to set a tampered encryption key to the CPU bus. The authentication communicating semiconductor device includes a semiconductor chip, a main processing unit formed on the chip for generating a key code according to a predetermined algorithm, for determining approval/non-approval of communication of data with an external device, and for controlling the communication; an encryption unit formed on the chip for encrypting and decoding communication data using the key code generated by the main processing unit, and an interface unit formed on the chip for conducting communication with an upper-layer or a lower-layer according to a predetermined protocol.

Abstract: The invention concerns a chip card receiving fields of compressed data encapsulated in frames including an indication of the expected length of decompressed data and a length of compressed data. The frames are received in a storage unit and the processor of the card decompresses each data field according to a decompression algorithm over a length based on the indication of the expected length and writes the decompressed data in another buffer storage unit. Several algorithms and optionally several decompression models are installed in the card storage unit, and a couple thereof is selected by the number read in the heading of each frame received.