Abstract: Systems and processes may obtain and manage electronic signatures for documents for real estate transactions. Documents for real estate transactions may be received and/or generated by the system. The documents may include metadata or software keys that are associated with signature blocks on the documents. The system may identify the signature blocks using the metadata or software keys and present the positions for signature by the user.

Abstract: There is a variety of media that may be inserted into a reading or writing device, such as CD's, USB drives, floppy disks, memory sticks, and many other devices. Media is inserted into a media reading or writing device that is in communication with a computer or network device. Upon insertion of the media, a number of metadata regarding that media is available to the computer. The trustworthy calculator is typically a plug-in software module that processes each piece of volume metadata and applies a weighed score, resulting in a Trustworthy Factor. A scoring matrix denotes ranges of values of the Trustworthy Factor into a Level of Trust Zone. Based on the Level of Trust Zone, appropriate action handlers may direct the computer to disallow the mounting of the media, may require specific authentication action to take place prior to allowing a mount of the media, or may indicate that the media may be mounted without further authentication.

Abstract: Disclosed is a method for securely processing data in a portable data carrier. Said method is characterized by the following steps: a) the data to be processed is requested; b) the data to be processed is encoded; c) the encoded data is temporarily stored in a buffer storage zone of the data carrier; d) the temporarily stored, encoded data is decoded by means of a decoding key; and e) the decoded data is processed.

Abstract: The present invention provides for a method of security data restoration for a user device for back-up purposes in which the said security data can be restored through the interaction of a first and at least a second portion of data, including the steps of storing the first portion of data on a storage medium remote from the device, writing the at least second portion of data to wireless storage means, and, when restoration is required, communicating the at least second portion of data from the wireless storage means to the said storage medium so as to allow for the interaction of the first and the at least second portion of data.

Abstract: Some embodiments of the present invention provide a system that automatically revokes data on a portable computing device. During operation, the system uses a key K1 to encrypt data on the portable computing device. The system then attempts verify that the portable computing device is secure. If the attempt to verify that the portable computing device is secure fails, the system causes K1 to be removed from the portable computing device.

Abstract: Methods and system are devised to provide security with regard to position data recorded by an electronic pen. The position data originates from a specific area of a position-coding pattern and is destined for a specific Application Service Handler, ASH, which is allocated the specific area of the pattern. The pen stores one or more Pen Application Licenses, PALs, which each includes license data in association with an encryption key, the license data identifying an area of the pattern. The encryption key of a given PAL corresponds to an encryption key of a given ASH. Thus, the PALs enable the pen to encrypt recorded position data, originating from the specific area of the pattern, with the encryption key that is related to the encryption key of the receiving ASH. The license data may further define a group of pens and a validity period, allowing a party generating a PAL to control its use. Generating a PAL may in turn need prior authorization, given by PAL validation data derived from an authorizer.

Abstract: A high level of security for access to recorded information is provided by a method which includes provisioning of a trusted/protected communication linkage such as a tamper-resistant or tamper evident enclosure, a physical close coupling between information source and encryption processor and/or obfuscated code or end-to-end network encryption and encryption, possibly symmetrical, of the information to be recorded by a preferably random session key or segment key. The session key or segment key may then be encrypted, preferably asymmetrically, by a secure key which may be shared or access thereto shared in accordance with any desired security policy. Use of a public key or public key/private key infrastructure also provides for authentication of the recorded information.

Abstract: A method and system for detecting real-time system file intrusions in a user computer that is coupled to an administrator computer and includes an operating system and system files. At a boot time of the user computer, an application program interface (API) of the operating system receives a list of vital system files that consists of at least two directory files. At the boot time, one of more daemons are launched, after which the API detects one or more system calls made to one or more vital system files. The API raises an automatic interrupt ‘I’ command that awakens a daemon from a sleep mode. The awakened daemon catches the interrupt ‘I’ command and sends an alert message to the administrator computer to alert the administrator computer of the detecting of the system call made to the one or more vital system files.

Abstract: A robust fingerprinting system is disclosed. Such a system can recognize unknown multimedia content (U(t)) by extracting a fingerprint (a series of hash words) from said content, and searching a resembling fingerprint in a database in which fingerprints of a plurality of known contents (K(t)) are stored. In order to more efficiently store the fingerprints in the database and to speed up the search, the hash words (H(n)) of known signals (K(t)) are sub-sampled (13) by a factor M prior to storage in the database (14). The hash words (H(n)) of unknown signals (U(t)) are divided (16) into M interleaved sub-series (H0(n) . . . HM?1(n)). The interleaved sub-series are selectively (17) applied to the database (14) under the control of a computer (15). If only one of the sub-series sufficiently matches a stored fingerprint, the signal is identified.

Abstract: A method is described for implementing a trusted computing environment within a data processing system where the data processing system includes a single hardware trusted platform module (TPM). Multiple logical partitions are provided in the data processing system. A unique context is generated for each one of the logical partitions. When one of the logical partitions requires access to the hardware TPM, that partition's context is required to be stored in the hardware TPM. The hardware TPM includes a finite number of storage locations, called context slots, for storing contexts. Each context slot can store one partition's context. Each one of the partitions is associated with one of the limited number of context storage slots in the hardware TPM. At least one of the context slots is simultaneously associated with more than one of the logical partitions.

Abstract: The invention refers to an exchangeable power-supplying unit (200, 300) arranged to supply electric power to a device (100, 400). The power-supplying unit (200, 300) is arranged so as to provide the device (100, 400) with one or several additional functionalities and it can preferably be attached so as to form an integral part of the device (100, 400). The additional functionality is accomplished by one or several processing units (220, 312, 319) contained in the power-supplying unit (200, 300) for pre-processing information, which is subsequently communicated from the power-supplying unit (200, 300) to the device (100, 400).

Abstract: A recording method includes the steps of causing a first management system retained in a first apparatus to manage a storage medium loaded in a second apparatus when the first apparatus and the second apparatus are connected to one another; and recording the data to the storage medium based on a second management system which is retained in the second apparatus and which limits consecution of data recording segments when it is determined that data transferred from the first apparatus to the second apparatus are to be recorded to the storage medium. A recording apparatus and editing method and apparatus also manage data storage and editing between first and second apparatuses.

Abstract: A portable storage device including a microprocessor and a secure user data area, the microprocessor operable to perform on-the-fly encryption/decryption of secure data stored on the storage device under a user password, the microprocessor also operable to exclude access to the secure user data area unless the user password is provided.

Abstract: Effective utilization of a database while protecting a data provider's privacy is accomplished by an access control system which controls access to a database in which open information and secret information about a data provider are stored while being related to each other has an output request acquisition section which obtains an output request for output of information generated by accessing the database, a plural-term output authorization section which prohibits output of information generated by combining the open information and the secret information in output information requested to be output according to the output request, and which permits output of information generated by using the secret information without using the open information, and an output section which outputs the information in the output information permitted by the plural-term output authorization section to be output.

Abstract: Methods and systems for improving the security of devices to prevent unauthorized access to designs and software code are described.

Abstract: Provided is a method for performing high-speed search for a content key associated with encrypted content in the case of a key-separation-type content management method where content keys and their respective pieces of encrypted content are correlated by ID information and stored in different recording media. An external recording medium is used to store a plurality of content files that contain: their respective pieces of encrypted content that are encrypted with different encryption keys; and their respective content IDs, each being associated with a corresponding piece of the encryption content, and a semiconductor recording medium is used to store a list that contains: pieces of encryption key storage location information, each indicating where a corresponding one of the encryption keys is stored; and the content IDs, the list being sorted in accordance with the content IDs.

Abstract: A secure processing device having a power saving mode, which is used for built-in apparatuses, calculates a hash value of secure data that needs to be saved when switching to the power saving mode, stores the calculated hash value in a protection storage unit whose data is not lost even in the power saving mode, encrypts the secure data and stores the encrypted data in an external memory when switching to the power saving mode. When switching back to the normal power mode, the secure processing device decrypts the encrypted data, calculates a hash value of the decrypted data and compares the hash value with the hash value stored in the protection storage unit. The decrypted data is restored to the protection storage unit when the hash values are identical, but discarded together with the encrypted data stored in the external memory when the hash values are not identical.

Abstract: A system for stopping an ongoing threat to a database is described. During operation, if an ongoing threat to the database is detected, the system modifies a threat-assessment condition. Then, the system selectively restricts access to one or more cryptographic keys for the database based on the threat-assessment condition. Next, the system selectively activates decryption of requested encrypted information based on the threat-assessment condition. Note that both the selective restriction of access to the one or more cryptographic keys and the selective activation of decryption can be used to stop the ongoing threat from accessing the encrypted information in the database.

Abstract: A storage system 1 includes a channel interface (IF) unit 11 having an interface with a server 3, a disk IF unit 16 having an interface with a hard disk group 2, a memory unit 21 for storing data to be read/written from/to the server 3 or the hard disk group 2, a switching unit 51, and the hard disk group 2. The channel IF unit 11, the disk IF unit 16, and the memory unit 21 are connected to each other through the switching unit 51, and an encryption and decryption processing unit 201 is provided between a host IF unit 101 and a transfer controller 103 in the channel IF unit 11.

Abstract: A method, apparatus, and computer instructions for protecting sensitive data in a log file. Data is logged into a file. The data in the log file is in a protected state and the data is never written to the log file in an unprotected fashion. Prior to the data being logged into the file, the data is parsed for specific data meeting predetermined criteria. The specific data is selectively protected with a security measure while leaving a remainder of the log file unprotected by the security measure. The viewer or program used to access the data in the log file is responsible for unprotecting or allowing the data to be viewed if the appropriate key is provided.

Abstract: A system to monitor, detect and analyze chemical, radiation and/or biological threats. The system includes a plurality of sensors, wherein each sensor gathers data on chemical, radiation or biological agents. A central processing unit is in communication with sensors analyzes sensor collected data. A transmission system transmits data in the form of alerts from each central processing unit by secure, encrypted packets over a network.

Abstract: A method for completing an address, e.g., a mail address, an e-mail address, or a phone number. For that the method comprises the steps of detecting an incomplete user input of the address, deriving a completion offer to the incomplete user input in dependence on a derivable score, and offering the derived completion offer for completing the address. This allows to design more effective support systems, which help the user to find more quickly addresses that have not been entered in full. The derivable score approximates the probability of the address to be the one intended by a user. The derivable score can be influenced by several factors which can be given but as well as can be chosen or influenced by the user.

Abstract: A first data processing system, which includes a first cryptographic device, is communicatively coupled with a second data processing system, which includes a second cryptographic device. The cryptographic devices then mutually authenticate themselves. The first cryptographic device stores a private key of a first asymmetric cryptographic key pair and a public key of a second asymmetric cryptographic key pair that is associated with the second data processing system. The second cryptographic device stores a private key of the second asymmetric cryptographic key pair and a public key of the first asymmetric cryptographic key pair that is associated with the first data processing system.

Abstract: One or more embodiments of the invention provide a method, apparatus, and article of manufacture for preventing unauthorized access to digital services comprising. Access control to digital services is distributed among a plurality of physically separate and independently controlled nonvolatile memory components on a system bus. The plurality of nonvolatile memory components are then communicatively coupled to a microprocessor. The microprocessor is configured to use state information in the nonvolatile memory components to provide desired functionality and enforce one or more security policies for accessing the digital services.

Abstract: A system and method for providing secure message services. The system includes a forwarding service to receive message for delivery to a recipient. The system checks for preferences for delivery of the message content including encryption preferences and notifies the recipient or delivers the message according to the encryption preferences. The system includes an interoperability engine to determine delivery preferences including security preferences, the security preferences indicating a security protocol by which the message can be securely delivered to the recipient.

Abstract: The description generally provides for systems and methods for a mobile communication network. Archives of seals can be sealed to protect the integrity of the seals and facilitate validation in the event a sealing party's sealed registration document is revoked. A document can be sealed multiple times to nest seals within other seals. Specific evidentiary metadata can be included by the sealing party. A main document including or associated with other documents can be sealed as a collection of documents. The seal of the main document can include external references to the files included in the main document to verify the external files were not changed or altered.

Abstract: A storage apparatus having a non-volatile memory and a controller is provided, wherein the non-volatile memory includes a root directory area and a data area, and a password file is stored in the root directory area. The controller identifies a user by using a password in the password file, and the user can access the data area through an encryption/decryption unit of the controller only if the user passes the identification. By using the secured storage apparatus, the risk of the password and encrypted data being cracked is reduced. Accordingly, the protection over the data stored in the storage apparatus is enhanced.

Abstract: An efficient symmetrical-cryptographic method for using a fast but insecure host to perform encryption/decryption based on a secret key in a secure, but slow hardware token, such as a smartcard or similar device, without revealing the secret key to the host, and such that the ciphertext and plaintext are exactly the same size. The present method is suitable for use in Digital Rights Management and Software Rights Management applications which require precise interchangeability of ciphertext and plaintext in pre-allocated areas of data storage.

Abstract: A method of sharing telematics data for a vehicle with service providers can include receiving the telematics data for the vehicle, where the telematics data dynamically changes over time, and comparing the telematics data with a privacy policy associated with the vehicle. The privacy policy can specify rules for selectively releasing items of the telematics data to one or more service providers. Data items of the telematics data can be selectively provided to the service providers according to the comparing step.

Abstract: A computer readable media storing operational instructions is disclosed. The instructions includes at least one instruction to store data of an encrypted computer readable file that includes a header portion and associated content data into a storage area of a non-volatile memory. The storage area includes a secure memory area to store data from the header portion including at least one encryption ID. The storage area further includes a memory area to store the content data. The header portion further includes trailer data derived from a portion of the content data. The instructions also include at least one instruction to provide data read access to the header portion and to the content data with respect to a host device.

Abstract: Techniques are presented for synchronizing and archive-versioning encrypted files. Blocks of encrypted data are managed and metadata is maintained for the blocks. The metadata identifies a maximum number of blocks and an index or parameter string. The string includes transaction identifiers and relative block numbers. The metadata is used as parameter information to a hash algorithm along with a hash key to acquire a unique initialization vector for each block. Each initialization vector when supplied to a cipher service along with a particular block of data produces an encrypted version of the data supplied or supplies a decrypted version of the data supplied. The techniques are also applied to files being archived and versioned from a storage volume.

Abstract: Various embodiments utilize hardware-enforced boundaries to provide various aspects of digital rights management or DRM in an open computing environment. Against the backdrop of these hardware-enforced boundaries, DRM provisioning techniques are employed to provision such things as keys and DRM software code in a secure and robust way. Further, at least some embodiments utilize secure time provisioning techniques to provision time to the computing environment, as well as techniques that provide for robustly secure storage.

Abstract: A system, device and method for providing data availability for a portable communication device, including various combinations of the following steps: notifying an operator that the portable communication device is missing; triggering encryption of data on the portable communication device; sending a data retrieval command to the portable communication device; authenticating the data retrieval command; retrieving data from the portable communication device; identifying a portion of the data retrieved from the portable communication device that is confidential; encrypting the identified confidential data on the portable communication device; and erasing the identified confidential data from the portable communication device or recovering the portable communication device and decrypting the confidential data on the portable communication device.

Abstract: In one embodiment, a protected process is monitored by one or more watchdog processes. Upon detection that the protected process has been abnormally terminated, the watchdog processes may initiate actions to identify and/or terminate one or more malicious processes terminating the protected process. For example, the watchdog processes may inject a detector in processes running in the computer. The detector may listen for an activity that would terminate the protected process, and report such activity to the watchdog processes. The watchdog processes may be configured to terminate malicious processes identified as abnormally terminating the protected process. Thereafter, the watchdog processes may restart the protected process.

Abstract: A service provider makes requests to an information processing center for processing for an IC card in card command units. The information processing center issues encrypted card commands that can be interpreted by the IC card itself based on requests received from the service provider and sends these to the IC card via the computer network, client, and card reader/writer device. This enables an IC card connected to a client to be accessed using secure communication.

Abstract: A plurality of audio object (AOB) files and a plurality of picture object (POB) files are stored. Default Play list Information and sets of Playlist Information each show an order in which AOBs stored in the plurality of AOB files are to be reproduced. The DPLGI includes DPLI_POB_SRPs that specify at least one POB to be displayed during the playback period of AOBs indicated by the playback order given in the Default Playlist Information. The TKGI includes TKI_POB_SRPs that specify at least one POB to be displayed only during the playback period of a particular AOB out of the AOBs indicated by the playback order given in the Default Playlist Information.

Abstract: A countermeasure method in an electronic component using a secret key algorithm K on an input message M executes an operation OPN(D) on input data D. A random value, of one first random information U, is generated that is of identical size as the input information D. A second random information V, is calculated by performing an exclusive OR operation between the input information and the first random information U. The operation OPN or the sequence of operations are successively executed on the first input information U and to the second random information V, supplying respectively a first random result OPN(U) and a second random result OPN(V).

Abstract: An apparatus, a computer-readable recording medium, and a method of controlling data recording and reproducing to and from a disk. Controlling the recording of data includes storing password information set in a recording mode and key information to a first area of the disk, encrypting location information of the first area, storing the encrypted location information to a second area of the disk, encrypting desired data and an address of the desired data using the key information, and recording the encrypted data at the encrypted address.

Abstract: Controlling access to functionality within an installed software product. The invention includes an authorization module that dynamically references authorization information when specific functionality is requested by a requesting entity such as a user or an application program to determine if the requested functionality is authorized to be executed. Further, the invention dynamically provides an opportunity to the requesting entity to purchase unauthorized functionality. In this manner, functionality within the software product may be enabled or disabled at any time (e.g., during installation, post-installation, and re-installation).

Abstract: A method and apparatus for memory encryption with reduced decryption latency. In one embodiment, the method includes reading an encrypted data block from memory. During reading of the encrypted data block, a keystream used to encrypt the data block is regenerated according to one or more stored criteria of the encrypted data block. Once the encrypted data block is read, the encrypted data block is decrypted using the regenerated keystream. Accordingly, in one embodiment, encryption of either random access memory (RAM) or disk memory is performed. A keystream is regenerated during data retrieval such that once the data is received, the data may be decrypted using a single clock operation. As a result, memory encryption is performed without exacerbating memory latency between the processor and memory.

Abstract: A system and method for encrypting secondary copies of data is described. In some examples, the system encrypts a secondary copy of data after the secondary copy is created. In some examples, the system looks to information about a data storage system, and determines when and where to encrypt data based on the information.

Abstract: A method is provided for encrypting data to be stored in a data storage medium. The method includes encrypting the data using a special key associated with the electronic device. One example of the special key is a barcode of the electronic device. The encrypted data then is stored in the data storage medium. When the data stored in the data storage medium is decrypted, only the electronic device has the special key i.e., the barcode, can reproduce the encrypted data. When the data storage medium is lost or stolen, the encrypted data cannot be decrypted by another electronic device because the barcode of current electronic device is different from the original electronic device. Therefore, the encrypted data stored in the data storage medium is prevented from being read out by other electronic devices.

Abstract: A computer related security mechanism requires that a human participate in an access verification sequence. Upon a request to access secure data, a puzzle is provided to the requester. Proper solution of the puzzle requires human participation. The puzzle is chosen such that its solution is within the capabilities of a human, but beyond the current state of the art for computer systems. The puzzled can be visually and/or audibly rendered to the user. In one configuration, the puzzle is obtained via a library of pluggable puzzle generators. Puzzle generators in the library can be replaced as the state of the art of computing technology improves.

Abstract: Systems and methods are disclosed for using cryptographic techniques to configure data processing systems. A configuration manager cryptographically controls the configuration of a system by ensuring that only authorized users or applications can change the configuration. For example, requests to change configuration information may include authenticated and/or encrypted data. These cryptographic techniques are employed to enable and/or disable functions, features and capabilities of a system. For example, a system may be reconfigured to provide strong or weak encryption based on parameters in the configuration information.

Abstract: A software computing based environment for providing secured authentication of media downloaded from a network or loaded from a media player includes two peer-mode operating virtual machines. The low-level virtual machine provides decoding and decryption functions whereas the high-level virtual machine provides application level functions such as user interface, input/output.

Abstract: Methods and apparatus in accordance with the present invention are operable to carry out certain functions including: receiving an encrypted program at a processing apparatus; transmitting at least some identification information related to the processing apparatus over a network to an administrator; receiving an encrypted decryption key at the processing apparatus over the network from the administrator in response to the at least some identification information; decrypting the encrypted decryption key; decrypting the encrypted program using the decryption key; re-encrypting the program using at least some of the identification information ; and storing the identification information and the re-encrypted program in a first storage device.

Abstract: For protecting data during transmission between a host device and a data storage device, the host device encrypts command-related information and sends the encrypted command-related information to the data storage device. The data storage device decrypts the encrypted command-related information, interprets the decrypted command-related information to generate interpreted commands, and executes the interpreted commands.

Abstract: A CPU is provided with an ability to modify its operation in accordance with an encryption key. When a program is compiled, the program is modified in order that execution may be performed with the CPU with its operation modified. In order to execute program instructions, the buffer interdependencies must match that expected by the compiler. This makes analysis of the program operation extremely difficult. The instruction buffer on a keyed microprocessor contains logic which is able to route a subset of the instruction bits on the microprocessor. This selects destination logic gates in the microprocessor which eventually reach a programmable instruction decoder and an instruction buffer interdependency checking logic block.

Abstract: A data dependent scrambler for a communications channel that receives a user data sequence including X bits that are organized as N M-bit symbols includes a seed finder that generates a scrambling seed that is dependent upon the symbols in the user data sequence. A first scrambler receives the user data sequence from the data buffer and the scrambling seed from the seed finder and generates the scrambled user data sequence. An H-code finder generates at least one of an H-code token that is dependent upon the symbols in the user data sequence and an offset of the H-code token from the scrambling seed. An H-code encoder receives the scrambled user data sequence and at least one of the H-code token and the offset. The H-code encoder increases a Hamming weight of the scrambled user data sequence using the at least one of the H-code token and the offset.

Abstract: The present invention relates to a method and a surveillance tool for managing security of mass storage devices. The method and surveillance tool installs a surveillance tool on a computer, and verifies whether there is a mass storage device connected to the computer. Then, the method determines whether the mass storage device is secured with an appropriate encryption tool, and if the mass storage device is not secured with the appropriate encryption tool, the method prevents use of the mass storage device and secures the mass storage device.