Abstract: A storage means which can be accessed by an authentication apparatus stores content data, a first digest table including primary digest values corresponding to a plurality of data portions constituting the content data, a second digest table including secondary digest values corresponding to a plurality of data portions of the first digest table, and a digital signature generated from the second digest table. In a first reading step, the second digest table and the digital signature are read out from the storage means into a memory of the authentication apparatus. In a first authentication step, the authenticity of the content data is verified using the digital signature read out into the memory and the second digest table read out into the memory.

Abstract: Control system of an electronic instrument for metrological measurements, comprising an electronic local processing unit including a handling application of said instrument. The system includes a control application for said handling application, which can be associated with said local processing unit, said control application being suitable for generating a univocal certification code for the application.

Abstract: A remote connecting and shielding power supply system for receiving electricity and data from an electrical outlet and comprising a power line module embedded within the power supply for stripping data from electricity when received within the power supply and a single board computer also embedded within the power supply for shielding the motherboard of a device from unwanted data.

Abstract: The present disclosure provides a system and method for performing modular exponentiation. The method may include dividing a first polynomial into a plurality of segments and generating a first product by multiplying the plurality of segments of the first polynomial with a second polynomial. The method may also include generating a second product by shifting the contents of an accumulator with a factorization base. The method may further include adding the first product and the second product to yield a first intermediate result and reducing the first intermediate result to yield a second intermediate result. The method may also include generating a public key based on, at least in part, the second intermediate result. Of course, many alternatives, variations and modifications are possible without departing from this embodiment.

Abstract: A network device for processing data packets includes an encryption services module, a number of network interfaces and a forwarding module. A network interface receives a packet requiring encryption services and forwards the packet. The forwarding module receives at least a portion of the data packet, where the portion includes header information. The forwarding module identifies a security association for the data packet, appends the security association to the portion of the data packet and forwards the portion of the data packet including the security association to the encryption services module. The encryption services module processes the packet in accordance with the security association.

Abstract: Methods for creating an interactive gaming environment are provided. In various embodiments, methods of the present invention may include initializing an interactive game application at a game server which is then characterized as having an active status, notifying a lobby server concerning the active status of the game server, registering the application with a universe management server via the lobby server, and allowing users to join the interactive gaming environment. The users joining the interactive gaming environment may be identified by a server key obtained from the game server.

Abstract: A method and apparatus is disclosed for preventing the unintended retention of secret data caused by preferred state/burn-in in secure electronic modules. Sequentially storing the data and its inverse on alternating clock cycles, and by actively overwriting it to destroy it, prevents SRAM devices from developing a preferred state. By encrypting a relatively large amount of secret data with a master encryption key, and storing said master key in this non-preferred state storage, the electronic module conveniently extends this protection scheme to a large amount of data, without the overhead of investing or actively erasing the larger storage area.

Abstract: A removable drive such as a USB drive or key is provided for connecting to computer devices to provide secure and portable data storage. The drive includes a drive manager adapted to be run by an operating system of the computer device. The drive manager receives a password, generates a random key based on the password, encrypts a user-selected data file in memory of the computer device using the key, and stores the encrypted file in the memory of the removable drive. The drive manager performs the encryption of the data file without corresponding encryption applications being previously loaded on the computer system. The drive manager may include an Advanced Encryption Standard (AES) cryptography algorithm. The drive manager generates a user interface that allows a user to enter passwords, select files for encryption and decryption, and create folders for storing the encrypted files on the removable drive.

Abstract: A method for protecting at least one first datum to be stored in an integrated circuit, including, upon storage of the first datum, performing a combination with at least one second physical datum coming from at least one network of physical parameters, and only storing the result of this combination, and in read mode, extracting the stored result and using the second physical datum to restore the first datum.

Abstract: Briefly, a low-cost system and method for pseudo-random nonce value generation is disclosed.

Abstract: The invention is a method, system, and apparatus providing user control and security of a PC system. Using the hardware and associated installation software, the system is capable of uniquely securing a PC system without the need for name and password entry. The secure USB device contains a unique asymmetrical key pair, unique device ID, secure storage area, and the firmware to control all of this. In providing the security and control, one embodiment of the invention does not require biomechanical devices or name and password entry systems. There are no passwords and login names to be found, and the encryption/decryption keys are protected from exposure. This provides a more secure environment, as the keys are protected from exposure. The user is in control of the PC system and the data which is desired to be kept secure.

Abstract: A system-on-a-chip (SoC) to process digital audio-video content includes one or more input/output (I/O) interfaces to transmit the digital audio-video content to corresponding I/O devices coupled to the SoC and to receive the digital audio-video content from the corresponding I/O devices. The SoC also includes a cryptographic engine to encrypt the digital audio-video content being transmitted via the I/O interfaces to the corresponding I/O devices and to decrypt the digital audio-video content received via the I/O interfaces from the corresponding I/O devices.

Abstract: A highly configurable kernel supports a wide variety of content protection systems. The kernel may reside in a host that interacts with a secure processor maintaining content protection clients. After establishing communication with the secure processor, the host receives messages from content protection clients requesting rules for message handling operations to support client operations. This flexible configuration allows for dynamic reconfiguration of host and secure processor operation.

Abstract: To provide a content playback device capable of protecting content according to DRM, when decrypting encrypted content recorded on a recording medium and playing the decrypted content. If key generation information is “00”, a key control unit 104 concatenates a decrypted media key and content information in this order, and applies a one-way function to the concatenation result to generate a content key. If the key generation information is “10”, the key control unit 104 sets a rights key as the content key. If the key generation information is “01”, the key control unit 104 concatenates the decrypted media key and the rights key in this order, and applies a one-way function to the concatenation result to generate the content key.

Abstract: A printing system and printer with an electronic signature capability, and a method thereof are provided. To print security documents using an electronic signature stored in a portable memory, the printing system of the invention includes a portable memory for storing an electronic signature. A memory interface connects detachably to the portable memory. A printer receives the electronic signature from the memory interface, composes the received electronic signature with print data, and executes a print operation. Accordingly, a stamping or signature process on numerous documents can be facilitated, and excessive stamping or signature execution can be prevented. Moreover, the electronic signature of the invention can be executed on various types of forms or documents.

Abstract: Methods for creating an interactive gaming environment are provided. In various embodiments, methods of the present invention may include initializing an interactive game application at a game server which is then characterized as having an active status, notifying a lobby server concerning the active status of the game server, registering the application with a universe management server via the lobby server, and allowing users to join the interactive gaming environment. The users joining the interactive gaming environment may be identified by a server key obtained from the game server.

Abstract: Apparatus and method to scramble data prior to placing it on a bus or in memory uses embedded hardware keys for encryption/decryption. The hardware keys may be used in addition to software encryption. Different hardware keys may be used to process most significant bits and least significant bits of a data word. Different hardware keys may be used to process messages from/to different channels. The hardware key may be comprise a series of fixed logic cells.

Abstract: In accordance with one embodiment, a method for securing control words is provided. The method includes receiving scrambled digital content in a descrambler integrated circuit. The method further includes receiving an encrypted control word in the descrambler integrated circuit, decrypting the encrypted control word using a key stored in a register circuit of the descrambler integrated circuit, and descrambling the scrambled digital content in the descrambler integrated circuit using the decrypted control word.

Abstract: The present invention provides an apparatus and method for performing cryptographic operations on a plurality of message blocks within a processor to generate a message digest. In one embodiment, the apparatus has an x86-compatible microprocessor that includes translation logic and execution logic. The translation logic receives a single, atomic cryptographic instruction from a source therefrom, where the single, atomic cryptographic instruction prescribes generation of the message digest according to one of the cryptographic operations. The translation logic also translates the single, atomic cryptographic instruction into a sequence of micro instructions specifying sub-operations required to accomplish generation of the message digest according to the one of the cryptographic operations. The execution logic is operatively coupled to the translation logic. The execution logic receives the sequence of micro instructions, and performs the sub-operations to generate the message digest.

Abstract: A method is provided for re-initializing a cryptographic processing module (102) at a location designated as an unclassified environment. The method includes storing in a database (122) a module unique recovery vector (310, 510) assigned to a cryptographic processing module. The method also includes indexing the module unique recovery vector in the database using a unique module identifying code (for example, a serial number) assigned to the cryptographic processing module. The method further includes subsequently communicating the module unique recovery vector from the database, over a computer network (120), to a remote computing environment (400) that is unclassified. The module unique recovery vector is used to re-initialize the cryptographic processing module.

Abstract: In an information reproducing apparatus having an open architecture, a secure module stores first information, and has a structure which does not allow access to the first information from outside, and a memory has a structure which can be accessed from outside. A decryption unit loaded in the memory decrypts an encryption applied to the first information by using a predetermined key. A key supply unit implemented in the secure module supplies the predetermined key to the decryption unit. An authentication unit implemented in the secure module supplies second information to the decryption unit, refers to third information returned in response to the second information, and checks for authenticity of the decryption unit. A key-supply stop unit implemented in the secure module stops supply of the predetermined key by the key supply unit when the authentication unit does not authenticate the decryption unit.

Abstract: The invention is directed to systems and methods for communicating sensitive and/or confidential medical information with the use of encryption. Specifically, the invention is directed to transmitting a request for sensitive medical data, where the request includes a public key for encryption as an XML node. The public key may be used by the responding party to encrypt at least a portion of the response and respond to the request. The only party in the network path that is able to decrypt the message is the originator of the request because the requestor will have a private keys which is required to decrypt the response data.

Abstract: A device for encryption of data. The device may include a first coupling for connection to a computer, a second coupling for connection to an external data storage device, and an encryption circuit for encryption and decryption of data stored on or being transferred to the external data storage device, wherein the encryption circuit is arranged such that during encryption a decryption key is stored on the external data storage device, and such that during decryption the decryption key is retrieved from the external data storage device.

Abstract: A system, method and media drive for selectively encrypting a data packet. The system includes an encryption key for use in encrypting the data packet, a verification data element derived from the encryption key, an encryption engine for selectively encrypting the data packet using the encryption key, and a verification engine in electronic communication with the encryption engine. The verification engine is configured to receive the encryption key and the verification data element, determine when the verification data element corresponds to the encryption key as received by the verification engine, and prohibit encryption of the data packet by the encryption engine when the verification data element does not correspond to the encryption key as received by the verification engine.

Abstract: A clock signal extractor (11) is connected to an interface of an information equipment (2) for processing an information signal, to extract a clock signal component from the information signal. A clock signal generator (12) generates a pseudo clock signal having an optional phase difference relative to the clock signal component extracted by the clock signal extractor (11). A prevention signal generator (13) generates, based on the pseudo clock signal generated by the clock signal generator (12), a leakage prevention signal having an electromagnetic wave strength stronger than electromagnetic waves leaking from the information signal. A prevention signal output unit (14) outputs the leakage prevention signal generated by the prevention signal generator (13).

Abstract: A content provider 101 distributes a secure container 104 storing content data encrypted using content key data, content key data encrypted using distribution key data, and encrypted usage control policy data indicating the handling of the content data to a SAM 1051 of a user home network 103 etc. The SAM 1051, etc. decrypts the content data and usage control policy data stored in the secure container 104 and determines the purchase mode and usage mode and other handling of the content data based on said decrypted usage control policy data.

Abstract: Systems and methods that facilitate processing data, such as by encryption/decryption, and storing and retrieving data to/from memory such that actual data can be distinguished from information associated with, or representative of, erased/blank memory locations. A processor can include a comparing component that compares information input to the processor to determine whether such information is associated with actual data, or associated with, or representative of, erased/blank memory locations. Information associated with, or representative of, an erased/blank memory location can be processed so that it can be interpreted as such by other components. If actual data is processed such that the comparing component interprets the processed data to be equivalent to an erased/blank memory location, then the data can be re-processed, so it is not interpreted as such, before being forwarded to its next destination.

Abstract: A cryptographic device may include a cryptographic module and a communications module removably coupled thereto. The cryptographic module may include a first housing, a user network interface carried by the first housing, a cryptographic processor carried by the first housing and coupled to the user network interface, and a first connector carried by the first housing and coupled to the cryptographic processor. Furthermore, the communications module may include a second housing, a second connector carried by the second housing and being removably mateable with the first connector of the cryptographic module, and a network communications interface carried by the second housing and coupled to the second connector.

Abstract: In an array of groups of cryptographic processors, the processors in each group operate together but are securely connected through an external shared memory. The processors in each group include cryptographic engines capable of operating in a pipelined fashion. Instructions in the form of request blocks are supplied to the array in a balanced fashion to assure that the processors are occupied processing instructions.

Abstract: Database management and security is implemented in a variety of embodiments. In one such embodiment, data sets containing sensitive data elements are analyzed using aliases representing sensitive data elements. In another embodiment, the sensitive data elements are stored in an encrypted form for use from a secure access, while the alias is available for standard access.

Abstract: A processor-based system, including systems without keyboards, may receive user inputs prior to booting. This may done using the graphics controller to generate a window which allows the user to input information. The system firmware may then compare any user inputs, such as passwords, and may determine whether or not to actually initiate system booting.

Abstract: The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node.

Abstract: An apparatus, method and a computer program for processing multimedia data is described, where the apparatus may include an input switch which may receive a plurality of transport stream packets corresponding to a plurality of digital multimedia data signals input thereto, and a packet identification (PID) filter unit which may selectively output a given set of TS packets to be demultiplexed from the received plurality of TS packets. A buffer and/or an external memory device may store at least some of the TS packets of the output given set. A conditional access/content protection (CA/CP) unit may read and decrypt the TS packets stored in the buffer, and may encrypt at least some of the decrypted TS packets for storage in the external memory device if the buffer becomes full, to prevent the TS packets to be stored in the external memory device from being copied.

Abstract: In order to detect the exchange of a module, identified by a serial number, in a microprocessor system, a code number, which is obtained from the serial number by using an encryption method, as well as information required for calculating the serial number from the code number, are stored in the microprocessor system; the code number is read and an unencrypted serial number is calculated from the code number with the aid of the information; and the decrypted serial number thus obtained is compared to the serial number of the module and the module is detected as exchanged if its serial number does not match the decrypted serial number.

Abstract: A method and a circuit for extracting a secret datum from an integrated circuit taking part in an authentication procedure that uses an external device that takes this secret datum into account, the secret datum being generated on request and made ephemeral.

Abstract: Methods for creating an interactive gaming environment are provided. In various embodiments, methods of the present invention may include initializing an interactive game application at a game server which is then characterized as having an active status, notifying a lobby server concerning the active status of the game server, registering the application with a universe management server via the lobby server, and allowing users to join the interactive gaming environment. The users joining the interactive gaming environment may be identified by a server key obtained from the game server.

Abstract: A method of protecting secret key integrity in a hardware cryptographic system includes first obtaining an encryption result and corresponding checksum of known data using the secret key, saving those results, then masking the secret key and storing the masked key. When the masked key is to be used in a cryptographic application, the method checks key integrity against fault attacks by decrypting the prior encryption results using the masked key. If upon comparison, the decryption result equals valid data, then the key's use in the cryptographic system can proceed. Otherwise, all data relating to the masked key is wiped from the system and fault injection is flagged.

Abstract: A method and device for performing a cryptographic operation by a device controlled by a security application executed outside thereof in which a cryptographic value (y) is produced a calculation comprising at least one multiplication between first and second factors containing a security key (s) associated with the device and a challenge number (c) provided by the security application. The first multiplication factor comprises a determined number of bits (L) in a binary representation and the second factor is constrained in such a way that it comprises, in a binary representation, several bits at 1 with a sequence of at least L?1 bits at 0 between each pair of consecutive bits to 1 while the multiplication is carried out by assembling the binary versions of the first factor shifted according to positions of the bits at 1 of the second factor, respectively.

Abstract: A method of detecting intrusions on a computer includes the step of identifying an internet protocol field range describing fields within internet protocol packets received by a computer. A connectivity range is also established which describes a distribution of network traffic received by the computer. An internet protocol field threshold and a connectivity threshold are then determined from the internet protocol field range and connectivity range, respectively. During the operation of the computer, values are calculated for the internet protocol field range and connectivity range. These values are compared to the internet protocol metric threshold and connectivity metric threshold so as to identify an intrusion on the computer.

Abstract: A method, apparatus, and system are provided for extending a trusted computing base (TCB). According to one embodiment, a first level trusted computing base (TCB) is generated having hardware components including a trusted platform module (TPM), and an extended TCB is formed by adding a second level software-based TCB to the first level TCB, and properties associated with the first level TCB are transferred to the second level TCB.

Abstract: An electronic system comprises a processor, a diagnostic port, and a switching circuit, including a switch connected between the diagnostic port and the processor, for enabling and disabling the diagnostic port and for restricting access to contents of the electronic system prior to enabling the diagnostic port. A method for operating the electronic system is also included.

Abstract: A mechanism is provided in which access to the functionality present on an integrated circuit chip is controllable via an encrypted certificate of authority which includes time information indicating allowable periods of operation or allowable duration of operation. The chip includes at least one cryptographic engine and at least one processor. The chip also contains hard coded cryptographic keys including a chip private key, a chip public key and a third party's public key. The chip is also provided with a battery backed up volatile memory which contains information which is used to verify authority for operation. The certificate of authority is also used to control not only the temporal aspects of operation but is also usable to control access to certain functionality that may be present on the chip, such as access to some or all of the cryptographic features provided in conjunction with the presence of the cryptographic engine, such as key size.

Abstract: A method and apparatus for changing and adding activation keys for functions of digital content without having to change and recompile the digital content. The rules for validating activation keys, the code for providing instructions for executing the rules for validating the activation keys and a template for identifying possible activation keys, which keys are currently valid and validating rules associated with each currently valid activation key are separated and separately secured.

Abstract: A system comprising a personal computer configured to operate with another computer connected to a network of computers. The personal computer includes a microchip having a microprocessor with a control unit and at least two processing units, the control unit being configured to allow a user of the personal computer to control the two processing units, and the microchip including a power management component. The personal computer includes an internal firewall configured to allow and/or deny access to portions of the microchip both to the user of the personal computer and to a user of the microchip from the network of computers during a shared use of the microchip; and the internal firewall is configured to deny access to portions of the microchip from the network of computers.

Abstract: In one embodiment, a client computer is protected from phishing attacks using a sensitive state monitor and a phishing site detector. The sensitive state monitor may detect reception of a web page displayed in a web browser of the client computer. The sensitive state monitor may determine whether or not the web page is a sensitive web page, such as those used to receive user confidential information. When the sensitive state monitor determines that the web page is sensitive, the sensitive state monitor may ask the user to confirm that the web page is indeed sensitive. After user confirmation, the sensitive state monitor may invoke the phishing site detector, which may determine whether or not the website serving the web page is a phishing site.

Abstract: A device coupled to a smart card reader may request random data from a smart card inserted into the smart card reader, and the smart card reader may incorporate the random data into its randomness pool. A device having a source of random data may have a driver installed thereon for the smart card reader. The device may generate a random session key to encrypt traffic between the device and the smart card reader. The device may send an encrypted version of the random session key to the smart card reader. The smart card reader may decrypt the encrypted version and incorporate the random session key into its randomness pool. A smart card reader may incorporate random data received from a smart card inserted therein into its randomness pool.

Abstract: The invention describes a method for hardening a security mechanism against physical intrusion and substitution attacks. A user establishes a connection between a network peripheral device and a network via a security mechanism. The security mechanism includes read only memory (ROM) that contains code that initiates operation of the mechanism and performs authentication functions. A persistent memory contains configuration information. A volatile memory stores user and device identification information that remains valid only for a given session and is erased thereafter to prevent a future security breach. A tamper-evident enclosure surrounds the memory elements, which if breached, becomes readily apparent to the user.

Abstract: The invention provides mechanisms for transferring processor control of secure Internet Protocol (IPSec) security association (SA) functions between a host and a target processing devices of a computerized system, such as processors in a host CPU and a NIC. In one aspect of the invention, the computation associated with authentication and/or encryption is offloaded while the host maintains control of when SA functions are offloaded, uploaded, invalidated, and re-keyed. The devices coordinate to maintain metrics for the SA, including support for both soft and hard limits on SA expiration. Timer requirements are minimized for the target. The offloaded SA function may be embedded in other offloaded state objects of intermediate software layers of a network stack.

Abstract: A mechanism is provided for booting a multiprocessor device based on selection of encryption keys to be provided to the processors. With the mechanism, a security key and one or more randomly generated key values are provided to a selector mechanism of each processor of the multiprocessor device. A random selection mechanism is provided in pervasive logic that randomly selects one of the processors to be a boot processor and thereby, provides a select signal to the selector of the boot processor such that the boot processor selects the security key. All other processors select one of the one or more randomly generated key values. As a result, only the randomly selected boot processor is able to use the proper security key to decrypt the boot code for execution.

Abstract: A mechanism is provided for masking a boot sequence by providing a dummy processor. With the mechanism, one of the processors of a multiprocessor system is chosen to be a boot processor. The other processors of the multiprocessor system execute masking code that generates electromagnetic and/or thermal signatures that mask the electromagnetic and/or thermal signatures of the actual boot processor. The execution of the masking code on the non-boot processors preferably generates electromagnetic and/or thermal signatures that approximate the signatures of the actual boot code execution on the boot processor. One of the non-boot processors is selected to execute masking code that is different from the other masking code sequence to thereby generate a electromagnetic and/or thermal signature that appears to be unique from an external monitoring perspective.