Abstract: The invention described herein provides a method and system for foiling a keylogger by creating a custom keyboard driver and passing the keystrokes directly to the browser in an encrypted format. The browser (which is used to access the Internet) has a component that decrypts the keystroke before it is sent to the website. Thus the present invention enables the user to go to any website and enter sensitive information (passwords, credit card numbers, etc.) without the keystrokes being intercepted by Keyloggers. In general terms, the invention described herein provides a method and system for (1) modifying the keyboard driver, (2) encrypting the keystrokes between the keyboard driver and the browser, and (3) notifying the user if the invention has been compromised.

Abstract: A method and apparatus for detecting potentially misleading visual representation objects to secure a computer is described. In one embodiment, the method includes monitoring visual representation object creation with respect to the browser, accessing verification information, wherein the verification information comprises commonly used user interface elements for forming legitimate system messages, examining web data associated with the created visual representation objects, wherein the web data is compared with the verification information to identify imitating content within the created visual representation objects and modifying at least one of the created visual representation objects to accentuate the imitating content.

Abstract: Various embodiments for providing datapath security in a system-on-a-chip (SOC) device are described. In one embodiment, an apparatus may comprise a security controller to configure one or more functional units connected to a shared on-chip bus embedded in an SOC device to communicate with other functional units through one or more secure datapaths. The one or more functional units may be arranged to encrypt clear data, send encrypted data out through a secure datapath, receive encrypted data in from a secure datapath, and decrypt the encrypted data to recover clear data. Other embodiments are described and claimed.

Abstract: The present invention concerns a control device (1) provided for smart card readers (SCR), a smart card reading activation device (2) and associated products including a set-top box and a daisy chain. The control device comprises means for communicating (11) with at least two smart card reading devices (SCR3, SCR4, SCR5), means for processing (12) information received from those reading devices and means for activating (13) at least one of those reading devices for a current communication. The activating means are intended to send selection data (SD) towards all those reading devices, those selection data enabling each of the reading devices to determine if it is selected or not for the current communication.

Abstract: The subject matter relates to a method for securely creating and sending an electronic message, whereby the message is created using a first application running in a secure operating system, the created message is stored in a storage that can only be accessed by the secure operating system and a virtualizing unit. In a second application executed by the virtualizing unit, the internal storage is analyzed for the presence of a message and, if the message is present, the message is transmitted to a receiver. The subject matter also relates to a method for securely receiving and processing an electronic message, whereby an external storage is analyzed for the presence of a message using a second application and, if the message is present, the message is transmitted to the internal storage. The presence of the message is polled using the first application and, if the message is present, the message is transmitted from the internal storage to the first application for processing.

Abstract: A method of generating a dynamic group key of a group formed of a plurality of nodes, the method including: unicasting a public key that is based on respective secret keys of each of a plurality of general nodes excluding a master node, which is one of the plurality of nodes, wherein the unicasting is performed by the general nodes; broadcasting to the group an encryption value obtained by exponentially-calculating a secret key of the master node to the plurality of public keys, wherein the broadcasting is performed by the master node upon receiving the plurality of public keys; and obtaining a group key by using an inverse power-calculation of the respective secret keys of each of the general nodes based on the encryption value, wherein the obtaining is performed by the general nodes.

Abstract: A steganographic message/advertisement embedding method is presented that can be used for contextual and targeted advertising supporting unobtrusive and on-demand message/advertisement delivery. The present invention presents over two client devices, the method includes receiving, on a first client device, a primary multimedia presentation with a plurality of steganographic codes embedded therein; whereby the steganographic code is not perceivable during a rendering of the multimedia presentation and the steganographic code is associated with at least one secondary multimedia presentation. Next; the primary multimedia presentation is rendered on the first client device. The first client device receives a user selection to select at least one of the steganographic codes.

Abstract: Information processing apparatus (100) ensures confidentiality of encryption and reduces overhead associated with processing not directly related to the encryption. The information processing apparatus (100) includes: application program (A158) that includes an instruction for encryption which uses a key; tampering detection unit (135x) that detects tampering of the program; CPU (141) that operates according to instructions and outputs a direction for encryption upon detecting the instruction for encryption; data encryption/decryption function unit (160) that controls switching to the protective mode according to the direction; and protected data operation unit (155) that stores a key in correspondence with the program, outputs the key in the protective mode, and controls switching to the normal mode, and the data encryption/decryption function unit (160) executes the encryption in the normal mode using the received key.

Abstract: A cable television system provides conditional access to services. The cable television system includes a headend from which service “instances,” or programs, are broadcast and a plurality of set top units for receiving the instances and selectively decrypting the instances for display to system subscribers. The service instances are partially-encrypted using public and/or private keys provided by service providers or central authorization agents. Keys used by the set tops for selective decryption may also be public or private in nature, and such keys may be reassigned at different times to provide a cable television system in which piracy concerns are minimized.

Abstract: A method and apparatus for providing software security is provided. In the software security method, an installation file of software that includes at least one execution file and at least one data file which are stored in a user terminal is executed. Accordingly, at least one virtual execution file corresponding to the at least one execution file and at least one virtual data file corresponding to the at least one data file are installed in a user area of the user terminal, and the at least one execution file, the at least one data file, and a controller for controlling the at least one virtual execution file and the at least one execution file are installed in a security area of the user terminal.

Abstract: The invention relates to a method for protecting at least one motor vehicle component against manipulation in a control device, which comprises at least one microcomputer (?C) and at least one memory module (2, 3), characterized in that the code which is necessary for operation of the control device (1) is divided into at least one master code (MC) which comprises information essential for operation of the control device (1), and at least one sub-code (SC) which comprises additional information for operation of the control device (1), at least the master code (1) being stored in the microcomputer (?C) and the master code (MC) monitoring the manipulation of the sub-code (SC).

Abstract: An information processing device includes: a local memory unit for storing data including an encrypted content; a memory for storing data including key information used to reproduce the encrypted content; and a data processing unit performing a process of writing data to the local memory unit and the memory, and a process of reproducing the encrypted content, wherein the data processing unit performs a process of writing encrypted content downloaded from a server or encrypted content copied from a medium to the local memory unit, and performs a process of decoding the encrypted content or a validity authenticating process using the data stored in the local memory unit and the data stored in the memory when reproducing the encrypted content written to the local memory unit.

Abstract: A method and a non-volatile memory apparatus for cloning prevention is provided. The non-volatile memory apparatus includes an Enhanced Media Identification (EMID) area, which is located in a specific area of the non-volatile memory, and stores an EMID for identifying the non-volatile memory; and an EMID encoder for modifying the EMID by a preset operation in conjunction with an arbitrary value.

Abstract: In a gaming environment, a method of periodically downloading dynamically generated executable modules at random intervals that perform system configuration integrity checks in a secure and verifiable manner is disclosed. The dynamically generated executable module returns the signature to a server from which it was downloaded and deletes itself from the system being checked. The next time such an executable module is downloaded, it will contain a different randomly chosen subset of hashing and encryption algorithms. The server that is performing the system configuration integrity check maintains a database of expected system configurations and performs subset of hashing and encryption algorithms as contained in the dynamically generated executable module. The result returned by the downloaded executable module is compared to that computed locally, and an error condition is raised if they do not match.

Abstract: Database management and security is implemented in a variety of embodiments. In one such embodiment, data sets containing sensitive data elements are analyzed using aliases representing sensitive data elements. In another embodiment, the sensitive data elements are stored in an encrypted form for use from a secure access, while the alias is available for standard access.

Abstract: The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node.

Abstract: In general, in one aspect, the invention relates to a method for executing applications. The method includes accessing a secure storage element via a host device including a computer processor; executing, by the computer processor, a hosted execution runtime environment (HERE) on the host device; identifying a persistent memory image of the HERE within the secure storage element; executing, by the computer processor, an application using the HERE; and applying, based on executing the application, a first set of changes to the persistent memory image.

Abstract: The present invention provides a network security apparatus for monitoring telecommunication information flowing through a network and carrying out detection of, and/or protection from, an illegitimate intrusion to the network, comprising: an anomaly judgment unit for judging a presence or absence of an abnormality of the telecommunication information based on judgment reference information by using a statistical method; a learning unit for creating the judgment reference information from the telecommunication information; a first port for importing first telecommunication information currently from the network; a second port for importing second telecommunication information accumulated by a telecommunication information accumulation apparatus historically; and a telecommunication information allocation unit for allocating the first and second telecommunication information taken in respectively from the first and second ports to the anomaly judgment unit and the learning unit, wherein the learning unit creat

Abstract: A cable television system provides conditional access to services. The cable television system includes a headend from which service “instances,” or programs, are broadcast and a plurality of set top units for receiving the instances and selectively decrypting the instances for display to system subscribers. The service instances are partially-encrypted using public and/or private keys provided by service providers or central authorization agents. Keys used by the set tops for selective decryption may also be public or private in nature, and such keys may be reassigned at different times to provide a cable television system in which piracy concerns are minimized.

Abstract: A peripheral device includes an interface configured to communicate with a computer, the peripheral device; logic configured to perform an integrity verification of an operating system of the computer; and a display configured to display a result of the integrity verification. A method for integrity verification of a computer using a peripheral device includes connecting the peripheral device to the computer; sending a challenge from the device to the computer; computing attestation data using the challenge and information stored in the computer, retrieving the attestation data from the computer by a client program running on the computer; sending the attestation data to the peripheral device; and verifying the attestation data by the peripheral device.

Abstract: A malicious-module identification device identifies and deactivates a malicious module operating in an information processing device connected thereto via a network. The malicious-module identification device is provided with a reception unit for receiving results of tampering detection from a plurality of modules for detecting tampering, and a determination unit for assuming that a module among the plurality of modules is a normal module, determining, based on the assumption, whether a contradiction occurs in the received results of tampering detection and identifying the module assumed to be a normal module as a malicious module when determining that a contradiction occurs. A deactivation unit outputs an instruction to deactivate the module identified as the malicious module.

Abstract: In one embodiment of the invention, a method is provided for protecting against attacks on security of a programmable integrated circuit (IC). At least a portion of an encrypted bitstream input to the programmable IC is decrypted with a cryptographic key stored in the programmable IC. A number of failures to decrypt the encrypted bitstream is tracked. The tracked number is stored in a memory of the programmable IC that retains the number across on-off power cycles of the programmable IC. In response to the number of failures exceeding a threshold, data that prevents the decryption key from being used for a subsequent decryption of a bitstream is stored in the programmable IC.

Abstract: A method for hindering detection of information unintentionally leaked from a secret held in a memory unit is described, the method including receiving a triggering event waiting for at least a first amount of time to pass after the receipt of the triggering event, the memory unit being in a non-operational state during the at least a first amount of time after the at least a first amount of time has passed, changing at least one first condition under which the memory unit operates, thereby causing the memory unit to enter an operational state, waiting for a second amount of time to pass after the changing at least one first condition, and changing, after the second amount of time, at least one second condition under which the memory unit operates, thereby causing the memory unit to enter the non-operational state, wherein access to the secret information is enabled only during the second amount of time, and detection of secret information unintentionally leaked is limited during the first amount of time.

Abstract: When unauthorized use of a device is suspected, a recharging mechanism (e.g., recharge-circuit) of the device is disabled in order to guard against extended unauthorized use of the device. The recharging mechanism normally recharges the rechargeable-power-supply that powers the device. Consequently, normal use and enjoyment of the device can be significantly reduced by disabling the rechager. Moreover, for devices that are mainly powered by a rechargeable-power-supply (e.g., music-players, phones, Personal Digital Assistants), disabling the recharger effectively renders the device inoperable when the power of the main power-supply has run out. As such, disabling the recharger should serve as a deterrent to theft.

Abstract: The invention relates to a method of securing a changing scene composed of at least one element and intended to be played back on a terminal. According to the invention, such a method comprises the following steps: creation (10) of at least one security rule, defining at least one authorization to modify said scene and/or at least one element of said scene and/or an authorization to execute at least one command in a context of playing back said scene on said terminal; allocation (10) of a security policy, comprising at least one of said security rules, to said scene and/or to at least one of said elements of said scene.

Abstract: An electronic device 100 executes a key-using process that uses a key. A physical quantity generation part 190 generates a physical quantity intrinsic to the electronic device and having a value which is different from one electronic device to another and different each time the physical quantity is generated. A key generation part 140 generates the same key for each key-using process, based on the physical quantity generated by the physical quantity generation part 190, each time the key-using process is to be executed, immediately before the key-using process is started. A key-using process execution part 1010 executes the key-using process such as generation of a keyed hash value, by using the key generated by the key generation part 140. A control program execution part 180 deletes the key generated by the key generation part 140, each time the key-using process is ended.

Abstract: A system for binding a subscription-based computer to an internet service provider (ISP) may include a binding module and a security module residing on the computer. The binding module may identify and authenticate configuration data from peripheral devices that attempt to connect to the computer, encrypt any requests for data from the computer to the ISP, and decrypt responses from the ISP. If the binding module is able to authenticate the configuration data and the response to the request for data from the ISP, then the security module may allow the communication between the computer and the ISP. However, if either the configuration cycle or the response cannot be properly verified, then the security module may degrade operation of the computer.

Abstract: A system, method, and computer program product are provided for mounting an image of a computer system in a pre-boot environment for validating the computer system. In use, an image of a computer system is mounted in a pre-boot environment of the computer system, where the image includes a file system structure and initialization data of the computer system. Furthermore, at least one task is performed on the mounted image for validating the computer system.

Abstract: A method and system for binding a device to a planar is disclosed. According to the preferred embodiment of the method and system of the present invention, a programmable memory chip is provided on the planar and the device is detachably attached to the planar. The method and system further includes using the programmable memory chip to bind the device to the planar. Through the aspects of the present invention, the programmable memory chip transmits a message associated with the planar to the device, which is programmed to receive the message associated with the planar. If the message received by the device is not the message associated with the planar, the device is disabled.

Abstract: The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node.

Abstract: A computing data center that contains a set of physically isolatable units of computing resources for which a physical security exception action plan is to be provided. Upon determining that a security event has occurred for one or more physically isolatable units, the computing data center implements physical security settings on potentially affected computing resources so that a physical security exception action plan can be met. The computing data center may, for example, remove data from the physically isolatable units and make the removed data available elsewhere.

Abstract: A method of securely transferring data. The source data stored in a source memory (NV_MEM) is compared with the transferred data (COPY_ELT_X_V_MEM) that has been copied from the source memory (NV_MEM) into a “destination” memory (V_MEM). The method consists in reading from the source memory (NV_MEM) an integrity value (PI_ELT_X) associated with an element (ELEMENT_X_NV_MEM) such as file containing the source data, in calculating the integrity of a reconstituted element made up of the transferred data (COPY_ELT_X_V_MEM) associated, where appropriate, with the data of the source element (ELEMENT_X_NV_MEM) other than the data that was transferred, and in deciding that the transferred data (COPY_ELT_X_V_MEM) is identical to the source data when the integrity calculation gives a value identical to the integrity value of the source element (PI_ELT_X). The method applies to transferring data between components of a smart card.

Abstract: Methods, systems, and computer program products for protecting information on a user interface based on a viewability of the information are disclosed. According to one method, a viewing position of a person other than a user with respect to information on a user interface is identified. An information viewability threshold is determined based on the information on the user interface. Further, an action associated with the user interface is performed based on the identified viewing position and the determined information viewability threshold.

Abstract: A printing system and printer with an electronic signature capability, and a method thereof are provided. To print security documents using an electronic signature stored in a portable memory, the printing system of the invention includes a portable memory for storing an electronic signature. A memory interface connects detachably to the portable memory. A printer receives the electronic signature from the memory interface, composes the received electronic signature with print data, and executes a print operation. Accordingly, a stamping or signature process on numerous documents can be facilitated, and excessive stamping or signature execution can be prevented. Moreover, the electronic signature of the invention can be executed on various types of forms or documents.

Abstract: In one embodiment of the present invention a secure cryptographic device is provided. The device includes a power supply interface, a cryptographic processing block coupled to the power supply interface, a random number generator, and a complex multiplication circuit. The complex multiplication circuit has an output coupled to the power supply interface for modulating a power variation waveform detectable on the power supply interface. The complex multiplication circuit also has a first input coupled to an output of the random number generator and a second input coupled to the power supply interface.

Abstract: Code of a software product is delivered by embodying, on a computer-readable storage medium, installation code for installing the software product code on a computer and DRM code for permitting the installation only if a predetermined condition is satisfied. If the condition is violated, the installation code is erased and that part of the storage medium then is available for general use.

Abstract: A system comprising a circuit board and an integrated circuit device mounted on the circuit board by means of an external contact, and comprising an anti-tamper device being connectable to the external contact to switch the integrated circuit device into a safe mode upon application of a predetermined electrical state at the external contact is described.

Abstract: A program execution device capable of protecting a program against unauthorized analysis and alteration is provided. The program execution device includes an execution unit, a first protection unit, and a second protection unit. The execution unit executes a first program and a second program, and is connected with an external device that is capable of controlling the execution. The first protection unit disconnects the execution unit from the external device while the execution unit is executing the first program. The second protection unit protects the first program while the execution unit is executing the second program.

Abstract: A method and system for testing a file (or packet) formed from a sequential series of information units, each information unit within a predetermined set of information units, e.g., each information unit may correspond to a character within the ASCII character set. An information unit-pair entropy density measurement is calculated for the received file using a probability matrix. The probability matrix tabulates the probabilities of occurrence for each possible sequential pair of information units of the predetermined set of information units. The computed information unit-pair entropy density measurement is compared with a threshold associated with an expected file type to determine whether the received file is of the expected file type or of an unexpected file type. The probability matrix may optionally be generated from the received file prior to calculating the density thereof. The probability matrix may optionally be predetermined based on the expected file type.

Abstract: In one embodiment, a method for detecting malicious software agents, such as domain-flux botnets. The method applies a co-clustering algorithm on a domain-name query failure graph, to generate a hierarchical grouping of hosts based on similarities between domain names queried by those hosts, and divides that hierarchical structure into candidate clusters based on percentages of failed queries having at least first- and second-level domain names in common, thereby identifying hosts having correlated queries as possibly being infected with malicious software agents. A linking algorithm is used to correlate the co-clustering results generated at different time periods to differentiate actual domain-flux bots from other domain-name failure anomalies by identifying candidate clusters that persist for relatively long periods of time.

Abstract: Provided is an information security apparatus that has enhanced stability and confidentiality of a hash key. The information security apparatus includes an information generating PUF unit that has tamper resistance set, using physical characteristics, so as to output a preset hash key, a partial error-correction information storage unit that stores partial error-correction information, an error correcting PUF unit that has tamper-resistance set, using physical characteristics, so as to output error-correcting PUF information, an error-correction information generating unit that generates error-correction information using partial correction information and the error-correcting PUF information, and an error correcting unit that corrects an error for the hash key outputted from the information generating PUF unit and outputs an error-corrected hash key.

Abstract: Many storage devices are not aware of file systems while many computer host devices read and write data in the form of files. The host device provides a key reference or ID, while the memory system generates a key value in response which is associated with the key ID, which is used as the handle through which the memory retains complete and exclusive control over the generation and use of the key value for cryptographic processes, while the host retains control of files.

Abstract: A recording, recovering, and replaying method for real traffic is used for processing a plurality of network packets of a plurality of network connections. A recording procedure of the method includes the following steps. A recording parameter (N, M, P) is received. A header and a payload of each network packet of the network connections are completely recorded, and a payload accumulation value of each network connection is accumulated. When one of the payload accumulation values exceeds N, the header of each network packet and first M bytes of the payload are recorded for P consecutive network packets corresponding to the payload accumulation value. When one of the payload accumulation values exceeds N and after the P consecutive network packets of the network connection corresponding to the payload accumulation value are recorded, the header of each network packet is recorded for the network connection corresponding to the payload accumulation value.

Abstract: A target computing environment is secured by a hardware trust anchor that provides a trust state of the target computing environment based upon a security audit of the target computing environment. And diagnosing the target computing environment can be diagnosed by the hardware trust anchor according to the security diagnostic information.

Abstract: A system and method of recovering encoded information contained in a device by storing and retrieving at least part of the necessary decoding data by setting and measuring the physical characteristics of the device. Storage and recovery options include, but are not limited to, measurement of electronic or optical characteristics of electrically or optically conductive portions of the device using a range of measurement techniques that include, but are not limited to, time-domain reflectometry.

Abstract: A method and system for protecting a printed circuit board (PCB) from tampering positions a physical sensor proximal to the PCB. An initialization period is established and an output signal from the sensor is continuously monitored to establish threshold parameter data. Periodically, the sensor is polled and an output signal received which is compared to the threshold parameter data. A detected intrusion signal is generated if the received signal exceeds the threshold by a predetermined level. A detected intrusion is validated using a sent of validation rules which analyze the detected intrusion based on historical sensor output values and factors such as duration or frequency of intrusion detections. If the detected intrusion is validated, a validated signal is generated which triggers a reset processor to output a reset signal that causes erasure of at least a portion of onboard memory.

Abstract: Protection of cryptographic keys is converted between one level of security and another level of security. The one level of security is different from the another level of security, and the another level of security includes the components of the one level of security.

Abstract: A method for generating vulnerability reports based on application binary interface/application programming interface usage may include extracting a binary file and a security report relating to a software program, the security report having a vulnerability list of pending vulnerabilities relating to the software program, and detecting, from the binary file, interface usage details associated with interfaces and shared libraries used by the software program. The interfaces include application binary interfaces (ABIs). The method may further include matching the interface usage details with the pending vulnerability of the vulnerability list, and generating a vulnerability report based on matching.

Abstract: A program comprises a functional block. The functional block is encrypted, additional code is added to the program and a protected program is generated that is executable only in the presence of a predetermined license in a computer system which comprises a protection module for protection against unauthorized execution of the protected program. If the encrypted functional block is to be executed, the additional code is executed. If a license is present, the additional code and/or the protection module causes decryption of the functional block, allows execution of the decrypted functional block, and upon completion of execution of the functional block, causes removal of the decrypted functional block from the working memory.

Abstract: A device receives protected content and a license for the content, unprotects the content using an input key and retrieves a rule associated with the input key. The device then processes the content to create new content, retrieves at least one output key associated with the input key in the retrieved rule, protects the content using the output key and sends the newly protected content and the corresponding license. It is thus possible to impose a work flow as it is necessary for a device to store a particular key in order to access the content and as the rule imposes a particular output key depending on the input key. In a preferred embodiment, the content is scrambled using a symmetrical key that is encrypted by an asymmetrical key in the license. An alternate embodiment uses watermarking techniques instead of encryption. The invention finds particular use in video processing.