Abstract: A data storage device is secured by extracting timing information encoded within a password-related symbol stream received by the storage device and denying access if the timing information is incorrect or the symbol stream is not identical to a valid authentication sequence. In one embodiment, each symbol corresponds to a password, and at least one symbol is transmitted within a specified timing window while at least one other symbol must be transmitted at a random time that varies with each authentication attempt. In certain embodiments, a computing device associated with the data storage device is configured to provide a single password prompt, receive a character sequence corresponding to a plurality of passwords from a user, and communicate an encrypted symbol stream to the storage device with a specified timing pattern imposed thereon.

Abstract: A data storage device is secured by extracting timing information encoded within a password-related symbol stream received by the storage device and denying access if the timing information is incorrect or the symbol stream is not identical to a valid authentication sequence. In one embodiment, each symbol corresponds to a password, and at least one symbol is transmitted within a specified timing window while at least one other symbol must be transmitted at a random time that varies with each authentication attempt. In certain embodiments, a computing device associated with the data storage device is configured to provide a single password prompt, receive a character sequence corresponding to a plurality of passwords from a user, and communicate an encrypted symbol stream to the storage device with a specified timing pattern imposed thereon.

Abstract: Each software component loaded for a verified operating system on a client computer must satisfy a set of boot rules for a boot certificate. A verified operating system identifier is created from the boot certificate. The boot certificate is published and signed by a boot authority that attests to the validity of the operating system booted under the boot certificate. Each software component for the operating system is associated with a component certificate published and signed by the same boot authority that signed the boot certificate. The boot rules determine the validity of the software component based on the contents of the component and boot certificates. The client computer transmits the verified operating system identity and the boot certificate to a server computer, such as a content provider, and the content provider determines whether to trust the verified operating system with its content.

Abstract: A method for protecting a dynamically reconfigurable computing system includes generating an encoding key and passing the encoding key, through a system level bus, to at least one field programmable logic device and to a function library included within the system. The function library contains a plurality of functions for selective programming into the at least one field programmable logic device. A lock is generated so as to prevent external resources with respect to the system from accessing the encoding key during the passing thereof.

Abstract: A data conversion unit includes a first input/output unit, a second input/output unit, an encoder, a decoder, a random number generator for generating random number data, and a control unit which selects a first, second and third setting function. The first setting function sets the data conversion unit to input data from the first input/output unit, encode data by the encoder, and output the encoded data from the second input/output unit. The second setting function sets the data conversion unit to input data from the first input/output unit, replace the data with the random number data generated by the random number generator, and output the random number data from the second input/output unit. The third setting function sets the data conversion unit to input encoded data from the second input/output unit, decode the encoded data by the decoder, and output the decoded data from the first input/output unit.

Abstract: A method of and apparatus for protecting data in a data storage system. A method of securely erasing data stored in a data storage system includes: determining whether a security-erase command is received together with a random number and an encrypted random number; decrypting the encrypted random number using a security-erase algorithm and an associated key when the security-erase command is received; determining whether the decrypted random number is identical to the received random number; and executing the security-erase command when the decrypted random number is identical to the received random number, and stopping the execution of the security-erase command when the decrypted random number is not identical to the received random number.

Abstract: A system and a method for providing variable security mechanisms for securing digital content, in which a single security mechanism is not used for all content. Instead, at least one characteristic or feature of the security mechanism is varied between units, instances or categories of content. Therefore, even if unauthorized access is gained to a single unit of content, the overall integrity and security of the system for content distribution is not compromised. Preferably, security is provided through a general mechanism, which is then varied in order to provide variable, dissimilar security schemes for different types of content. By “type of content”, it is meant any of a single unit of content, a single instance of content or a single category of content. For example, for a category of content, the content may be characterized according to the identity of the content itself, such as the title of a movie for example, and/or according to the owner of a particular copy of the content.

Abstract: A system and method for securely storing electronic documents is provided. The system includes a client portion and a server portion and the client portion is located at a trusted location. The client portion encrypts each electronic document and produces a list of terms of interest relating to the document, which terms are also encrypted. The encrypted document and the encrypted terms are transferred to a server portion which need not be located at a trusted location. The document is stored at the server portion in a manner which allows for locating the document again via the encrypted terms and returning the encrypted document to the trusted client portion, where it can be decrypted. Attachments to documents can also be encrypted and stored at the server, as can copies of dynamic documents, such as web pages. The server portion can also have a retention manager and encryptor which is used to implement document retention and destruction policies defined by the user of the system.

Abstract: Systems, methods and computer program products for high availability enhancements of virtual security module servers. Exemplary embodiments include a virtual security appliance system, including a recipient Virtual Security Appliance having an I/O controller configured to received commands from a Virtual Machine Monitor and a crypto engine of the recipient virtual security appliance configured to assign a master/slave flag, the crypto engine having a master virtual Trusted Platform Module and a slave virtual Trusted Platform Module, wherein the crypto engine includes an appliance endorsement key configured to provide an identification and to pair with an additional recipient virtual security appliance in the virtual security appliance system, the additional recipient virtual security appliance including an additional crypto engine having an additional appliance endorsement key.

Abstract: The present invention generally is directed to systems, methods, and articles of manufacture for securing sensitive information involved in database transactions. Embodiments of the present invention selectively encrypt only portions of transactions involving sensitive data, thereby reducing or eliminating the processing overhead resulting from wastefully encrypting non-sensitive data. The sensitive data may be identified by a document. The document may be accessed by a requesting entity to determine which portions of a query should be encrypted prior to sending the query to a database server over a network. The document may also be accessed by a database server to determine which portions of query results should be encrypted prior to sending the query results to the requesting entity over the network.

Abstract: In the case where a target device stores: m keys {Ka1, . . . , Kam} (m is a natural number) in a manner that the Kai (i is a natural number satisfying 1?i?m) is encrypted with the Ka (i?1); and n keys {Kb1, . . . , Kbn} (n is a natural number) in a manner that the Kbj (j is a natural number satisfying 1?j?n) is encrypted with the Kb (j?1), a confidential information processing unit is caused to perform a processing of re-encrypting the encrypted key Enc (Kai, Ka (i?1)), which has been encrypted with the Ka (i?1), by using the Kb (j?1) and outputting as an encrypted key Enc (Kai, Kb (j?1)).

Abstract: Provided is a data processing device that can prevent data used by a program from being used by another program in an unauthorized manner, regardless of the quality of the programs. The data processing device includes: a CPU 0201 for executing programs; and an unauthorized operation prevention circuit 0105 that prevents unauthorized accesses to data between programs. An unauthorized operation prevention control unit 0106, which operates in the protected mode and controls the circuit 0105, judges whether or not to permit a program B 0103 that runs in the normal mode to use a memory area that is used by a program A 0102 that runs in the normal mode, based on a function flag assigned to the program B 0103. If it judges to permit, the circuit 0105 is set so that the program B 0103 can use the memory area.

Abstract: The present invention provides a data processing apparatus and method for merging secure and non-secure data. The apparatus comprises at least one processor operable to execute a non-secure process to produce non-secure data to be included in an output data stream, and to execute a secure process to produce secure data to be included in the output data stream. A non-secure buffer is provided for receiving the non-secure data produced by the non-secure process, and in addition a secure buffer is provided for receiving the secure data produced by the secure process, the secure buffer not being accessible by the non-secure process. An output controller is then arranged to read the non-secure data from the non-secure buffer and the secure data from the secure buffer, and to merge the non-secure data and the secure data in order to produce a combined data stream, the output data stream then being derivable from the combined data stream.

Abstract: A memory region on an IC card has a hierarchical structure. Each application allocated on the memory region is registered in a directory, and the memory region is managed in directory units. A personal identification code is set for each application and directory, and the access right is controlled in application units or directory units. If a mobile terminal is lost, the right to access each application in the IC card automatically disappears. Therefore, the right to access each application allocated to the memory region on the IC card is efficiently controlled.

Abstract: In one embodiment, a system comprises debug functionality, a debug interface communicatively coupled to the debug functionality, and a hardware key interface. Communication with the debug functionality over the debug interface is not permitted if an authorized hardware key is not communicatively coupled to the hardware key interface.

Abstract: A system and method for authenticating digital content is described. In one implementation, digital content recorded by a recording device is stored in a secure section of a memory device. A control system is configured to block access to the digital content stored in the secure section except to permit one or more portions of the digital content to be transmitted to a certification and validation authority where the one or more portions of the digital content is maintained in a secure repository in the event the authenticity of the digital content is questioned.

Abstract: A copy protection method and a copy protection system are disclosed. The system includes a private key verifier receiving a media certificate that includes a private-key identification of a compliant playing device and searching for an actual private key by checking whether each of available private keys of the playing device corresponds to the private-key identification, a media key decryptor receiving an encrypted media key and decrypting the media key with the actual private key, and a media data decryptor receiving an encrypted media data set and decrypting the media data set with the decrypted media key. The method and system of the present invention are applicable to all types of digital media data, and it makes no assumption of any specific media properties. The primary goal of the present invention is to significantly reduce the possibility of making any illegal copies on any nonstandard equipment and is to restrict the media data transfers only to authorized entities.

Abstract: The present invention relates to a cryptographic apparatus for encrypting data stored in a memory. The cryptographic apparatus of the present invention operates in the ECB, CBC, CBC-MAC, counter and OCB modes using small and simple elements. The cryptographic apparatus minimizes data communication between CPU and the cryptographic apparatus to improve the performance of the communication system. On the other hand, the input buffer and output buffer of the cryptographic apparatus are configured to store at least two blocks respectively, so that the performance of the cryptographic apparatus is maximized. Furthermore, the cryptographic apparatus supports zero-padding, so that the process of the CPU is minimized.

Abstract: For protecting data during transmission between a host device and a data storage device, the host device encrypts command-related information and sends the encrypted command-related information to the data storage device. The data storage device decrypts the encrypted command-related information, interprets the decrypted command-related information to generate interpreted commands, and executes the interpreted commands.

Abstract: The electronic file protection system includes at least one first memory device removably disposable in communicative relation with one or more computers, wherein the first memory device includes a unique identifier. The system further includes unique, non-reproducible encryption key data disposed or otherwise saved on the first memory device. The encryption key data is structured to be utilized in conjunction with at least one encryption algorithm so as to at least partially protect the electronic file, or otherwise orient the electronic file in an encrypted mode. Further, the unique identifier is reproducible and disposable in associated relation with a replacement memory device.

Abstract: Method and systems for protecting data on a mobile handset when remotely activated by a user involve encrypting the data using an encryption key, storing the encrypted data, and deleting the non-encrypted data along with the encryption key. Data may also be uploaded to a server to via a cellular data call for use in backing up the mobile handset. A mobile handset application configures the handset to receive activation commands from a server to encrypt, upload or download data. The encryption key is either received from the server or generated by the mobile handset and communicated to the server. Mock data files may be generated and stored on the mobile handset to enable handset applications to function normally after the data files have been encrypted.

Abstract: A method of establishing security in an electronic device. The method includes generating a statistically unique root key value and storing the root key value in a one-time programmable memory of the device. The method also includes isolating firmware in the device from access to the root key value. The root key value is used as a root of trust that ensures that each electronic device has its own key. In general, the root key is used to encrypt other keys in the device. In different aspects, a root key test value, which is utilized to test the root key, and other security features such as a re-purpose number and a cipher block chaining re-purpose value are included to protect the electronic device from unauthorized access. An electronic device that includes these security features is also provided.

Abstract: A process and system are disclosed for downloading sensor data, stored in a memory device of a surgical cutting and fastening instrument, to an external or remote computer device. The process may involve storing data from one or more sensors of a surgical cutting and fastening instrument in a memory device of a control unit of the surgical cutting and fastening instrument during a surgical procedure involving the surgical cutting and fastening instrument. Next, after the surgical procedure, a data link between the control unit and the remote computer device is established. Then, the sensor data can be downloaded from the control unit to the remote computer device.

Abstract: An apparatus generates first shared information that is shared by the apparatus and a recording medium by performing a first bilateral authentication. The apparatus encrypts overwrite data that is used to erase key information item recorded in the recording medium using the first shared information. Encrypted overwrite data is transferred to the recording medium. Second shared information is generated and shared by the apparatus and the recording medium by performing a second bilateral authentication between them. The apparatus receives data that is encrypted using the second shared information and that has been used by the recording medium for erasing key information. Encrypted data is decrypted using second shared information item and key information recorded in the recording medium is erased when the decrypted data is identical to overwrite data.

Abstract: A content management method and content storage system are provided in which a content key encrypted with a first storage key and stored along with a content encrypted with the content key in a first content storing means is decrypted with the first storage key, the content key obtained by the above decryption is encrypted with a newly generated second storage key and stored along with the encrypted content in a second content storing means. Thus, the content management method enables to safely duplicate (back up) a content while preventing the content from being copied fraudulently.

Abstract: An embodiment describes a method of implementing higher level and more robust encryption by using a multi-core processor. The clear text is segmented into text segments based on predefined segment lengths by master processor. Text segments are sent to processing elements which in turn encrypted and encrypted segments are sent back to master processor which is aggregated into encrypted text. To decrypt the text, encrypted text is split into encrypted segments per predefined lengths by master processor and sent to processing elements to be decrypted. The resulted plain text segments are sent back to master processor which is aggregated into original plain text.

Abstract: A method of digital media copy protection is disclosed. The method of the present invention is applicable to any type of digital media data and makes no assumptions on any specific media properties. The method includes a process of protecting digital media data with a public key using a hybrid cryptographic technique, a process of watermarking the media data, and an output device compliance testing process through an authenticated handshake protocol. Because of the media data protection with the hybrid cryptographic technique, a non-compliant playing device is not able to play or read a protected media data set. The output device compliance testing protocol is used to prevent the media signal from being copied to any non-compliant device. These features of the present invention are used to reduce the possibility of making any illegal copies on any nonstandard equipment.

Abstract: A technique for language verification of a Java® card CAP file is provided. The Java® card CAP file is converted from an original Java® code file while conserving its original Java® semantics. The Java® card CAP file is converted into a corresponding converted Java® code file that is semantically identical to the Java® card CAP file. In a language-verification step, the converted Java® code file is then verified if it has been found to comply with a predetermined language specification.

Abstract: In general, the invention features methods by which more than one client program connected to a network stores the same data item on a storage device of a data repository connected to the network. In one aspect, the method comprises encrypting the data item using a key derived from the content of the data item, determining a digital fingerprint of the data item, and storing the data item on the storage device at a location or locations associated with the digital fingerprint. In a second aspect, the method comprises determining a digital fingerprint of the data item, testing for whether the data item is already stored in the repository by comparing the digital fingerprint of the data item to the digital fingerprints of data items already in storage in the repository, and challenging a client that is attempting to deposit a data item already stored in the repository, to ascertain that the client has the full data item.

Abstract: A system, method, and program product is provided that initializes expected PCRs stored in a TPM by generating and storing a random number, seeding expected PCRs with the random number, inputting a set of startup code processes to a hash algorithm resulting in a set of hash values, updating the expected PCRs using the set of hash values, and saving the expected PCRs in a nonvolatile data area that is secured by the TPM. Upon reboot, the random number is retrieved from the nonvolatile data area, the PCRs are seeded with the retrieved random number, the startup code processes are input to the hash algorithm process resulting in another set of hash values, the PCRs are updated using the resulting set of hash values, and an encrypted data object is decrypted in response to the PCRs being the same as the expected PCRs.

Abstract: A data processing system comprising data processing means, control means and an integrated circuit chip containing non-volatile storage, wherein the control means is provided between said chip and the processing means and provides all access to said chip by the processing means and the control means is arranged to check, upon the processing means requiring certain material in the non-volatile storage means, the validity of the required material and prevent the use of the required material by the processing means if invalid. The invention also relates to corresponding methods and to programs for implementing those methods.

Abstract: The invention relates to a method of receiving and securely recording digital data comprising a step for recording said digital data on a secured disk by a recorder/receiver belonging to a determined secured domain comprising several equipment items and defined by an identifier, a step for recording on the secured disk the identifier of the domain of the recorder/receiver to define this domain as the only domain in which the reproduction/copying of the multimedia content is authorized, wherein it comprises a prior step for recovering a disk key from the secured disk, and in that the domain identifier is encrypted by said disk key and the digital data is scrambled by title keys, said title keys being encrypted by said disk key. The invention also relates to a method of securely distributing digital data, an access device and a recorder/receiver.

Abstract: A memory card of the present invention is a memory card which receives an encrypted application program from a host apparatus, the encrypted application program being downloaded to the host apparatus, the memory card including: an Integrated Circuit (IC) card unit having a tamper resistant function; and a flash memory unit, wherein the IC card unit includes: a tamper resistant storage unit; a program acquisition unit which acquires the encrypted application program from the host apparatus; a storage control unit which stores the acquired encrypted application program in the tamper resistant storage unit or the flash memory unit; and a move control unit which, when the application program stored in the tamper resistant storage unit is to be executed and the size of the to-be-executed application program in the decrypted form exceeds the size of free space of the tamper resistant storage unit, moves an arbitrary encrypted application program stored in the tamper resistant storage unit to the flash memory unit.

Abstract: Provided are a method, system, and article of manufacture for configuring host settings to specify encryption and a key label referencing a key encrypting key to use to encrypt an encryption key provided to a storage drive to use to encrypt data from the host. User settings are received to configure a data class having data attributes with encryption settings. The data class is stored with the received user encryption settings. A job is received indicating a data set to store to a removable storage medium. A data class is determined having data class attributes matching data attributes of the data set indicated in the job. A determination is made from the determined data class whether to encrypt the data.

Abstract: Method and apparatus for processing log data produced by a network is described. In one example, entries in the log data are filtered using a plurality of filters to select first entries from the entries. The first entries are filtered using a plurality of false positive filters associated with the plurality of filters to select second entries from the first entries. Unique IP addresses are identified in the second entries. The entries in the log data are then filtered using the unique IP addresses to select third set entries. The third entries are analyzed to detect one or more patterns.

Abstract: Content is encrypted according to a content key (CK) to result in (CK(content)) and the content key (CK) is protected according to a public key for a license server (PU-RM). Rights data is retrieved from a rights template to be associated with the content, and rules for modifying the retrieved rights data are also retrieved from the retrieved rights template. The retrieved rights data from the rights template is modified according to the rules, and the rights data and the protected content key (CK)) are submitted as a rights label to the license server for signing thereby. The license server thus validates the rights label and, if valid, creates a digital signature based on a private key (PR-RM) corresponding to (PU-RM) and based at least in part on the rights data to result in a signed rights label (SRL), and returns the SRL.

Abstract: A deactivation method is for a system including a communication terminal, a secure device, and a management apparatus. An identification number and communication identification code are notified to the management apparatus while the secure device is attached to the communication terminal. The management apparatus holds the identification number and the communication identification code by correlating them, acquires an identification number of a secure device to be deactivated, when instructed to deactivate the secure device by an authentic owner of a right to use the secure device, extracts the communication identification code in accordance with the identification number, and transmits the deactivation authentication code to an apparatus identified by the extracted communication identification code. If the communication terminal receives the deactivation authentication code while the secure device is attached to it, the secure device is deactivated.

Abstract: Certain aspects of the invention for producing a secure key may comprise a secure key generator that receives a first, second and third input keys and utilizes these keys to generate a first output key. The first, second and third input keys may be a customer key, customer key selection and key variation, respectively. The first output key may be generated so that it is unique, differs from the first input key and is not a weak or semi-weak key. The first, second and third input keys may be mapped to generate mapped output key data and an intermediate key generated based on the first input key. The intermediate key and the output key data may be scrambled to create a scrambled output. At least a portion of the output key data may be masked and XORed with the scrambled output to generate the first output key.

Abstract: A job device for increasing security of job data includes a CPU that encrypts job data while saving job data required in execution of a job. The CPU saves part of the data in RAM, and saves the remaining stored file in an HDD. When the job ends, part of the job data for the job in the RAM is deleted. Part of the job data is therefore completely eliminated as a result of this deletion, and it is not possible to know the complete job data even if the HDD is removed and checked.

Abstract: The invention concerns a process to protect a vulnerable software working on a data processing system against its unauthorized usage using a processing and memorizing unit. The process comprises creating a protected software by choosing in the source of the vulnerable software at least one conditional branch and by producing the source of the protected software so that during the execution of the protected software a second execution part, executed in the processing and memorizing unit, executes at least the functionality of the chosen conditional branch and puts at the data processing system's disposal a piece of information enabling it to know where to carry on the execution of the software.

Abstract: A system includes long-term storage (e.g., flash memory) for storing sensitive data and critical components of a consumer electronic (CE) device such as an operating system (OS) kernel, private cryptographic key values, security applications, and firmware configurations, for example. Security hardware/software designates and restricts access to secured portions of long-term storage that contain the critical components. Requests for access to these secured portions are addressed by the security hardware/software, which authenticates a cryptographic authorization code received with the request. Read-write access to the secured portions is allowed for download and installation of, for example, a software or firmware upgrade if the cryptographic authorization code is authenticated.

Abstract: Creating a plaintext index from a text that is extracted from a file presents the risk of a leak of confidential information from the created index. To address this problem, provided is a computer system which has a computer, a storage subsystem coupled to the computer, and a network coupling the computer and the storage subsystem. The computer has an interface coupled to the network, a first processor coupled to the interface, and a memory coupled to the first processor. The storage subsystem has a disk device which stores data. A storage area of the disk device is divided into a plurality of storage areas including, at least, a first storage area and a second storage area. The first processor reads a part of data stored in the first storage area, encrypts the part of data read from the first storage area when the data stored in the first storage area is judged as encrypted data, and writes the encrypted part of data in the second storage area.

Abstract: The invention provides a method for generating a protected data object from an original content by means of digital rights management (DRM) protection techniques, wherein said original content has a proprietary data format. Further, a method for providing a proprietary data format content included in a protected data object having a MIME-type field is proposed, wherein said protected data object is generated by means of digital rights management (DRM) techniques.

Abstract: A method for controlling an information processing apparatus includes storing identification information to identify a type of authentication information which is necessary to use each of a plurality of files stored in a memory unit from among a plurality of types of authentication information, and causing a display unit to display the plurality of files stored in the memory unit and the stored identification information in association with each other.

Abstract: A secure digital content delivery system includes a content provider and a content user. The content provider delivers encrypted content to the content user in response to delivery requests. The content provider generates encryption algorithms on the fly and encrypts the content prior to delivery, using a different encryption algorithm and key for each content delivery. The content user subsequently requests access permission from the content provider, to access the encrypted content. The content provider grants access by generating an executable decryption module on the fly and providing the executable decryption module to the content user. The content user decrypts the content and accesses it on the fly, using the executable decryption module. The accessed content is then re-encrypted using a different encryption algorithm and key, to preserve the integrity of the secure content delivery system.

Abstract: The present invention relates to a data-processing device, particularly a chip card or smart card, and to a method of operating said device, with an integrated circuit comprising a central processing unit (CPU) (10) and one or more co-processors (12). The integrated circuit comprises a control unit (18, 30) which controls the processors, CPU (10) and co-processors (12) in such a way that, in the case of a cryptographic operation, at least two processors perform a cryptographic operation simultaneously and in parallel.

Abstract: A device key 46 is implemented on a drive 4 side. To securely transmit the device key 46 to a host 5, the device key 46 is encrypted with a bus key. The host 5 side decrypts the device key with the bus key. A medium unique key calculating block 55 calculates a medium unique key with an MKB 12, a medium ID, and the decrypted device key 46. When the calculated medium key is a predetermined value, the drive 4 is revoked and the process is stopped. The medium unique key is supplied to an encrypting/decrypting module 54. A content key is obtained with an encrypted title key 14 and a CCI 15. With the content key, an encrypted content is decrypted and a content that is recorded is encrypted.

Abstract: A title key protection system includes a title key with recordable media content; storage in a repository is not required. The title key is decrypted when needed by a clearinghouse, and then re-encrypted. The title key confers rights from the content owners to the user to play and copy the content for personal use. A user downloads encrypted content from a content repository. The user's media recording device extracts an encrypted title key from the content and obtains a media key block and media ID from the physical media on which the content will be recorded. The encrypted title key, media key block, and media ID are transmitted to a clearinghouse. The clearinghouse decrypts the title key and derives a media unique key from the media key block and media ID. The clearinghouse re-encrypts the title key with the media unique key and returns this re-encrypted title key to the media recording device for recording with the content on the physical media.

Abstract: The disclosure encrypts and decrypts data using public key infrastructure with and allows an authorized third party to access and decrypt the encrypted data as required without requiring private key escrow. The disclosure utilizes a user private key, a user public key, a master private key, a master public key, and a session key generated by the system. The data is encrypted utilizing the session key. The session key is encrypted once utilizing the user public key and again utilizing the master public key. The encrypted data and the encrypted session keys are included in a data packet that is transmitted from one data processing system to another. The session key is decrypted utilizing the user private key. The data is decrypted utilizing the session key. When the authorized third party requires access to the data on the destination processing system, the session key is decrypted with the master private key and the data is decrypted with the session key.

Abstract: A client-server relational database system, wherein data from the client computer is encrypted by the client computer and hosted by the server computer, the encrypted data is operated upon by the server computer, using one or more operators selected from a group of operators comprising: (a) inequality logic operators, (b) aggregation operators, and (c) wildcard matching operators, to produce an intermediate results set, the intermediate results set is sent from the server computer to the client computer, and the intermediate results set is decrypted and filtered by the client computer to produce actual results. The group of operators is limited because the encrypted results set, when decrypted, includes inaccuracies therein. The client computer applies a set of correction procedures to the decrypted results set to remove the inaccuracies therein.