Abstract: A method, computer program product, and data processing system are disclosed for ensuring that applications executed in the data processing system originate only from trusted sources are disclosed. In a preferred embodiment, a secure operating kernel maintains a “key ring” containing keys corresponding to trusted software vendors. The secure kernel uses vendor keys to verify that a given application was signed by an approved vendor. To make it possible for independent developers to develop software for the herein-described platform, a “global key pair” is provided in which both the public and private keys of the pair are publicly known, so that anyone may sign an application with the global key. Such an application may be allowed to execute by including the global key pair's public key in the key ring as a “vendor key” or, conversely, it may be disallowed by excluding the global public key from the key ring.

Abstract: A security device including a first external interface; a second external interface; and a security controller connected to said first external interface and said second external interface, said security controller being adapted to validate an access right based on a codeword received via said first interface to perform an encrypted memory access via said second external interface to an external memory coupleable to said second external interface, and to prevent that encrypted memory access via said first external interface or prevent any output of data via said first external interface depending on data received via said second external interface in case of a negative validation.

Abstract: A method and apparatus for enabling a licensed end user to record digital data as described is particularly useful to the music industry as it enables them to make audio data available over the internet but to retain control of the uses to which that audio data can be put. Thus, upon completing a financial transaction to pay for the required audio tracks, the end user is enabled to download and decrypt encrypted music tracks and to play them on the end user's personal computer. The end user can also be allowed to burn a CD including the downloaded music tracks. However, the end user is only enabled to decrypt and record the music tracks onto the CD if the music tracks are recorded together with copy protection.

Abstract: Method for storing data in the memory (1.2) of an electronic device (1), wherein the data to be stored is encrypted with an encryption key (Ks). The electronic device (1) is provided with an identification card (2) equipped with a cryptographic algorithm and an individual identifier (ID). In the electronic device (1), at least one seed value (RAND1, RAND2, RAND3) is generated, and the at least one seed value is transmitted to the identification card (2). The cryptographic algorithm is performed on the identification card (2), with the seed value (RAND1, RAND2, RAND3) being used as the input, wherein at least one derived value (Kc1, Kc2, Kc3) is produced in the algorithm. The at least one derived value (Kc1, Kc2, Kc3) is transmitted to the electronic device (1), wherein the at least one derived value (Kc1, Kc2, Kc3) is used in the formation of the encryption key (Ks). The invention also relates to an electronic device (1), module, and computer software product.

Abstract: An intrusion detection system for a computer network includes a knowledge database that contains a baseline of normal host behavior, and a correlation engine that monitors network activity with reference to the knowledge database. The correlation engine accumulating information about anomalous events occurring on the network and then periodically correlating the anomalous events. The correlation engine generates a worm outbreak alarm when a certain number of hosts exhibit a role-reversal behavior. It is emphasized that this abstract is provided to comply with the rules requiring an abstract that will allow a searcher or other reader to quickly ascertain the subject matter of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or meaning of the claims. 37 CFR 1.72(b).

Abstract: An identification system 1 used for authenticating a user at a user station 30 requesting access to secure information at a base station 20, wherein the system 1 includes one or more base stations 20, one or more user stations 30, and one or more identification devices 10 used for authenticating the user of the user station 30. The identification device 10 is coupled to a user station 30. The device 10 includes a plurality of device codes and identity data, to receive an identification request from the base station 20, generate an identification response including an identification code using the plurality of device codes and a plurality of algorithms, and, transfer the identification response back to the base station 20. The base station 20 authenticates the user's request for secure information by using the identification response.

Abstract: A data file reproduction system has a data file supplying apparatus that extracts video data and audio data from a received data file, compresses the extracted video and audio data and produces a compressed data file containing the compressed audio and video data together with meta data or navigation data determined from the received data file for enabling navigation of the original data file. The compressed data file is then copy-protected. Upon request, the copy-protected compressed data file is communicated to a reproduction apparatus.

Abstract: A method for authenticating and deciphering an encrypted program file for execution by a secure element includes receiving the program file and a digital certificate that is associated with the program file from an external device. The method stores the program file and the associated certificate in a secure random access memory disposed in the secure element and hashes the program file to obtain a hash. The method authenticates the program file by comparing the obtained hash with a checksum that is stored in the certificate. Additionally, the method writes runtime configuration information stored in the certificate to corresponding configuration registers disposed in the secure element. The method further generates an encryption key using a seed value stored in the certificate and a unique identifier disposed in the secure element and deciphers the program file using the generated encryption key.

Abstract: The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node.

Abstract: A method for interacting with a memory device is provided. In this method, a cryptographic communication application is registered to be associated with a protocol type in a web browser. A message encapsulated in the protocol type from the web browser is received and thereafter transmitted to the memory device. Here, the message is associated with a cryptographic operation.

Abstract: An electronic device includes a power supply unit, a control unit, a first boot circuit, and a data encryption unit. The control unit outputs a boot signal for causing the power supply unit to start supplying power. The first boot circuit interconnects the power supply unit and the control unit for transmitting the boot signal. The data encryption unit is for interconnecting the power supply unit and the control unit so as to form a second boot circuit through which the boot signal is transmitted and for cutting off the first boot circuit.

Abstract: A system and method of recovering encoded information contained in a device by storing and retrieving at least part of the necessary decoding data by setting and measuring the physical characteristics of the device. Storage and recovery options include, but are not limited to, measurement of electronic or optical characteristics of electrically or optically conductive portions of the device using a range of measurement techniques that include, but are not limited to, time-domain reflectometry.

Abstract: Systems and apparatuses disclosed herein provide for a tamper resistant electronic device. The electronic device can include a circuit board, housing, a security shield, one or more pressure sensitive switches, and security electronics. The security shield can cover a first area of the circuit board and be configured to sense tampering. The security shield can also be integrated into the first part of the housing, wherein a second area of the circuit board is covered by the housing and is outside of the security shield, both the first area and the second area having electronics therein. The security electronics on the circuit board can be coupled to the security shield and the one or more pressure switches, and can be configured to zeroize data stored on the circuit board if the security shield senses tampering or if one or more of the one or more pressure sensitive switches is disengaged.

Abstract: A system and method for data processing for coding. The method may include providing a first plurality of bytes of data, non-linearly transforming the first plurality of bytes into a second plurality of bytes, multiplying each of the second plurality of bytes of data by a predetermined constant of a plurality of constants to generate a third plurality of bytes, and organizing in use the third plurality of bytes as a plurality of output bytes. Systems to practice the foregoing methods are also described.

Abstract: A system and method for coding data to help resist differential attacks. Data in m columns may be initialized to an initialized value. One new column of data may be mixed with a new input word and input to an advanced mixer. The advanced mixer may include linear mixing having indexed bytes and performing of exclusive-OR operation and transposing. An output of the advanced mixer may be a new m column state. A value of m could be 0 through 30. The value of m may have a preferred range of 27 through 36. Systems to implement the foregoing method are also described.

Abstract: To provide a content playback device capable of protecting content according to DRM, when decrypting encrypted content recorded on a recording medium and playing the decrypted content. If key generation information is “00”, a key control unit 104 concatenates a decrypted media key and content information in this order, and applies a one-way function to the concatenation result to generate a content key. If the key generation information is “10”, the key control unit 104 sets a rights key as the content key. If the key generation information is “01”, the key control unit 104 concatenates the decrypted media key and the rights key in this order, and applies a one-way function to the concatenation result to generate the content key.

Abstract: Systems and methods consistent with the present invention encode a list so users of the list may make inquiries to the coded list without the entire content of the list being revealed to the users. Once each item in the list has been encoded by an encoder, a bit array with high and low values may be used to represent the items in the list. The bit array may be embodied in a validation system for allowing users to query the list to determine whether an inquiry item is on the list. The validation system determines which bits to check by executing the same coding process executed by the encoder. If all the bits are high, then the inquiry item is determined to be part of the list, if at least one of the bits is low, then the inquiry item is determined not to be part of the original list.

Abstract: An integrated circuit (IC) includes a demodulator for receiving encrypted information data and a hardware unit that enables conditional access to the information data. The hardware unit includes a processing unit, a RAM, a ROM, multiple non-volatile registers, and an interface unit for transferring an attribute to the demodulator. The non-volatile registers may include an IC identification and an encryption key. In an embodiment, the ROM includes a boot code that causes the processing unit to fetch a code from an external memory and store the fetched code in the RAM. The fetched code may include a certificate that ensures the authenticity of the code. The fetched code may be encrypted and decrypted by the ROM using the IC identification and the encryption key. The demodulator includes a descrambler for decrypting the received information data using the attribute. The information data may include digital radio or television content.

Abstract: Methods and devices for increasing or hardening the security of data stored in a storage device, such as a hard disk drive, are described. A storage device provides for increased or hardened security of data stored in hidden and non-hidden partitions of a storage medium in the device. An algorithm may be utilized for deriving a key that is used to encrypt or decrypt text before it is read from or written to the hard disk. The algorithm accepts as input a specific media location factor, such as an end address or start address of the block where the text is being read from or written to, and a secret key of the storage component. The output of the algorithm is a final key that may be used in the encryption and decryption process. Thus, in this manner, the final key is dependent on the location of the block where the data is being written or read, thereby making it more difficult to tamper with the data, which may be stored in a hidden or non-hidden partition of a hard disk.

Abstract: An electronic circuit (200) includes one or more programmable control-plane engines (410, 460) operable to process packet header information and form at least one command, one or more programmable data-plane engines (310, 320, 370) selectively operable for at least one of a plurality of cryptographic processes selectable in response to the at least one command, and a programmable host processor (100) coupled to such a data-plane engine (310) and such a control-plane engine (410). Other processors, circuits, devices and systems and processes for their operation and manufacture are disclosed.

Abstract: A gaming machine comprises a gaming board and a mother board. The gaming board comprises a boot ROM and a card slot. The boot ROM stores therein an authentication program for authenticating a gaming program and a gaming system program stored in a memory card. The card slot receives the memory card therein. The mother board comprises a main CPU and a RAM. The main CPU reads the authentication program from the boot ROM and the gaming program and gaming system program from the memory card received in the card slot. The main CPU executes an authentication process for the read gaming program and gaming system program according to the read authentication program. The main CPU writes the authenticated gaming program and gaming system program to the RAM. The main CPU controls a game proceeding according to the written gaming program and gaming system program.

Abstract: A viewer for displaying electronic books and having various features for restricting access to their content. A user may assign ratings to stored electronic books, or use standard ratings, and assign access levels to potential users. The ratings and access levels determine which electronic books, or portions of the electronic books, a particular user may access on the viewer.

Abstract: A system consisting of a memory storage unit in which the licensed audio files are stored. The function of this device is to recognize the requested data and thereby allow the audio file contents from the memory storage unit according to the instructions set to this device. It is an effective means for protecting the audio files in the device from duplication.

Abstract: At a seller, an encryption device encrypts content data stored in a content server using an encryption key generated by an encryption key generation device, and records the encrypted content data and a communication program on a recording medium. A paper indicating an identification code unique to each recording medium is attached to the recording medium. A decryption key corresponding to the encryption key and the identification code are registered in a managing database. A user terminal sends the identification code to a decryption key managing server apparatus via Internet in accordance with the communication program, in a case where the user terminal is to copy or install or reproduce the content data stored on the recording medium. The decryption key managing server apparatus sends a decryption key corresponding to this identification code to the user terminal. The user terminal decrypts the content data using the decryption key sent thereto.

Abstract: To provide a program conversion device capable of executing a program that includes a secret operation using secret information without exposure of the secret information in a memory. In an execution program generation device, with respect to an original program that includes the secret operation, a combining function generation unit generates combining function processing for applying a bitwise self-dual function to an input value, a split secret information generation unit generates pieces of split secret information by performing an inverse operation of the self-dual function, a program conversion unit generates pieces of split secret operation processing each for performing the operation between each bit value of the operand information and a corresponding bit value of a different piece of the split secret information, and replaces the secret operation processing with the pieces of the split secret operation processing and the combining function processing.

Abstract: Methods and apparatus are provided for efficiently normalizing and denormalizing data for cryptography processing. The normalization and denormalization techniques can be applied in the context of a cryptography accelerator coupled with a processor. Hardware normalization techniques are applied to data prior to cryptography processing. Context circuitry tracks the shift amount used for normalization. After cryptography processing, the processed data is denormalized using the shift amount tracked by the context circuitry.

Abstract: A display device includes a processor, a memory, an interface and a keypad. The keypad, separably connected to the interface, includes a signal generator. When the display device is connected to a power source, the processor sends a first signal to the interface. The signal generator generates a second signal in response to the first signal. The processor determines whether the second signal is correct based on data stored in the memory. If yes, the display device may be activated. A method for activating the display device via the separable keypad comprises the steps of: connecting the display device to the power source; the display device sending the first signal to the interface; determining whether the second signal is correct; and if yes, activating the display device.

Abstract: A method is provided for implementing a mandatory access control model in operating systems which natively use a discretionary access control scheme. A method for implementing mandatory access control in a system comprising a plurality of computers, the system comprising a plurality of information assets, stored as files on the plurality of computers, and a network communicatively connecting the plurality of computers, wherein each of the plurality of computers includes an operating system that uses a discretionary access control policy, and wherein each of a subset of the plurality of computers includes a software agent component operable to perform the steps of intercepting a request for a file operation on a file from a user of one of the plurality of computers including the software agent, determining whether the file is protected, if the file is protected, altering ownership of the file from the user to another owner, and providing access to the file based on a mandatory access control policy.

Abstract: A communication device having a private key and configured to implement an elliptic curve security mechanism for successful operation of which it: (a) receives a first value from another device, (b) computes a second value as the scalar multiplication of the first value with its private key and (c) returns that second value for use by the other device; the mechanism being such that the first value defines a pair of coordinates representing a first point and the second value defines a pair of coordinates representing a second point and being such that the first value is valid only if it lies on an elliptic curve of predefined form; the device being configured to implement the mechanism by the steps of: receiving data as the first value; making a first evaluation as to whether the first value is a singular point with respect to the elliptic curve; computing the second value as the scalar multiplication of the first value with the private key; making a second evaluation as to whether the second value lies on the

Abstract: An electronic device prior to entering a distribution channel is equipped with a Loss Prevention Client which permits limited use of the device until correct authentication is provided by a legitimate purchaser. By permitting limited use before authentication, the device remains both useful to a legitimate purchaser and valuable to a thief. While allowing operation in the possession of a thief, options can be provided to permit tracking of the device or to allow proper purchase of the device.

Abstract: Embodiments of a cryptograph processing device and method for adapting to shared-cache attacks are generally described herein. Other embodiments may be described and claimed. In some embodiments, the cryptographic processing device comprises first and second processing units, and a cache that is shared by the first and second processing units. The first processing unit may monitor a number of cache misses that occur during the performance of a first cryptographic process and may switch to performing a second cryptographic process after the number of cache misses exceeds a threshold.

Abstract: A data transmission method is achieved by transmitting a contents data transmission request from a host device to a module; by dividing a first contents data into a plurality of blocks in the module; by transmitting the plurality of blocks from the module to the host device; and by combining the plurality of blocks to produce a second contents data. A plurality of data buses are used for the transmission of the contents data transmission request and the plurality of blocks.

Abstract: A receiver device consistent with certain embodiments that receives and decrypts digital cable or satellite television signals has a receiver that tunes and demodulates the television signal into a digital transport stream. A decrypter decrypts the digital transport stream using a pair of decryption keys. A first decryption key array stored in a first storage location forming a part of the receiver device, and a second key array stored in a second storage location forming a part of the receiver device, the first and second key arrays representing ordered pairs of keys. An authorization table is stored in a third storage location forming a part of the receiver device, the authorization table containing a mapping, wherein each ordered pair of decryption keys corresponds to a different one of a plurality of Multichannel Video Program Distributors (MVPD). This abstract is not to be considered limiting, since other embodiments may deviate from the features described in this abstract.

Abstract: An information reproducing apparatus of the present invention includes a secure module and a main memory. The information in the secure module can not be accessed from outside. The secure module reads, using a direct access method, information relating to software stored in the main memory. The secure module checks a falsification of the software by comparing the information read with the information stored in advance in the secure module.

Abstract: In one embodiment of the present invention, a secure cryptographic circuit arrangement is provided. The secure cryptographic circuit includes a cryptographic processing block, a spreading sequence generator, and a delay control circuit. The cryptographic processing block has a plurality of signal paths. One or more of the plurality of signal paths includes respective adjustable delay circuits. The spreading sequence generator is configured to output a sequence of pseudo-random numbers. The delay control circuit has an input coupled to an output of the spreading sequence number generator and one or more outputs coupled to respective delay adjustment inputs of the adjustable delay circuits. The delay control circuit is configured to adjust the adjustable delay circuits based on the pseudo-random numbers.

Abstract: An electronic ticket providing system capable of distributing and browsing the information relating to a ticket can be realized while maintaining the security and transferability of an IC card. The electronic ticket information is divided into formal ticket data and provisional ticket data. The formal ticket data includes authentication information for admission, ticket notation information, and authentication information for acquisition of information for a ticket owner. The provisional ticket data includes the ticket notation information, and authentication information for acquisition of information for a ticket purchase requester. The electronic ticket information is distributed from an electronic ticket vending server to a mobile telephone over a communications network. In the mobile telephone, the formal ticket data is stored in a removable storage medium such as an IC card, etc. having high security and transferability, and the provisional ticket data is stored in the internal memory.

Abstract: A method for dependent trust in a computer system is provided. In this method, trust dependency relationships are defined among components of the computer system, specifying, for a component, which components it relies on in ensuring the integrity or confidentiality of its code or data. Subsequently, trust dependencies are resolved and the results are used in performing certain operations described in Trusted Computing Group standards including generating an attestation reply, sealing data, and unsealing data. In addition, methods for computing an integrity measurement for a Core Root of Trust for Measurement of a trust-dependent component are included. A system for dependent trust in a computer system is also described.

Abstract: A Tamper-Resistant Communication layer (TRC) adapted to mitigate ad hoc network attacks launched by malicious nodes is presented. One embodiment of the invention utilizes TRC, which is a lean communication layer placed between a network layer and the link layer of a network protocol stack. All aspects of the network protocol stack, with the exception of the routing protocol and data packet forwarding mechanism in the network layer, are unchanged. TRC takes charge of certain key functions of a routing protocol in order to minimize network attacks. Additionally, TRC implements highly accurate self-monitoring and reporting functionality that can be used by nodes in the network to detect compromised nodes. TRC of a node controls its ability to communicate with other nodes by providing non-repudiation of communications. The tamper-resistant nature of TRC provides high assurance that it cannot be bypassed or compromised.

Abstract: A Personal Computer Memory Card International Association (PCMCIA) card is disclosed. The PCMCIA card may include a cryptographic module, a communications interface, and a processor. The cryptographic module may perform Type 1 encryption of data received from a computer into which the card is inserted. The cryptographic module may support High Assurance Internet Protocol Encryption (HAIPE). The communications interface may provide connectivity to a network adapter. The communications interface may include a Universal Serial Bus (USB) interface. The processor may detect whether a network adapter is coupled to the communications interface, identify a device driver that corresponds to the network adapter, and employ the device driver to provide operative communication between the cryptographic module and the network adapter. The PCMCIA card may contain a datastore that maintains a plurality device drivers. For example, the plurality of device drivers support any one of IEEE 802.x, Ethernet, V.

Abstract: Aspects of the invention provide a method and system for coding information in a communication channel. More particularly, aspects of the invention provide an method and system for synchronous running encryption and/or encoding and corresponding decryption and decoding in a communication channel or link. Aspects of the method may include encoding and/or encrypting a first data using a first or second encoding table and/or a first or second encryption table. The method may indicate which one of the first or second encoding tables or which one of the first or second encryption tables were utilized for encoding and/or encrypting the said first data. The encoded and/or encrypted first data may subsequently be transferred downstream and decoded by synchronous decoder/decryptor using a corresponding decoding and/or decryption table.

Abstract: A method and an apparatus ensuring protection of digital data are provided. In addition to re-encrypting the data using an unchangeable key, the data is double re-encrypted using a changeable key. The changeable key is used first and the unchangeable key is then used, or in another case, the unchangeable key is used first, and the changeable key is then used. In the aspect of embodiments, there is a case adopting a software, a case adopting a hardware, or a case adopting the software and the hardware in combination. The hardware using the unchangeable key developed for digital video is available. In adopting the software, encryption/decryption is performed in a region below the kernel which cannot be handled by the user to ensure the security for the program and for the key used. More concretely, encryption/decryption is performed with RTOS using a HAL and a device driver, i.e., a filter driver, a disk driver and a network driver, in an I/O manager.

Abstract: The present invention relates to an information processing apparatus by which a communication channel providing a high degree of privacy is established between a PDA and a data communication server. Data encrypted with a temporary key is shared by a PDA and a memory card. The memory card decrypts the data by the shared temporary key, and then stores the data in the memory card. Data encrypted with a temporary key shared by a PC and the memory card. The PC decrypts the data by the shared temporary key, and then stores the data in the PC. The PC and the data communication server are connected to each other, and perform mutual authentication. The data encrypted with a temporary key shared by the PC and the data communication server as a result of the authentication is transmitted from the PC to the data communication server via a broadband network.

Abstract: In one embodiment, a computer system comprises at least a first computing cell and a second computing cell, each computing cell comprising at least one processor, at least one programmable trusted platform management device coupled to the processor via a hardware path which goes through at least one trusted platform management device controller which manages operations of the at least one programmable trusted platform device, and a routing device to couple the first and second computing cells.

Abstract: A communication system comprises a content provider system configured to receive a content request indicating content and a device identifier, determine a first key based on the device identifier, process the content using the first key to modify the content from an unprotected state to a protected state, and transfer the content in the protected state. The communication system further comprises an end user system configured to receive the content in the protected state and process the content with a second key to modify the content from the protected state to an unprotected state wherein the second key is internally hard coded to the end user system.

Abstract: A method for management of access means to conditional access data may include: initiating, from a security module of a multimedia unit, a verification of the next renewal date of the access means, which are associated to time information and are controlled by a management centre; determining, in the security module, the next renewal date of the access means; if the next renewal date of the access means is closer than a preset duration, then sending a request from the security module to the multimedia unit that requests the renewal of the access means; sending the request for renewal of the access means from the multimedia unit to the management centre; verifying by the management centre, if the multimedia unit is authorized to renew the access means; and in the case of a positive response, sending of an access means renewal message to the multimedia unit.

Abstract: In one embodiment, an add-on pre-scanner card is removably pluggable into a local bus of a computer. The add-on pre-scanner card may be coupled to a computer network to receive network traffic. The add-on pre-scanner card may be configured to extract payloads from received packets and scan the payloads for computer viruses. The add-on pre-scanner card may pass scanned payloads and other data to the computer by way of a shared memory interface. The pre-scanner card may identify each payload as infected with a virus, virus-free, or unknown to allow the computer to distinguish payloads that do not need further scanning from those that do. The computer may further scan for viruses payloads that the pre-scanner card cannot ascertain as either virus free or virus infected.

Abstract: Methods of authenticating a user design in a programmable integrated circuit. The methods utilize an identifier unique to the programmable IC and a data word taken from the user design. The data word can be unique to the design and can include a string of data taken from the configuration data for the design, or the values of circuit nodes read from selected points throughout the design. A function is performed on the identifier and the data word, producing a key specific to the user design as implemented in that programmable IC. The key is compared to an expected value. When the key matches the expected value, the user design is enabled. When the key does not match the expected value, at least a portion of the user design is disabled. Circuitry for performing the steps of the method can be implemented in the programmable resources of the programmable IC.

Abstract: Two kinds of security chips having a security interface are provided. One kind of security chip comprises a processor module, an encrypt/decrypt module, a memory module, a power detecting module and a security I/O module, and all of the modules are connected with each other by an internal bus in the security chip; the other kind of security chip comprises a processor module, an encrypt/decrypt module, a memory module, a power detecting module and an I/O interface module, all of the modules being connected with each other by the internal bus in the security chip, wherein, the security chip also comprises a security input module, a security output module and a south bridge interface module, and all of the modules are connected with each other by the internal bus in the security chip.

Abstract: The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node.

Abstract: A Personal Computer Memory Card International Association (PCMCIA) card may establish, via a non-secure network, a secure communications channel between a computer and a secure network. The non-secure network may define a first address space. The secure network may define a second address space. The PCMCIA card may include a cryptography module, a network adapter, and/or a processor. The cryptography module may provide Type 1 cryptography of data communicated between the computer and the secure network. The network adapter may be in communication with the non-secure network and may be associated with a first network address from the first address space. The processor may be in communication with the secure network via the cryptography module and the network adapter. The processor may identify a second network address for the computer from the second address space and may communicate the second network address to the computer, for example via dynamic host control protocol (DHCP).