Inventors list

Assignees list

Classification tree browser

Top 100 Inventors

Top 100 Assignees


Subclass of:

713 - Electrical computers and digital processing systems: support

Patent class list (only not empty are listed)

Deeper subclasses:

Class / Patent application numberDescriptionNumber of patent applications / Date published
713168000 Particular communication authentication technique 2521
713155000 Central trusted authority provides computer authentication 801
713164000 Security kernel or utility 285
713153000 Particular node (e.g., gateway, bridge, router, etc.) for directing data and applying cryptography 283
713151000 Protection at a particular protocol layer 170
713160000 Packet header designating cryptographically protected data 97
713162000 Having particular address related cryptography 58
20130031355SYSTEM AND METHOD FOR SECURE AND/OR INTERACTIVE DISSEMINATION OF INFORMATION - An interactive information dissemination system includes a media server (01-31-2013
20130031354SYSTEM FOR PREVENTING UNAUTHORIZED ACQUISITION OF INFORMATION AND METHOD THEREOF - A server apparatus includes: an output detector for detecting output-processing which is processing of outputting data from the application program into a shared area; and an output control section for storing instruction information in the shared area, instead of storing the output data outputted from the application program therein, in response to the detection of the output-processing, the instruction information specifying an acquisition method by which an authorized client apparatus acquires the output data. The client apparatus includes: a reading detection section for detecting reading-processing which is processing of reading data from the shared area; and a reading control section which reads the instruction information from the shared area in response to the detection of the reading-processing, and which acquires the output data by the acquisition method specified by the instruction information.01-31-2013
20090063847CONTENT PROTECTION METHOD AND APPARATUS - There is disclosed a content protection method and apparatus. The content protection method and apparatus further improves such related schemes by facilitating spatial as well as temporal management of content. This is achieved by storing encrypted content and a corresponding decryption key and destroying the decryption key when suitable. In order to further facilitate the content protection, the decryption key may be received periodically, which allows for a large number of people to connect to the network at different times.03-05-2009
20090210694INFORMATION TRANSMISSION APPARATUS AND METHOD, INFORMATION RECEPTION APPARATUS AND METHOD, AND INFORMATION-PROVIDING SYSTEM - Described herein is an information transmission apparatus for encrypting and transmitting first data and second data, the information transmission apparatus including: encryption element for deriving a second key from a first key by using an irreversible function, encrypting the first data by using the first key to generate encrypted first data and encrypting the second data by using the second key to generate encrypted second data; and transmission element for transmitting the encrypted first data, the encrypted second data and the first key.08-20-2009
20100058049SECURE DATA COMMUNICATION SYSTEM - The description relates to a system designed to protect data exchange involved with the use of cloud computing infrastructures by services and individuals. The system is designed so that a cloud resource and its middleware access points are protected in transferring data among themselves and end users using a system designed to spread the data and then reassemble the data.03-04-2010
20100017593IDENTITY-BASED-ENCRYPTION SYSTEM - A system is provided that uses identity-based encryption (IBE) to allow a sender to securely convey information in a message to a recipient. A service name such as a universal resource locator based at least partly on the name of an organization may be associated with a local key server at the organization and a public key server external to the organization. Users at the organization may use the service name to access the local key server to obtain IBE public parameter information for performing message encryption and to obtain IBE private keys for message decryption. External to the organization, users may obtain IBE public parameter information and IBE private keys from the public key server using the same service name. The local key generator and the public key generator may maintain identical copies of the same IBE master secret.01-21-2010
20110191576INTEGRATION OF PRE REL-8 HOME LOCATION REGISTERS IN EVOLVED PACKET SYSTEM - Cryptographic network separation functionality is provided on a user device. An option to store information about a type of database where a user is homed is provided in an indicator on a storage medium. An interface is provided between the user device and the storage medium for accessing the indicator. In case the information about the type of database cannot be obtained from the storage medium, it is determined not to enforce the cryptographic network separation functionality on the user device.08-04-2011
20130046969METHODS FOR DECRYPTING, TRANSMITTING AND RECEIVING CONTROL WORDS, RECORDING MEDIUM AND CONTROL WORD SERVER TO IMPLEMENT THESE METHODS - A method of transmitting control words to terminals that are mechanically and electronically independent of one another includes transmitting, to a terminal, an absent control word in response to a request from the terminal that contains a cryptogram corresponding to the absent control word, for the terminal, selectively determining a number of additional control words to be transmitted to the terminal as a function of a probability that security of the additional control words is compromised, and transmitting, to the terminal, in addition to the absent control word, the determined number of additional control words to enable the terminal to descramble at least one additional cryptoperiod of the multimedia content in addition to the cryptoperiod of the multimedia content that can be descrambled using the absent control word.02-21-2013
20110197058HIDING A DEVICE IDENTITY - The present invention relates to hiding a device identifier (IMEI) in a communication system. Identifying a device is done by indicating an international mobile equipment identity (IMEI) as an instance identifier of the device of a user. Generating aglobally routable user agent uniform resource identifier (GRUU) for the user is done by encrypting the instance identifier so that the GRUU comprises an identity of the user and the encrypted instance identifier.08-11-2011
20100077202DIGITAL RIGHTS MANAGEMENT PROVISION APPARATUS, SYSTEM, AND METHOD - Provided is digital rights management (DRM) provision technology, and more particularly, are an apparatus, system, and method which can easily provide content using one or more DRM systems. A DRM provision apparatus includes a content download unit which downloads encrypted real content and dummy content from a download server and which manages the downloaded real content and dummy content; a license management unit which manages a license issued by a license server; and a processing unit which manages the downloaded real content and dummy content and the issued license.03-25-2010
20100077201INFORMATION PROCESSING UNIT, TERMINAL UNIT, INFORMATION PROCESSING METHOD, KEY GENERATION METHOD AND PROGRAM - There is provided an information processing unit enabling reduction of the number of keys to be held by a terminal unit and the amount of calculations necessary for decryption of encrypted data. The information processing unit configures an entire binary tree made up of n-number of leaf nodes, a root node and a plurality of intermediate nodes different from the root node and the leaf nodes and divides the entire tree into a plurality of base subtrees including n03-25-2010
20130080764Secure Remote Credential Provisioning - An embodiment uses hardware secrets secured within a security engine to provide a secure solution for field key provisioning. An embodiment is operating system independent due to the out-of-band communications with the security engine. Secrets need not be provisioned during manufacturing time. An embodiment may ensure only security engine specific provisioned secrets are used at runtime. Other embodiments are addressed herein.03-28-2013
20130080766Collaborative Agent Encryption and Decryption - A method for securely transmitting data from a sender computer system to a receiver computer system comprises receiving cleartext message by a first intelligent agent environment; splitting said message into a plurality of message fragments; creating an intelligent agent for each message fragment; generating a key for each message fragment; encrypting each said message fragment to produce a respective encrypted message fragment; and transmitting each intelligent agent with said respective encrypted message fragment as a data payload. The method may further comprise receiving each intelligent agent with its respective encrypted message fragment as a data payload by a second intelligent agent environment at the receiver computer system; locating each of a set of agents; decrypting each encrypted respective message fragment to produce a respective cleartext message fragment; and collaborating by the set of agents to recombine cleartext message fragments to form a cleartext message.03-28-2013
20130080763PERSONAL MESSAGING SECURITY - A method may include creating, by a user device, an electronic message, the electronic message comprising destination information corresponding to an intended recipient of the electronic message. The method many include receiving, by the user device and from a user, a security key corresponding to a particular type of user input and corresponding to the intended recipient of the electronic message. The method may include encrypting, by the user device, the electronic message based on the security key, and the method may include communicating, by the user device, the electronic message based on the destination information corresponding to the intended recipient.03-28-2013
20090119502Apparatus and Method for Securing Data on a Portable Storage Device - A portable storage device including a microprocessor and a secure user data area, the microprocessor operable to perform on-the-fly encryption/decryption of secure data stored on the storage device under a user password, the microprocessor also operable to exclude access to the secure user data area unless the user password is provided.05-07-2009
20130080765SECURE CLOUD STORAGE AND SYNCHRONIZATION SYSTEMS AND METHODS - A secure cloud storage and synchronization system and method is described that provides, among other things: (1) local password recovery, including a mechanism by which the user of the system can recover their password without having stored it on a remote server; (2) secure, private versioning of files, including a mechanism to privately store a version history of files on one or more remote servers in such a way that it is technically infeasible for anyone other than the legitimate owner to access any component of the file history; (3) secure, private de-duplication of files stored on one or more remote servers that reduces storage requirements by allowing for the storage of a single file when there are duplicates, even across users; and (4) secure, private sharing of files between users of the system that allows one user to share a file on the “cloud” with another user without deciphering or transporting the file.03-28-2013
20090172388PERSONAL GUARD - In some embodiments data input to an input device is encrypted before it is received by any software. Other embodiments are described and claimed.07-02-2009
20120210118SECURE SHARING OF ITEM LEVEL DATA IN THE CLOUD - Implementations of the present disclosure are directed to sharing data in a supply chain, the data corresponding to an item having a tag associated therewith. Methods include determining a random number from the tag, the random number being unique to the item, selecting a first integer and a second integer, generating a first public key based on the first integer and a semi-public key based on the second integer, generating an identifier based on the first public key and the random number, generating a key based on the semi-public key and the random number, encrypting the data using the key to provide encrypted data, defining a tuple comprising the identifier and the encrypted data, and transmitting the tuple over a network for storage in a persistent storage device.08-16-2012
20100100723SERVICE APPLICATION PLATFORM AND METHOD FOR ACCESSING SERVICE APPLICATION PLATFORM - This invention provides a service application platform and a method for accessing a service application platform. The service application platform includes: a processing interface, adapted to send a service request to a service application client; the service application client, adapted to receive the service request sent from the processing interface, and to send the service request to a server; and the server, adapted to process the service request, and to provide a user with requested information.04-22-2010
20100106960CONTENT TRANSMITTING DEVICE, CONTENT RECEIVING DEVICE AND CONTENT TRANSMITTING METHOD - Before content transmission, the content transmitting device and the content receiving device mutually authenticate each other to verify that the other device respects copyright and rightfully handles content, and then content is encrypted by shared key data and transmitted. It is arranged that in an authentication process, a time from transmission of an authentication request or a time from transmission of an authentication response until arrival of receipt acknowledgement data is measured and only when a measured time is less than a fixed upper-limit value, content is transmitted.04-29-2010
20100106959Triple and quadruple churning security for 1G and 10G PON - A data encryption-decryption method for enhancing the confidentiality of data transmitted between two, first and second communication network entities including the steps of: at the first network entity, performing a quadruple-churning operation on a byte N to obtain an encrypted byte N, the quadruple-churning operation including: performing a first churning operation to obtain a first churned output; bit-wise XORing the first churned output with two values to obtain a first XOR result; bit-swapping the first XOR result; performing a second churning and XORing stages to obtain a second XOR result; performing a third churning and XORing stages to obtain a third XOR result; bit swapping the third XOR result; and performing a fourth churning operation on the third bit-swapped XOR result to obtain encrypted byte N; and transmitting the encrypted byte N to the second network entity.04-29-2010
20120166793APPARATUS AND METHOD FOR SHARING AND USING COMMENT ON CONTENT IN DISTRIBUTED NETWORK SYSTEM - An apparatus and method for sharing and using content, and a comment on the content, via a distributed network are provided. A comment sharing apparatus for sharing a comment on content may generate the comment on the content, may set an access control policy for the comment, may generate a comment key based on the access control policy, may encrypt the comment using the comment key, and may share the encrypted comment via the distributed network. In response to the access control policy being accessible by only a content sharer sharing the content, the comment sharing apparatus may encrypt the comment key using a public key of the content sharer, and may share the encrypted comment key. Additionally, in response to the access control policy being accessible by only a content sharer sharing the content and a comment sharer sharing the comment, the comment sharing apparatus may encrypt the comment key using a public key of the content sharer and using a public key of the comment sharer, and may share the encrypted comment keys.06-28-2012
20130046968Automobile Data Transmission - A device transmits automobile data to a server in a communication network. The device records the automobile data obtained from a plurality of sensors installed in the automobile. The device transmits a random access preamble on a first plurality of subcarriers of an uplink carrier to a base station, when a pre-defined condition is met. The device encrypts the automobile data using a first encryption key and transmits the encrypted automobile data to a server via a base station. The base station decrypts the automobile data before forwarding it to the server.02-21-2013
20100005287DATA SECURITY FOR DIGITAL DATA STORAGE - A computing system includes data encryption in the data path between a data source and data storage devices. The data storage devices may be local or they may be network resident. The data encryption may utilize a key which is derived at least in part from an identification code stored in a non-volatile memory. The key may also be derived at least in part from user input to the computer. In a LAN embodiment, public encryption keys may be automatically transferred to a network server for file encryption prior to file transfer to a client system.01-07-2010
20120191969SYSTEM AND METHOD FOR NETBACKUP DATA DECRYPTION IN A HIGH LATENCY LOW BANDWIDTH ENVIRONMENT - A system and method for efficient transfer of encrypted data over a low-bandwidth network. A backup server and a client computer are coupled to one another via a first network. The backup server is coupled to a remote data storage via another network, such as the Internet, also referred to as a cloud. The backup server encrypts received data for backup from the client computer. Cryptography segment and sub-segment sizes may be chosen that are aligned on a byte boundary with one another and with selected backup segment and sub-segment sizes used by backup software on the remote data storage. A selected cryptography algorithm has a property of allowing a given protected sub-segment with the cryptography sub-segment size to be decrypted by initially decrypting an immediate prior protected sub-segment that has the same cryptography sub-segment size. Therefore, the size of data transmitted via the cloud may be smaller than the cryptography segment size.07-26-2012
20130073842CONTROLLER- KEYPAD/CARD READER IDENTIFICATION SYSTEM INCLUDING CARD PROGRAMMING AND SECURE COMMUNICATIONS - An access control system including bi-directional communication between a controller and peripheral authentication devices utilized for selectively accessing a locked door is provided. The access control system provides components and circuitry to enable a user to securely assign and designate any card reader compatible card as an appropriate programming card and thereby activate or deactivate users and/or cards. The present invention further provides encrypted communication between the controller device and a PC.03-21-2013
20130061037ENCRYPTION COMMUNICATION METHOD, APPARATUS AND SYSTEM - An encrypted communication method relating to communication technologies includes allocating a same encryption key for a first application and a terminal that is only bound to the first application. The method also includes transparently transmitting information communicated between the terminal and the first application when determining that the terminal communicates with the first application by using the same encryption key.03-07-2013
20130061034Transparent Mode Encapsulation - A method for providing transparent Ethernet frame adjacency may include removing a MAC addresses from a received Ethernet frame to generate a partial Ethernet frame. The partial Ethernet frame may then be encrypted. The encrypted Ethernet frame may be encapsulated in an Internet Protocol (IP) packet. The IP packet may include an indication of a Security Association (SA). The packet may be sent over a non-secure network. A device may de-encapsulate the payload of a received IP packet to generate the encrypted partial Ethernet frame. The device may decrypt the encrypted partial Ethernet frame to generate a partial Ethernet frame. The decryption device may new MAC addresses based on the SA indicated in the received IP packet. The device may append the new MAC addresses to the partial Ethernet frame such the transmitted Ethernet frame is identical to the Ethernet Frame originated at the source network device.03-07-2013
20130061036METHOD AND APPARATUS FOR PROVIDING A STRUCTURED AND PARTIALLY REGENERABLE IDENTIFIER - An approach is provided for generating a structured and partially regenerable identifier. An identification generation platform receives a request to generate at least one regenerable that includes, at least in part, a plurality of fields. The identification generation platform determines to separately hash and/or encrypt the respective ones of the plurality of fields. A generation of the at least one identifier is caused, based at least in part, on the hashed and/or encrypted respective ones of the plurality of fields.03-07-2013
20130061035METHOD AND SYSTEM FOR SHARING ENCRYPTED CONTENT - The present invention relates to the field of sharing encrypted content. In one form, the invention relates to multiple user access and management of encrypted content. In one particular aspect, the present invention is suitable for use in community controlled encryption of shared content using indirect keys.03-07-2013
20120226901System, Method and Apparatus For Secure Telecommunications In A Home Area Network - Secure message transfer is provided in a network including at least a Home Area Network (HAN) having network devices A, B and C. The Home Area Network is capable to connect domains having different transmission formats and includes a secure communication protocol. Device A is capable to communicate at least one message to the device C according to the secure communication protocol, and device B is capable to receive at least one message from device A sent for reception and decryption by device C. A device D controls the secure message transfer and selectively disables device B from decrypting the message received by device B that is sent from device A to device C for decryption.09-06-2012
20120226900ENFORCING SOFTWARE UPDATES IN AN ELECTRONIC DEVICE - A Set Top Box (STB) or client computer includes a communication interface operable to receive digital messages and digital content, memory operable, and processing circuitry coupled to the communication interface and to the memory. The STB is operable to receive a digital message, extract a key portion from the digital message, extract a rights portion from the digital message, determine a code version based upon the rights portion, read a stored code version from the memory, and compare the code version to the stored code version to validate the software instructions. Upon an unfavorable comparison of the code version to the stored code version, initiates an error action that may include sending a message to a service provider device for software instruction reloading, rebooting, and/or disable decryption of the digital content. Extracting the rights portion from the digital message may include decrypting the key portion to produce a decrypted result and decrypting the rights portion using the decrypted result to produce the decrypted rights portion.09-06-2012
20130067214COMMUNICATION DEVICE AND COMMUNICATION METHOD - There is provided a communication device in which a network access authenticating unit executes a network access authentication process with an authentication server to establish a connection to a network, the authentication process including generation of information shared with the authentication server, a communication unit receives an authentication result message from the authentication server when succeeding in the network access authentication process, the authentication result message containing an authentication result indicating success in the network access authentication process and an encrypted network key; a key transport key generating unit generates a key transport key by use of the information generated in the network access authentication process; and a network key acquiring unit acquires a network key by decrypting the encrypted network key contained in the authentication result message with the key transport key, the communication unit encrypts data with the network key and transmits encrypted data to the network.03-14-2013
20130067213DYNAMIC ENCRYPTION AND DECRYPTION FOR NETWORK COMMUNICATION - Dynamic encryption for network communication includes distributing a key to a network entity and storing the key into the key table. A key in the key table is used to encrypt data, and an index of the used key in the key table is attached to the encrypted data. The encrypted data is sent to the network entity. Dynamic decryption for a network communication includes receiving a key from a network entity and storing the received key into a key table. Encrypted data is received from the network entity. A key in the key table is located based on an index attached to the data and the data is decrypted with the located key.03-14-2013
20130067212SECURING IMPLEMENTATION OF CRYPTOGRAPHIC ALGORITHMS USING ADDITIONAL ROUNDS - In the field of computer enabled cryptography, such as a keyed block cipher having a plurality of sequenced rounds, the cipher is hardened against an attack by a protection process which adds rounds to the cipher process. This is especially advantageous in a “White Box” environment where an attacker has full access to the cipher algorithm (process), including the algorithm's internal state during its execution. In one version, a specific number of rounds are added over those of a standard version of the cipher to both encryption and the complementary decryption. The added rounds are inserted immediately after the last of the standard rounds in the sequence. In another version, the added rounds are one or more opposing paired rounds of encryption/decryption or decryption/encryption which effectively cancel each other out, and may be inserted anywhere in the sequence of standard rounds.03-14-2013
20130067211OPERATIONAL MODE FOR BLOCK CIPHERS - In the field of computer enabled cryptography, such as a keyed block cipher having a plurality of sequenced rounds, the cipher is hardened against attack by a protection process. The protection process uses block lengths that are larger or smaller than and not an integer multiple of those of an associated standard cipher, and without using message padding. This is operative in conjunction with standard block ciphers such as the AES, DES or triple DES ciphers, and also with various block cipher cryptographic modes such as CBC or EBC.03-14-2013
20110022834SYSTEMS AND METHODS FOR SHARED SECRET DATA GENERATION - Disclosed examples of secure communications involve generating, by a mobile communication network device, a shared secret data having a length of M units. A first operation on groups of one of N units of a randomly generated base shared secret data and one of a plurality of secret values thereby generates a plurality of first operation results. A second operation on a select plurality of the first operation results generates a plurality of second operation results. The randomly generated base shared secret data can have a length of N units, where N is less than M. The shared secret data is constructed from at least one of the first operation results and the plurality of second operation results.01-27-2011
20120272052METHOD FOR GENERATING A CRYPTOGRAPHIC KEY FOR A PROTECTED DIGITAL DATA OBJECT ON THE BASIS OF CURRENT COMPONENTS OF A COMPUTER - A method for coupling protected digital data object, for example an application program, and a specified computer, which allows for, if desired, individual components of the computer to be modified. A cryptographic key is generated on the basis of current components of a computer in order to decrypt an encrypted, computer-specific authorization code for executing a protected digital data object on the computer. The computer-specific authorization code is encrypted with a key based on original components of the computer. The key can be determined from the current components of the computer even if they are different from the original components of the computer.10-25-2012
20090013173Portable cross platform database accessing method and system - A user manages a database or other application through a remote graphical user interface on a server device through a client device. A cross platform database translation module resides on the client device. The client device may also store cross platform authentication, configuration, and report generating modules for validating a user id and presenting database results in a desirable format. The modules on the client device request applications from a server device, may request validation from an authorization server, may configure embedded devices, and may query a database. The database may reside on a server, on the client device, or on another device.01-08-2009
20090006839Communication device, communication log transmitting method suitable for communication device, and communication system - A communication device collects encrypted packet data passing through the communication device. The communication device extracts parameters required to generate a decryption key used when the collected packet data is decrypted. The communication device notifies a key managing device of the extracted parameters. The communication device acquires the decryption key, generated by the key managing device using the parameters of which notification has been given, from the key managing device. The communication device decrypts the collected packet data using the acquired decryption key and analyzes the decrypted packet data. The communication device extracts profile information from the analyzed packet data. The communication device transmits the extracted profile information and network information related to a network through which the encrypted packet data passes to a communication log device as a communication log.01-01-2009
20090006838Methods for Downloading a Digital Work Automatically Bound with Characteristics of a Portable Device - Disclosed is a method for downloading a digital work automatically bound with characteristics of a portable device, which refers to a technology of digital rights protection using an embodied system. The method achieves convenient and safe binding of digital works for a portable device. A storage space of the portable device stores digital contents and an executable program which is executed automatically after the portable device is connected to a network terminal. By this method, copyright-protected digital contents can be purchased or borrowed, and downloaded to the portable device.01-01-2009
20130166902SIMPLIFIED SMARTCARD PERSONALIZATION METHOD, AND CORRESPONDING DEVICE - The invention relates to a method for personalizing an electronic device using an encryption device adaptable to standard certified apparatuses. The encryption device makes it possible to ensure the confidentiality of the transfer of a secret code from the user to a possible personalization server.06-27-2013
20110035579CONTENT DISTRIBUTION METHOD AND CONTENT DISTRIBUTION PACKAGE - A content distribution method distributes a package containing a content from a content distribution apparatus to a terminal of a content distribution destination and causes the terminal to expand and display the content contained in the distributed package by using expansion software provided in the terminal. Update data of the expansion software is inserted in the package in addition to the content. When the terminal cannot expand the content by using the expansion software provided in it, the terminal updates the expansion software provided in it by using the update data contained in the distributed package and expands the content by using the updated expansion software.02-10-2011
20110035578SECURE COMMUNICATION SYSTEM - A communications system (02-10-2011
20090044005Unauthorized communication detection method - According to an aspect of an embodiment, a method for controlling an apparatus for transferring data from a plurality of first devices to a second device via a network, the data being transferred by using a packet, the method comprises the steps of: extracting encryption information identifying method of encryption conveyed by a packet and destination information identifying destination of the packet transmitted from one of the first devices; counting the number of kinds of the destination information extracted from packets associated with the same encryption information, respectively; and determining an unauthorized communication when the number of kinds of the encryption information is less than a predetermined value.02-12-2009
20100325416Method and Apparatus for Use in a Communications Network - A method is provided for use in a Mobile IP network in which it is determined whether a Mobile Node (12-23-2010
20110191577Media Processing Devices For Adaptive Delivery Of On-Demand Media, And Methods Thereof - In one embodiment, a method of streaming media includes partitioning a media stream to be transmitted into a first stream of media segments at a media server. The first stream of the media segments has a first sequence. An index table is generated to identify the first sequence of the first stream of the media segments. The index table is encrypted using a key. A second stream of the media segments is generated. The second stream has a second sequence, which is random relative to the first sequence. The encrypted index table and a transcoded media stream having the second stream of the media segments are transmitted.08-04-2011
20110283100Determination and Display of LUN Encryption Paths - A management station which manages the encryption devices in a SAN to set up encrypted LUNs. In setting up the encryption, the source and target ports are identified, along with the target LUN. LUN serial numbers used to identify unique LUNs. As paths to a given LUN are defined, the management station compares the path to existing paths and provides an indication if there is a mismatch in the encryption policies or keys being applied to the LUN over the various paths. This allows the administrator to readily identify when there is a problem with the paths to an encrypted LUN and then take steps to cure the problem. By determining the paths and then comparing them, the management station greatly simplifies setting up multipath I/O to an encrypted LUN or access by multiple hosts to an encrypted LUN.11-17-2011
20110283099Private Aggregation of Distributed Time-Series Data - Techniques are described herein for privately aggregating distributed time-series data. A requestor provides a query sequence to users. Each user evaluates the query sequence on the user's time-series data to determine an answer sequence. Each user transforms its answer sequence to another domain, adds noise, and encrypts it for further processing by the requestor. The requestor combines these encrypted sequences in accordance with a homomorphic encryption technique to provide an encrypted summation sequence. The requestor provides the encrypted summation sequence to at least some of the users, who may in turn provide respective decryption shares to the requestor. The requestor combines the decryption shares in an effort to decrypt the encrypted summation sequence. Decrypting the encrypted summation sequence provides a summation of the encrypted sequences from the users, which may be transformed back to the original domain to estimate a summation of the answer sequences of the users.11-17-2011
20100115261EXTENSIBLE SEAL MANAGEMENT FOR ENCRYPTED DATA - Embodiments of the present invention address deficiencies of the art in respect to seal list management in decrypting encrypted data and provide a method, system and computer program product for extensible seal management for encrypted data. In an embodiment of the invention, a method for extensible seal management for encrypted data can include identifying multiple different seal hints of different seal hint formats for different seals in a seal list associated with encrypted data and selecting from amongst the multiple different seal hints, seal hints of a recognizable seal hint format. The method also can include filtering the seals in the seal list according to the selected seal hints and attempting decryption of the filtered seals with a decryption key specified by the selected seal hints to decrypt one of the filtered seals in order to reveal a bulk key. Finally, the method can include decrypting the encrypted data with the bulk key.05-06-2010
20110302404System for secure variable data rate transmission - Secure Variable Data Rate Transceivers and methods for implementing Secure Variable Data Rate are presented. An efficient and systematic method and circuit for implementing secure variable data rate transceivers are presented. The SVDR method is based on block ciphers. An index method is presented for minimizing transmission overhead. This allows SVDR to achieve higher security by using the full ciphermode stream.12-08-2011
20110302407SYSTEM AND METHOD FOR SENDING ENCRYPTED MESSAGES TO A DISTRIBUTION LIST - A system and method for sending encrypted messages to a distribution list that facilitates the sending of such messages only to individuals or other entities associated with the distribution list that will be able to read the message. In one embodiment, the method comprises the steps of: identifying a distribution list address in a message; determining one or more member addresses associated with the distribution list address; for each member address, determining if a public key for a member identified by the respective member address is available on the computing device; encrypting the message to each member identified by the one or more member addresses for which a public key for the respective member is available on the computing device; sending the encrypted message to the distribution list address if each of the one or more member addresses associated with the distribution list identifies a member for which a public key is available on the computing device; and sending the message to each of the one or more member addresses that identifies a member for which a public key is available on the computing device otherwise.12-08-2011
20110302405MOBILE WORKFORCE APPLICATIONS WHICH ARE HIGHLY SECURE AND TRUSTED FOR THE US GOVERNMENT AND OTHER INDUSTRIES - A convenient, easy to use ubiquitous secure communications capability can automatically encrypt and decrypt messages without requiring any special intermediating security component such as gateways, proxy servers or the like. Trusted/secure applications for the mobile workforce can significantly improve productivity and effectiveness while enhancing personal and organizational security and safety.12-08-2011
20110302406METHOD AND SYSTEM FOR RECOVERING A SECURITY CREDENTIAL - A system and method for recovering a security credential is provided. A security credential stored in the storage of a computing device is encrypted using a first encryption key generated by a server. A first decryption key for decrypting the security credential and a second encryption key for re-encrypting the security credential are received. The first decryption key and the second encryption key are generated by the server. The security credential is decrypted using the first decryption key. The security credential is communicated to a user of the computing device. The security credential is re-encrypted in the storage of the computing device using the second encryption key.12-08-2011
20110289310Cloud computing appliance - A cloud computing appliance is provided in exemplary embodiment. The cloud computing device includes a computer server. The computer server is configured to receive a user file having a user filename and a user data content. The computer server is further configured to record an index record for the user file including the user filename and a dynamically generated storage name. The computer server is further configured to encipher the user data content with a symmetric key, encipher the symmetric key with an asymmetric key, and transmit a cloud file having a filename of the dynamically generated storage name and a data content of the enciphered user data content and the enciphered symmetric key.11-24-2011
20110289309METHOD AND APPARATUS FOR PROVIDING CONTENT - Methods and systems for enabling content to be securely and conveniently distributed to authorized users are provided. More particularly, content is maintained in encrypted form on sending and receiving devices, and during transport. In addition, policies related to the use of, access to, and distribution of content can be enforced. Features are also provided for controlling the release of information related to users. The distribution and control of contents can be performed in association with a client application that presents content and that manages keys.11-24-2011
20110296166COMPUTER-BASED, AUTOMATED WORKFLOW SYSTEM FOR SENDING SECURE REPORTS - Computer-based systems and method for automating the workflow for generating and sending e-mails with attached reports to external recipients in order to reduce security breaches in certain business reporting processes. The system may utilize a first computer system that may import data eligible for attachment to be sent with the e-mail based on user-entered search criteria. The attachments may be strongly encrypted using an encryption program on the user's computer. In some embodiments, a password for decrypting the attachment may be unique to combination of third party (e.g., trading name) and the role of the external recipient with respect to the attachment.12-01-2011
20110296165INFORMATION PROCESSING APPARATUS, TRANSMISSION INFORMATION ENCRYPTION METHOD, AND TRANSMISSION INFORMATION ENCRYPTION PROGRAM - An information processing apparatus of the invention includes a virtual geometric structure (12-01-2011
20110296164SYSTEM AND METHOD FOR PROVIDING SECURE NETWORK SERVICES - A system and method for providing secure network services. A secure computer including a processor, a memory, and a secure operating system is discussed. The secure operating system includes an operational kernel and an administrative kernel. The operational kernel includes a Type Enforcement security mechanism for restricting execution of files stored in the memory by the processor. The execution restrictions placed on files in the memory of the secure computer can only be modified from within the administrative kernel.12-01-2011
20110264904Wireless Connection Method and Device - A wireless connection method is applicable to establishing a wireless connection device between an uplink device and a downlink device, and includes obtaining uplink wireless configuration information, and configuring a downlink with the obtained uplink wireless configuration information. A wireless connection is established with the uplink device based on the uplink wireless configuration information and, after successful connection establishment, a wireless connection is established with the downlink device based on the uplink wireless configuration information.10-27-2011
20100169637PALETTE FOR REAL-TIME DISPLAY OF PREVIOUSLY ACCESSED DOCUMENTS - Palette for real-time display of previously accessed documents. At some of the illustrative embodiments are methods comprising rendering on a display a palette proximate to a window of a Web-Browser, the rendering by executing a software application by a processor, enabling a first mode of the palette, obtaining information pertaining to each of a series of Webpages previously accessed by the Web-Browser; and displaying within the palette at least some of the information pertaining to the Webpages and a reduced resolution image of one of the Webpages previously accessed.07-01-2010
20120131327METHOD OF AND APPARATUS FOR DISTRIBUTING SOFTWARE OBJECTS - A method of distributing software objects from a first entity to at least one second entity, the method comprising: using a distribution entity to accept a software object from the first entity, the software object including an identifier for a specific second entity, and wherein the at least one second entity is operable to contact the distribution entity and to enquire if a software object has been deposited for it, and if a software object has been deposited, to accept it from the distribution entity.05-24-2012
20100115262Wireless Network System and Wireless Communicaton Method - A wireless network system includes a user device, a client and an access point. In the wireless network system, a wireless network mode of the client is started in an AdHoc mode in response to specific operation, a wireless network mode of the user device is switched to an AdHoc mode when it is detected that the wireless network mode of the client is started in the AdHoc mode. Then, infrastructure network information including a network name and an encryption key for setting the wireless network communication in the infrastructure mode is transmitted from the user device to the client, and the wireless network mode of the client is switched to the infrastructure mode on the basis of the infrastructure network information.05-06-2010
20100115260UNIVERSAL SECURE TOKEN FOR OBFUSCATION AND TAMPER RESISTANCE - Program obfuscation is accomplished with tamper proof token including an embedded oracle. A public obfuscation function can be applied to any program/circuit to produce a new obfuscated program/circuit that makes calls to the corresponding oracle to facilitate program execution. A universal circuit representation can be employ with respect to obfuscation to hide circuit wiring and allow the whole circuit to be public. Furthermore, the token or embedded oracle can be universal and stateless to enable a single token to be employed with respect to many programs.05-06-2010
20090313463DATA MATCHING USING DATA CLUSTERS - An aspect of the present invention provides a method for matching data records held by a plurality of data custodians that relate to a particular entity. One such method comprises the steps of receiving a plurality of clusters of data records from each of the plurality of data custodians (12-17-2009
20110271093SECURE DATA EXCHANGE TECHNIQUE - Techniques utilizing common encryption approaches for data from multiple parties enable those parties to discover information that is held in common by the parties without disclosing to any party information that is not held in common by the parties. Encrypted information for each party can be compared to determine which encrypted values match, and those encrypted values can be returned to any of the parties such that a party can determine which corresponding data the parties have in common without having access to any other data of any other parties.11-03-2011
20090150663Method And System For Monitoring A Supply-Chain - A method of monitoring supply chain activity throughout a plurality of supply chain sites includes extracting, at each supply chain site, supply-related data to be monitored. The data is maintained in plural formats at the supply chain sites, and translated the data to a common format. The extracted data is then uploaded to and collected, from each supply chain site, to a data collection center or site. Upon a user request, a portion of the collected data is formatted, at the data collection site, into one of a plurality of views, responsive to criteria selected by the user, for presentation to the user, the portion of formatted data being dependent on access rights granted to the user's supply chain site. Finally, the formatted data view is published to the user's supply chain site. The data collection center comprises a data collector in which the uploaded data is stored, and a publisher for publishing data from the data collector upon request. Each supply chain site has a data storage device for maintaining its own supply-chain data, a data transfer engine (DTE), for transferring the supply-chain data to the data collection center, input means for allowing a user to query the data collector, and a display for displaying data published by the publisher in response to a query. The inbound data received from the multiple supply chain sites is monitored at the data collection site. If a problem condition is detected, such as a forecasted or present shortage or surplus, an alert is asserted, for example, by highlighting an Alert indicator, such as an Alert tab, on a user screen. Upon selection of the highlighted Alert indicator by a user, details of the detected problem condition are displayed.06-11-2009
20120110319FAILURE RECOGNITION - A system and method for failure recognition is disclosed. The technology initially establishes a security association (SA) between a client and a first server on a network. In addition, an active reference count of a number of connections in the SA between the client and the first server is maintained. The SA is evaluated when the active reference count returns less than two connections within the SA between the client and the first server.05-03-2012
20120110318SYSTEM AND METHOD FOR CONTROLLING STATE TOKENS - The system and method for controlling state tokens described herein may secure sensitive application state tokens, link one application state token to other state tokens that represent certain identities or communication sessions, and maintain application state tokens to integrate various different systems or applications. In particular, the system and method described herein may provide a mechanism to override scheme that applications use to manage state information and thereby enforce policies that provide fine-grained control over any semantics the applications otherwise use to manage state information. Furthermore, a first application state token may be linked to another state token representing a session or identity to validate whether the session or identity represented therein created the first application state token, and state tokens that represent active communication sessions may be copied from browser processes to various external clients to integrate or otherwise share state information across the various external clients.05-03-2012
20120110317CONTENT DOWNLOAD MANAGER - A system is configured to receive input to define one or more download policies from a group of available download policies, including one or more network restriction policies, one or more time restriction policies, one or more event restriction policies, and one or more location restriction policies. The system is further configured to receive an instruction to download particular content, determine that the one or more download policies permit the particular content to be downloaded, download the particular content when the one or more download policies permit the particular content to be downloaded, and generate a notification that the particular content is available to be accessed.05-03-2012
20100125728METHOD OF IMPLEMENTING ONE WAY HASH FUNCTIONS AND APPARATUS THEREFOR - A cryptographic system for encrypting a data stream to be transported over a network by using a one way hash function constructed according to Merkle-Damgard construction includes a plurality of Davies-Mayer structure modules. A Davies-Mayer module modifies two variables A and B according to at least four words by no more than three Advanced Encryption Standard (AES) block cipher rounds.05-20-2010
20110138169Methods and Systems for Using In-Stream Data Within an On Demand Content Delivery Path - An on demand content delivery platform for delivering on demand digital assets includes a network transport composed of network elements. A content delivery path extends from an application server, through the network transport, to a client. During content delivery, at a network element, data is inserted into the content delivery path to produce a content stream containing inserted in-stream data. In one implementation, the content is conditioned in accordance with instructions present in the in-stream data. In another implementation, the in-stream data represents session information and is utilized for stateless recovery of session information.06-09-2011
20090210692Method for encoding data in a network used in process automation systems - In a method for encrypting data in a network of process automation technology, the data are encrypted in a control unit, which is connected with the network, in a separate, exchangeable software module.08-20-2009
20090254743FLEXABLE AUDIO DATA TRANSMISSION METHOD FOR TRANSMITTING ENCRYPTED AUDIO DATA, AUDIO PROCESSING SYSTEM AND COMPUTER SYSTEM THEREOF - The present invention provides an audio data transmission method for transmitting encrypted audio data, an audio processing system and computer system thereof. The audio data transmission method includes providing an audio data, performing an encryption process upon the audio data according to an encryption standard and a format of the audio data, transmitting the encrypted audio data to an audio device according to a link standard, and utilizing the audio device to perform a decryption process upon the encrypted audio data.10-08-2009
20110173438METHOD AND SYSTEM FOR SECURE USE OF SERVICES BY UNTRUSTED STORAGE PROVIDERS - A method for encrypting data. The method comprises receiving, from a user, via a client terminal, digital content including at least one textual string for filling in at least one field in a document managed by a network node via a computer network, encrypting the at least one textual string, and sending the at least one encrypted textual string to the network node via the computer network so as to allow filling in the at least one field with the at least one encrypted textual string. The network node is configured for storing and retrieving the at least one textual encrypted string without decrypting.07-14-2011
20090210693METHOD OF DISTRIBUTING MULTIMEDIA CONTENT - The present invention relates to a system for distributing multimedia content to at least one client device over a network. Said system comprises: a slicer (SLI) for slicing the multimedia content into a set of slices; a coder (ALC) for coding a slice according to an asynchronous layer coding technique such that N coded symbols including K source symbols and N−K error symbols are generated; -a content server (SER) for storing and transmitting said coded slices upon request of the client device; a client device (CLD) comprising means for receiving said coded slices and a decoder (DEC) for decoding a coded slice as soon as K coded symbols of said slice have been received.08-20-2009
20100100722CONFIGURATION METHOD, SYSTEM AND DEVICE OF CRYPTOGRAPHICALLY GENERATED ADDRESS - A configuration method of a cryptographically generated address (CGA) is disclosed. The configuration method is used to enable a generated CGA to satisfy requirements of a network configuration, and includes the following steps. A Dynamic Host Configuration Protocol (DHCP) server receives a client configuration information sent from a client. The DHCP server generates a CGA according to the client configuration and the network configuration from the DHCP server. The DHCP server delivers the CGA to the client. The network configuration is made as a reference when the CGA is generated, which overcomes a disadvantage that the CGA generated by the client cannot satisfy the requirements of the network configuration in the prior art. Thus, the generation of CGA can be intervened at a network management level, and a management capability of the network is improved.04-22-2010
20110197057SYSTEM AND METHOD FOR STORING AND ACCESSING DIGITAL MEDIA CONTENT USING SMART CARD TECHNOLOGY - A system and method for delivering digital media content to a user over a network is disclosed. The illustrative embodiment of the present invention enables multiple types of electronic devices to access the same digital media content for the same end user through the use of a smart card equipped with a license for the digital media content. Depending on the format of the digital media content, devices such as phones, pagers, internet appliances or PDAs can be used to present the digital media content to a user, as can traditional consumer electronic devices such as DVD players and VCRs. The encrypted content may be freely transferred and stored without copyright concerns since the decryption key is generated by the smart card containing the license.08-11-2011
20110197056SECURE DISTRIBUTED STORAGE SYSTEM AND METHOD - Moving from server-attached storage to distributed storage brings new vulnerabilities in creating a secure data storage and access facility. The Data Division and Out-of-order keystream Generation technique provides a cryptographic method to protect data in the distributed storage environments. In the technique, the Treating the data as a binary bit stream, our self-encryption (SE) scheme generates a keystream by randomly extracting bits from the stream. The length of the keystream depends on the user's security requirements. The bit stream is encrypted and the ciphertext is stored on the mobile device, whereas the keystream is stored separately. This makes it computationally not feasible to recover the original data stream from the ciphertext alone.08-11-2011
20090089574SYSTEM, METHOD AND PROGRAM FOR PROTECTING COMMUNICATION - A system, method and program product for transferring data between a first computer and a second computer. A first request to start a session is received. An encrypted hash value in the first request is decrypted and a hash value for the information in the first request is independently determined. The independently determined hash value is compared to the decrypted hash value, and if there is match, a session with the first computer is started. Subsequently, a second request is received and the encrypted hash value in the second request is decrypted. A hash value for the information in the second request is independently determined. The independently determined hash value is compared to the decrypted hash value, and if there is match, the second computer processes a request to at least partially download or upload a file.04-02-2009
20120144185COUNTING DELEGATION USING HIDDEN VECTOR ENCRYPTION - Counting values can be encrypted as a set of counting value cyphertexts according to a hidden vector encryption scheme using sample values of a set of samples, where each of the samples can include multiple sample values. Additionally, tokens can be generated. The tokens can be configured according to the hidden vector encryption scheme, such that each of the tokens can enable decryption of matching cyphertexts. Processing of the counting value cyphertexts and the tokens can be delegated to a map-reduce computer cluster. The cluster can run a map-reduce program to produce and return count representations. Each count representation can represent a count of a set of the counting value cyphertext(s) whose decryption was enabled by one or more of the token(s). For example, the counts may be counts that can be used in constructing a data structure such as a decision tree.06-07-2012
20120144186METHOD FOR VERIFICATION OF DECRYPTION PROCESSES - The present invention describes a verification method which allows to ensure that the decryption process has been done honestly by the entity in charge of that.06-07-2012
20100287367SYSTEM AND METHOD FOR DATA TRANSMISSION - A method for transmission data in a system is provided. The system includes a first device, plurality of second devices, and plurality of third devices, the method includes steps of encrypting the data with a first key and encrypting the first key with a second key at the first device, sending the encrypted data from the first device to the second device, decrypting the second key and encrypting the first key with a third key by the second device, sending the encrypted data from the second device to the third device, and decrypting the third key and the first key by the third device.11-11-2010
20080282079System and method for ad-hoc processing of cryptographically-encoded data - The present disclosure provides a system and method for ad-hoc processing of cryptographically-encoded data. In one embodiment, a recipient receives a cryptographically-encoded email and proceeds to contact a processing server to decrypt said cryptographically-encoded email. The recipient may interact with the server either by copying-and-pasting the content of the cryptographically-encoded email to a web interface provided by the processing server or by forwarding it to the processing server using his existing email software. In the case of the forward, the processing server sends yet another email back to the recipient containing a URL to a web interface for continuing to interact with the processing server in order to decrypt the cryptographically-encoded email. Through its web interface, the processing server guides the recipient through the steps required to view a decrypted version of the cryptographically-encoded email.11-13-2008
20100299516CONTENTS PROTECTION PROVIDING METHOD AND PROTECTED CONTENTS CONSUMING METHOD AND APPARATUS THEREOF - The contents protection providing method includes: creating an encrypted stream with encrypted data; creating a key stream including key information for decrypting the encrypted data; creating reference information for connecting the key information to the encrypted data corresponding to the key information; and transmitting the encrypted stream, key stream, and reference information to a terminal.11-25-2010
20110271092METHODS & APPARATUSES FOR A PROJECTED PVR EXPERIENCE - Exemplary embodiments of methods and apparatuses to project personal video recorder (“PVR”) trick mode operations over a network are described. A first content stream may be at a first speed. A request to access the first content stream at a second speed can be received. A second content stream can be generated based on a second speed. The second content stream can be send over a network to be rendered at the first speed by a client device. One or more anchor frames in the first content stream are selected. The second content stream is generated based on the one or more anchor frames. One or more dummy frames can be inserted into the second content stream. Indexing information can be generated to create a second content stream to send over the network.11-03-2011
20110271094PEER-TO-PEER IDENTITY MANAGEMENT INTERFACES AND METHODS - Peer-to-peer (P2P) application programming interfaces (APIs) that allow an application to create, import, export, manage, enumerate, and delete P2P identities are presented. Further, the management of group identity information is provided. APIs abstract away from low level credential and cryptographic functions required to create and manage P2P identities. This management includes retrieval and setting of a friendly name, generation of a cryptographic public/private key pair, retrieval of security information in the form of an XML fragment, and creation of a new name based on an existing identity.11-03-2011
20090271611SYSTEM AND METHOD OF MANAGED CONTENT DISTRIBUTION - A system and method of managing content distribution is disclosed. The system and method comprise at least one first user interface for publishing content to one or more web servers, at least one application server for generating a set of instructions describing one or more parameters for downloading said content, and at least one second user interface for receiving said set of instructions from the application server and downloading said content, wherein the at least one second user interface uses said set of instructions to determine which of the one or more web servers the content should be downloaded from.10-29-2009
20120297182CIPHER AND ANNOTATION TECHNOLOGIES FOR DIGITAL CONTENT DEVICES - Systems, methods, and/or devices are provided that include a variety of cipher tools and techniques that may be utilized with digital content on digital devices. Systems, methods, and/or devices are provided that include a variety of annotation tools and techniques that may be utilized with digital content on digital devices.11-22-2012
20110173435Secure Node Admission in a Communication Network - A system and method for node admission in a communication network having a NC and a plurality of associated network nodes. According to various embodiments of the disclosed method and apparatus, key determination in a communication network includes an NN sending to the NC a request for a SALT; the NN receiving the SALT from the NC, combining the SALT with its network password to calculate a static key, and submitting an admission request to the network coordinator to request a dynamic key. The SALT can be a random number generated by the NC, and the admission request can be encrypted by the NN using the static key.07-14-2011
20110173437INTERFACE FOR PDA AND COMPUTING DEVICE - A method of reviewing an email attachment receives at an email server an email message including at least one attachment. A preview portion of the email message is transmitted to a mobile communication device. The preview portion does not include the at least one attachment, and the preview portion is viewable on a computing device in communication with the mobile communications device. An attachment download instruction based on the preview portion is received from the computing device via the mobile communication device. The at least one attachment is transmitted to the computing device based on the attachment download instruction. The attachment is not transmitted to the computing device until the attachment download instruction is received.07-14-2011
20110173436Method and apparatus for providing secure streaming data transmission facilities using unreliable protocols - The invention provides a method and apparatus for transmitting data securely using an unreliable communication protocol, such as User Datagram Protocol. In one variation, the invention retains compatibility with conventional Secure Sockets Layer (SSL) and SOCKS protocols, such that secure UDP datagrams can be transmitted between a proxy server and a client computer in a manner analogous to conventional SOCKS processing. In contrast to conventional SSL processing, which relies on a guaranteed delivery service such as TCP and encrypts successive data records with reference to a previously-transmitted data record, encryption is performed using a nonce that is embedded in each transmitted data record. This nonce acts both as an initialization vector for encryption/decryption of the record, and as a unique identifier to authenticate the record. Because decryption of any particular record does not rely on receipt of a previously received data record, the scheme will operate over an unreliable communication protocol. The system and method allows secure packet transmission to be provided with a minimum amount of overhead. Further, the invention provides a network arrangement that employs a cache having copies distributed among a plurality of different locations. SSL/TLS session information for a session with each of the proxy servers is stored in the cache so that it is accessible to at least one other proxy server. Using this arrangement, when a client computer switches from a connection with a first proxy server to a connection with a second proxy server, the second proxy server can retrieve SSL/TLS session information from the cache corresponding to the SSL/TLS communication session between the client device and the first proxy server. The second proxy server can then use the retrieved SSL/TLS session information to accept a session with the client device.07-14-2011
20110173434SYSTEM AND METHOD FOR REDUCING MESSAGE SIGNALING - A system for communicating a message using a second signaling protocol is disclosed. The second signaling protocol provides a session control channel between a user agent (UA) and a network node and may include, for example the I1 protocol. The system identifies a first string to be transmitted within a first message. The first message is encoded in accordance with a first signaling protocol. The system associates the first string with a first key, and stores the first string and the first key in a database. The database associates the first string and the first key. The system encodes the first key within a second message, and transmits the second message using the second signaling protocol. The first string may include a plurality of data values. The system sorts the plurality of data values into an ordering, and associates each of the plurality of data values with a key.07-14-2011
20100138647ENCRYPTION SCHEME FOR STREAMED MULTIMEDIA CONTENT PROTECTED BY RIGHTS MANAGEMENT SYSTEM - A stream of content has multiple sub-streams, where each sub-stream comprises a part of the content and is divisible into logical blocks bounded by intrinsic partitions. For each sub-stream, a specification of the logical blocks bounded by the intrinsic partitions is defined and the sub-stream is divided into the logical blocks bounded by the intrinsic partitions. Each divided logical block is encrypted and then divided into one or more portions to produce corresponding pieces of data, and each piece of data is placed into a data packet as a payload thereof. Each data packet is transmitted to a recipient thereof, and the recipient can retrieve the pieces of data from the payloads of the packets, reconstruct the encrypted logical blocks, and manipulate the sub-stream on a per-logical block basis without necessarily decrypting each encrypted logical block.06-03-2010
20100138645METHOD FOR MOVING RIGHTS OBJECTS INTO OTHER DEVICE IN DIGITAL RIGHTS MANAGEMENT - A method, device and system for moving a rights object. The method includes receiving a first move request message including a reqID element indicating a first device ID and a nonce element indicating a random value generated by the first device; receiving a second move request message including a reqID element indicating a first device ID and a nonce element indicating a random value generated by the first device; comparing the reqID element and nonce element of the first move request message with the reqID element and nonce element of the second move request message; and determining whether or not a rights object is moved from the first device to a second device based upon the comparison.06-03-2010
20090265540HOME NETWORK CONTROLLING APPARATUS AND METHOD TO OBTAIN ENCRYPTED CONTROL INFORMATION - A network control apparatus and method is provided. The method includes operations of informing a server of capability information including an encryption/decryption method, wherein the server provides the network control apparatus with control information used to control a network device using a general-purpose control web application, transmitting to the server a control information requesting message that requests the control information, receiving from the server the control information which has been encrypted using the encryption/decryption method, decrypting the encrypted control information according to the encryption/decryption method, and transmitting a control command for controlling the network device according to the decrypted control information.10-22-2009
20080282080Method and apparatus for adapting a communication network according to information provided by a trusted client - Hosts connecting to the network implement an adaptive networks client that monitors other applications on the host and provides information to an adaptive networks server to provide information about traffic being generated by the host. The client may also capture information about the user, host, access type, and other information of interest. The information provided by the adaptive network client may allow the network to adapt to the user, the device, the application, and the protocol being used. Users and applications can be authenticated and trusted. From a network standpoint, having a trusted client associated with the host allows the same benefits as deep packet inspection, regardless of whether the traffic is encrypted, and without requiring the network elements to actually perform deep packet inspection. The administrator may also centrally apply policy to control which applications are allowed to run on the hosts.11-13-2008
20080282078GATEWAY DEVICE, CONTROLLING METHOD OF THE SAME, AND PROGRAM RECORD MEDIUM STORING CONTROLLING METHOD - A method of controlling a gateway device includes the steps of converting a plain text mail received from a client device to an encrypted mail; transmitting the encrypted mail to a mail transmission server; and notifying a transmission error to the client device when the transmission error occurs between the gateway device and the mail transmission server is provided.11-13-2008
20080288771SYSTEM AND METHOD FOR DEFINING PROGRAMMABLE PROCESSING STEPS APPLIED WHEN PROTECTING THE DATA - Systems and methods for protecting data being sent between a client and a server include the capability of defining programmable processing steps that are applied by the server when protecting the data and the same steps are applied by the client when unprotecting the data. The programmable processing steps can be defined uniquely for each client, and the programmable processing steps are selected from a number of functions using sequencing data that defines the processing steps. The programmable processing steps allow for each client to process encrypted data in a different manner and the programmable processing steps are defined by what is called a digital rights management (DRM) Sequencing Key, and as such the system and method introduces a key-able DRM whereby each DRM message can be processed in a unique (or pseudo unique) manner.11-20-2008
20080288770SYSTEM AND METHOD FOR A COMMERCIAL MULTIMEDIA RENTAL AND DISTRIBUTION SYSTEM - A system and method for securing intellectual property rights in distributed intellectual property. Rights are granted and policed in electronically distributed intellectual property. Use limitations are established by agreement by the content provider and the client. The use limitations are reflected in time-based, usage-based and player based component codes that are used to determine if the client is entitled to use the intellectual property. Intellectual property is protected from unauthorized use by encrypting the intellectual property with a key created from some or all of the component codes. As the component codes are known to both the client and the content provider, no key exchange is required.11-20-2008
20080301431TEXT SECURITY METHOD - Disclosed herein is a text security method. The text security method encrypts both a font and a text constituting a text document in the same manner so that the encrypted text can be correctly viewed only when the encrypted font is provided. The text is encrypted by changing, in a regular manner, positions of intrinsic character images or intrinsic codes of the text within different code areas, and the font is encrypted by changing, in the same regular manner, positions of intrinsic character images or intrinsic codes of glyphs of the font corresponding to the text within different font areas.12-04-2008
20100191955SYSTEM AND METHOD FOR DISTRIBUTING DIGITAL CONTENT - A method for distributing digital content is disclosed. The method includes receiving, at an operator of a wireless communications network, a request for digital content from a first mobile device. The method further includes determining, at the operator, that a second mobile device has the digital content. The method further includes receiving the digital content from the second mobile device at the operator of the wireless communications network and sending a message including a pointer related to the digital content to the first mobile device07-29-2010
20100287366DISTRIBUTED INFORMATION GENERATION APPARATUS, RECONSTRUCTION APPARATUS, RECONSTRUCTION RESULT VERIFICATION APPARATUS, AND SECRET INFORMATION DISTRIBUTION SYSTEM, METHOD, AND PROGRAM - A shared information creating device capable of detecting false alteration of shared information with high probability even if a traitor has shares the number of which is above a threshold and creating shared information whose data size is smaller than that of secret information. A recovering device, a recovery result verifying device, and a secret information sharing system, program, and method are also provided. The shared information creating device generates a polynomial F in which secret information s is embedded, outputs a shared secret information, generates a polynomial G in which the output of when a fixed value t is substituted in the polynomial F is embedded as secret information, and creates shared secret information. A recovering device receives k sets of shared secret information to generate a polynomial F′, and receives k sets of shared shared secret information to generate a polynomial G′. When the value embedded as secret information in the polynomial G′ is equal to the output of when the fixed value t is substituted in the polynomial F′, the embedded value is outputted. When they are not equal, information indicating falsification detection is outputted.11-11-2010
20120185691GENERAL PURPOSE DISTRIBUTED ENCRYPTED FILE SYSTEM - A general purpose distributed encrypted file system generates a block key on a client machine. The client machine encrypts a file using the block key. Then, the client encrypts the block key on the first client machine with a public key of a keystore associated with a user and associates the encrypted block key with the encrypted data block as crypto metadata. The client machine caches the encrypted data block and the crypto metadata and sends the encrypted data block and the crypto metadata to a network file system server. When the client machine receives a return code from the network file system server indicating successful writes of the encrypted data block and the crypto metadata, the client machine clears the cached encrypted data block and the crypto metadata.07-19-2012
20080270785Security approach for transport equipment - An apparatus comprising encryption logic that provides security for fiber-based communications may be implemented in accordance with an embodiment of the present invention. A data super frame is created by the encryption logic to comprise two or more data frames. Each of the data frames contains a payload portion. The encryption logic may receive one or more data payloads that are associated with a client signal. Using a single set of security control parameters, the encryption logic encrypts and stores a different encrypted payload in a payload portion of a different frame of the data frames in the data super frame. Instead of storing the set of security control parameters in a single data frame, the encryption logic stores the set of security control parameters in different sets of unused bytes associated with at least two different frames of the data frames.10-30-2008
20110125999PROXY ACCESS TO A DISPERSED STORAGE NETWORK - A method begins with a processing module selecting one of a plurality of dispersed storage (DS) processing modules for facilitating access to a dispersed storage network (DSN) memory. The method continues with the processing module sending a DSN memory access request to the one of the plurality of DS processing modules. The method continues with the processing module selecting another one of the plurality of DS processing modules when no response is received within a given time frame or when the response to the access request does not include an access indication. The method continues with the processing module sending the DSN memory access request to the another one of the plurality of DS processing modules.05-26-2011
20100146258DATA TRANSMISSION SYSTEMS - A data tracking system comprises a hub (06-10-2010
20110125998NETWORK PHOTOGRAPHING APPARATUS HAVING A PARTIAL ENCRYPTION FUNCTION - Disclosed is a network photographing apparatus including a partial encryption function capable of encrypting only a portion of objects included in images. A network photographing apparatus including a partial encryption function, includes an object information extracting unit that receives digital image data from a photographing unit, analyzes a plurality of objects included in the digital image data, and generates object information data; an image compressing unit that processes the digital image data with compression data; and an encryption unit that searches encryption target object information data among the object information data received from the object information extracting unit and generates and sends out the encrypted compression data by encrypting only a part of the compression data, the part corresponding to the encryption target object information data.05-26-2011
20110271095Embedded Communication of Link Information - A method of processing documents is described. The method includes the operation of receiving a document in a search engine crawler. The document includes an embedded first link tag. The first link tag includes one or more information pairs. A respective information pair includes a respective parameter and a corresponding value. The parameters in the one or more information pairs may correspond to content at one or more content locations or one or more document locations. The method also includes selecting a method of processing content associated with the first link tag in accordance with one or more of the information pairs.11-03-2011
20110208958COMMUNICATING USING A CLOUD INFRASTRUCTURE - A cloud infrastructure that communicates with computing devices is provided. The computing devices install filters on other computing devices that they wish to receive items from including pictures, messages, and documents. The filters include criteria that are evaluated on the computing devices, rather than at a server, to determine if an item may be sent to another computing device. The computing devices may then send items that match the criteria to the cloud infrastructure, and the items may be stored and queued for delivery to other computing devices. The items may be encrypted before being provided to the cloud infrastructure, and decrypted when received by the computing devices.08-25-2011
20090138698METHOD OF SEARCHING ENCRYPTED DATA USING INNER PRODUCT OPERATION AND TERMINAL AND SERVER THEREFOR - The present invention relates to a method of searching data for a plurality of keywords when a user encrypts the data and stores the encrypted data in an unsecured server. The user transmits the inner product value of a search keyword set to a sever, and the server compares the received inner product value to an inner product value of a stored index set. When a document for which the two inner product values are matched with each other, the server returns the document.05-28-2009
20090138697USER AGENT PROVIDING SECURE VoIP COMMUNICATION AND SECURE COMMUNICATION METHOD USING THE SAME - Disclosed are a user agent providing secure VoIP communication and a secure communication method using the same. A user agent of the invention has an additional module for providing a secure function as well as a module for providing general communication, thereby supporting the secure communication. In addition, as a secure communication method using the user agent, a signaling security mechanism negotiation method and a media encryption algorithm negotiation method are provided. Hence, it is possible to provide internet telephone users with a secure VoIP communication service.05-28-2009
20090138699SOFTWARE MODULE MANAGEMENT DEVICE AND PROGRAM - A cryptographic client device acquires a cryptographic key from a storage device son the basis of the accepted demand information, acquires a cryptographic evaluation description file from the storage device, acquires a cryptographic module corresponding to this cryptographic evaluation description file, executes a cryptographic process on the subject data to be performed the cryptographic process, and issues the encrypted subject data.05-28-2009
20130219165SYSTEM AND METHOD FOR PROCESSING FEEDBACK ENTRIES RECEIVED FROM SOFTWARE - A method and system for processing feedback entries received from software provided by a vendor to an end user machine. The end user machine includes the software, a feedback module, and a database. The feedback module: generates an encryption E08-22-2013
20090063848METHOD AND SYSTEM FOR SENDING/RECEIVING DATA, CENTRAL APPARATUS, AND COMPUTER READABLE STORAGE MEDIUM THEREOF - A product data category for sale among product data to be stored in a memory unit of a wireless tag is sent from a first client to a web server. The web server sends the product data category to a second client. The second client sends purchase data for the product data category to the web server. The web server sends an encryption key to the first client. The first client encrypts the product data with the encryption key and writes the encrypted product data in the memory unit of the wireless tag via a reader/writer. The web server sends a decryption key to the second client. On receiving the decryption key, the second client reads the encrypted product data in the wireless tag via a reader/writer to decrypt the encrypted product data with the decryption key.03-05-2009
20110225417DIGITAL RIGHTS MANAGEMENT IN A MOBILE ENVIRONMENT - Embodiments provide a method that causes a plurality of virtual machine instructions to be interpreted for indications of a mobile device's hardware identification information, thus forming a plurality of hardware instruction interpretations. The embodiment also combines each of the plurality of hardware instruction interpretations and hashes the combination to form a quasi-hardware device identifier. An encryption process is based on the quasi-hardware encryption device identifier and the media is then encrypted using the encryption process. The encrypted media is transferred to the mobile device wherein the mobile device decrypts the media based at least in part on the mobile device's internal knowledge of the quasi-hardware device identification.09-15-2011
20090198993METHOD FOR JOINING USER DOMAIN AND METHOD FOR EXCHANGING INFORMATION IN USER DOMAIN - A method for joining a user domain based on digital right management (DRM), a method for exchanging information between a user device and a domain enforcement agent, and a method for exchanging information between user devices belonging to the same user domain include sharing a domain session key between the user device and the domain enforcement agent or between the user devices belonging to the same user domain. Information is exchanged through a secure session set up between the user device and domain enforcement agent or between the user devices, and information exchange occurs through encryption/decryption using the domain session key.08-06-2009
20110145560ADAPTIVE SECURITY POLICY BASED SCALABLE VIDEO SERVICE APPARATUS AND METHOD - An adaptive security policy based scalable video service apparatus includes a video streaming server, an adaptive security policy server and a terminal. The video streaming server receives a service demand via a network and generates an encrypted streaming data. The adaptive security policy server analyzes a media structure and the service demand, by using a service profile received from the video streaming server, so as to generate a security policy description. The terminal generates and transmits the service demand to the video streaming server or the adaptive security server, obtains the encrypted streaming data from the video streaming server and decrypts the encrypted streaming data for playback, storing and retransmission.06-16-2011
20090063846SYSTEMS AND METHODS FOR PREVENTION OF PEER-TO-PEER FILE SHARING - A secure digital content delivery system includes a content provider and a content user. The content provider delivers encrypted content to the content user in response to delivery requests. The content provider generates encryption algorithms on the fly and encrypts the content prior to delivery, using a different encryption algorithm and key for each content delivery. The content user subsequently requests access permission from the content provider, to access the encrypted content. The content provider grants access by generating an executable decryption module on the fly and providing the executable decryption module to the content user. The content user decrypts the content and accesses it on the fly, using the executable decryption module. The accessed content is then re-encrypted using a different encryption algorithm and key, to preserve the integrity of the secure content delivery system. The content delivery system uses a programmably configurable protocol parsing engine to encrypt and decrypt content.03-05-2009
20120079266COMMUNICATION SYSTEM, COMMUNICATION DEVICE, AND COMMUNICATION METHOD - A first communication device includes a security policy storing unit that store a security policy and a default policy applied to communication to which the security policy is not applied, a communication unit that performs communication, and a communication control unit that performs an encryption process and a decryption process according to the default policy when the communication does not correspond to the target of the policy. A second communication device includes an input and output receiving processing unit that receives an input of an encryption key of the default policy of the first communication device, a communication control unit that generates a policy including an encryption method of the default policy and the input encryption key and performs an encryption process and a decryption process in communication with the first communication device according to the policy, and a communication unit that performs communication of a communication packet.03-29-2012
20110231646SYSTEM AND METHOD FOR PROCESSING ENCODED MESSAGES FOR EXCHANGE WITH A MOBILE DATA COMMUNICATION DEVICE - A system and method are provided for pre-processing encrypted and/or signed messages at a host system before the message is transmitted to a wireless mobile communication device. The message is received at the host system from a message sender. There is a determination as to whether any of the message receivers has a corresponding wireless mobile communication device. For each message receiver that has a corresponding wireless mobile communication device, the message is processed so as to modify the message with respect to one or more encryption and/or authentication aspects. The processed message is transmitted to a wireless mobile communication device that corresponds to the first message receiver. The system and method may include post-processing messages sent from a wireless mobile communications device to a host system. Authentication and/or encryption message processing is performed upon the message. The processed message may then be sent through the host system to one or more receivers.09-22-2011
20110231648SYSTEM AND METHOD FOR SELECTIVE ENCRYPTION OF INPUT DATA DURING A RETAIL TRANSACTION - A retail environment having retail terminals with data entry point devices selectively encrypts input received by the data entry point devices and passes the encrypted data to a security module. The selective encryption is based on whether or not sensitive or confidential information, such as a personal identification number (PIN) associated with a debit card, is being input. To prevent hacking of the software of the retail terminal, content destined for display on the retail terminal is authenticated prior to display. In this manner, the retail terminal may be assured that confidential information is input only when desired, and thus may be encrypted only as needed.09-22-2011
20110231647ACCESSING DATA IN A CONTENT-ADDRESSABLE DATA PROCESSING SYSTEM - A computer-implemented method operable in a computer system comprising a plurality of computers including at least a first computer and at least two second computers, the method includes: obtaining a first identifier from the first computer at the at least two second computers, said first identifier having been determined, at least in part, by applying a first function to the content of the data item, wherein the first function comprises a hash function; and at least one of the at least two second computers using the first identifier to ascertain a storage location for the data item on the computer system. At least one of the at least two second computers may use the first identifier to access the data item on the computer system. The method may include verifying that the content of the data item has not changed since creation of the first identifier.09-22-2011
20110231645SYSTEM AND METHOD TO VALIDATE AND AUTHENTICATE DIGITAL DATA - A system and method combining registration with a trusted third party, certificate generation, hashing, encryption, customizable file identification fields, and time-stamping technology with recognized “best practice” procedures to achieve the legal admissibility and evidential weight of any form of digital file or collection of digital files. Generally, the originator of the file (the first party) and the originator's employing organization are registered with a Trusted Third Party. The originator reduces the file, by means of a hashing algorithm, to a fixed bit length binary pattern. This provides a unique digital fingerprint of the file. The resultant hash value, the originator's identity details, the employing organization details associated and securely linked to the digital certificate, the title of the file, customizable file identification fields, and other relevant data are forwarded to a Trusted Third Party where the date and time from a known and trusted time source are added. The customizable file identification fields can provide the originator with a mechanism for configuring the seal to incorporate as much additional information as deemed necessary to prove the authenticity of the digital content and/or provide data for the purposes of adding value in functions such as source identification, sorting, analysis, investigation, and compliance. Such information could include, but would not be limited to, location/GPS coordinates, machine id, biometric information, smart-card data, reason for sealing. The original file does not leave the control of the originating party. When combined, the forwarded details and date and time create a Seal Record. The Seal Record is encrypted and hashed. The Seal Record along with all other relevant information are retained on a central secure server. The recipient of the file (the second party) can confirm the file has been received in an unaltered state with integrity retained and it is the authentic version by validating the file.09-22-2011
20090222655REMOTE ACCESS TO A MASS MEMORY AND A SECURITY MEMORY IN A PORTABLE COMMUNICATING OBJECT - The invention relates to a system for remotely accessing a mass storage unit and a security storage unit in a portable communicating object. According to the invention, a terminal, such as a mobile device, which is associated with a portable communicating object, such as a multimedia smart card, includes an agent for facilitating access from a server to a mass storage unit capable of storing multimedia data and a security storage unit in the portable communicating object via a communication network. The agent establishes a single communication channel between the remote server and the terminal and processes data transmitted from one of the two elements including the server and one of the storage units of the portable communicating object to the agent so that the agent can transmit the data to the other of the two elements.09-03-2009
20090198994UPDATED SECURITY SYSTEM - A method is provided for improving computer security. A computer executes instructions for protecting a processing component on itself. Software generates a second processing module attacher responsive to an execution of the processing component. The computer stores data indicative of at least one second processing module thereby to define a processing module library. The attacher is adapted to retrieve a second processing module from the processing module library and to attach the retrieved second processing module to the processing component. This enables a security restriction on data processed by the processing component.08-06-2009
20120198227CIPHER KEY GENERATION IN COMMUNICATION SYSTEM - Techniques are disclosed for generating a cipher key such that an encryption algorithm typically usable in accordance with a first security context can be used in accordance with a second security context. In one example, the first security context is a UMTS security context and the second security context is a GSM security context.08-02-2012
20120036350INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND PROGRAM - An information processing apparatus includes a data processing unit which generates content to be distributed to a client; and a communication unit which sends the content generated by the data processing unit, wherein the data processing unit combines a plurality of watermarking record blocks, each of which is obtained by embedding watermarking data into a block as section data of the content, generates content in which different watermarking data sequences are set in units of distribution processing with respect to the clients, and sends the generated content to the clients through the communication unit.02-09-2012
20100275006RECEIVER AND RECEIVING METHOD - By deciding procedures for downloading content data and downloading key information, a safe service is provided for a content distributor and a method which can start playback before completion of the downloading of the content data is provided, thereby providing a technique easy for a user. A receiver has: an interface unit being adapted to download encoded content data and key information for decoding the content data from a communication line; a storage unit being adapted to store the downloaded content data and key information from the interface unit; and a control unit which decodes the content data outputted from the storage unit using the key information. The control unit downloads the key information after the content data is downloaded entirely.10-28-2010
20090249059PACKET ENCRYPTION METHOD, PACKET DECRYPTION METHOD AND DECRYPTION DEVICE - A packet encryption method for encrypting an IP packet communicated based on an internet protocol is provided. The packet encryption saves fragment information included in an IP header in an area other than the IP header, clears the fragment information included in the IP header, encrypts the IP packet in which the fragment information included in the IP header is cleared, and outputs the encrypted IP packet.10-01-2009
20090265539Content Distribution system, Terminal, and Server - A terminal writes first encrypted data in which a communication key and an owner ID are encrypted by using a public key into a second recording medium, and this medium is mounted to a communication apparatus so that the first encrypted data are transmitted to a server. The server sends second encrypted data which it acquires by encrypting a content decryption key by using the communication key which the server acquires by decrypting the received first encrypted data by using a secret key to the communication apparatus, and causes the communication apparatus to record them into the second recording medium. The terminal decrypts a content stored in a first recording medium by using the content decryption key which it acquires by decrypting the second encrypted data read from the second recording medium by using the communication key.10-22-2009
20090259838Hardware-Bonded Credential Manager Method and System - An internet data exchange authentication method that can provide much of the user authentication assurance and capability of dedicated computer security cryptographic hardware, without requiring that the user actually have such hardware. This method allows users with computerized devices to communicate securely with secure servers by creating customized challenge-response authentication objects (pockets) where both the challenge and the response is based partially on the hardware identity of the user's computerized device, and partially on a secret (such as a random number) known only by the secure server. The secure server receives the device's hardware identity, generates the secret, creates the pocket, encrypts the pocket, and sends the encrypted pocket back to the user's device. The secure server, or a third trusted credential server, then sends the decryption key for the encrypted pocket back to the user using a different, “out of band” communications modality, thus reducing the chances of interception.10-15-2009
20120246461SYSTEM AND METHOD FOR SECURING WIRELESS DATA - Systems and methods for operation upon a data processing device for handling secure data stored on the device. The device is configurable to communicate over a data channel with an external security information source. User identification information is received from the external security information source which identifies a user of the device. The device, based upon the received user identification information, determines whether the secure data stored on the device is to be accessed by a user of the device.09-27-2012
20120246460Encryption device and method for controlling download and access operations performed to a mobile terminal - An encryption device and method for controlling download and access operations performed to a mobile terminal are disclosed. A switch circuit (09-27-2012
20130219164CLOUD-BASED HARDWARE SECURITY MODULES - A cloud-based hardware security device (HSM) providing core security functions of a physically controlled HSM, such as a USB HSM, while allowing user access within the cloud and from a user device, including user devices without input ports capable of direct connection to the HSM. The HSMs can be connected to multi-HSM appliances on the organization or user side of the cloud network, or on the cloud provider side of the cloud network. HSMs can facilitate multiple users, and multi-HSM appliances can facilitate multiple organizations.08-22-2013
20100161957METHODS OF STORING AND RETRIEVING DATA IN/FROM EXTERNAL SERVER - Provided are methods of storing and searching for data in encrypted form. The method of storing data in encrypted form includes: encrypting desired data from among data stored in a database; dividing an entire region of the stored data into a plurality of bucket regions and allocating an index to each of the bucket regions; identifying order information in a bucket region to which the encrypted data belongs; and storing the encrypted data, index information of the bucket region to which the encrypted data belongs, and the identified order information in an external server. When a database containing important data of at least one user is stored in an external server using the above storing method, the security and efficiency of the database can be increased.06-24-2010
20100161956Method and Apparatus for Protected Code Execution on Clients - In one embodiment of the invention, a server may send encrypted material to a client. The client processor may decrypt and process the material, encrypt the results, and send the results back to the server. This sequence of events may occur while the execution or processing of the material is restricted to the client processor. Any material outside the client processor, such as material located in system memory, will be encrypted.06-24-2010
20100174898Communication between Call Controllers by Amending Call Processing Messages - Call Control entities in a network communicate between themselves by amending call processing messages to include encrypted network information. As such, a call may be established whose path through the network is dependent on the paths of other calls. Information of a scope larger than a Call Controller normally possesses can, as a result of this communication, be made available to Call Controllers for constraining call establishment. This information could relate to other calls and connections associated with those other calls. The information may also relate to gateways in and to adjacent networks and the Call Controllers in the adjacent networks that are related to the current Call Controller.07-08-2010
20120303948ADDRESS TRANSLATION UNIT, DEVICE AND METHOD FOR REMOTE DIRECT MEMORY ACCESS OF A MEMORY - An address translation unit for Remote Direct Memory Access (RDMA) of a memory of a processor is provided. The address translation unit comprises an address translator and a signer. The address translator is configured to translate a received virtual address in a real address of the memory. The signer is configured to cryptographically sign the real address.11-29-2012
20100262821SECURE IDENTIFICATION SYSTEM - Methods and apparatus are described which provide secure interactive communication of text and image information between a central server computer and one or more client computers located at remote sites for the purpose of storing and retrieving files describing and identifying unique products, services, or individuals. Textual information and image data from one or more of the remote sites are stored separately at the location of the central server computer, with the image data being in compressed form, and with the textual information being included in a relational database with identifiers associated with any related image data. Means are provided at the central computer for management of all textural information and image data received to ensure that all information may be independently retrieved. Requests are entered from remote terminals specifying particular subject matter, and the system is capable of responding to multiple simultaneous requests. Textural information is recalled and downloaded for review, along with any subsequently requested image data, to be displayed at a remote site. Various modes of data and image formatting are also disclosed, including encryption techniques to fortify data integrity. The server computers may be interfaced with other computers to effect financial transactions, and images representing the subjects of transactions may be uploaded to the server computer to create temporary or permanent records of financial or legal transactions. A further feature of the system is the ability to associate an identification image with a plurality of accounts, transactions, or records.10-14-2010
20090019279USER APPARATUS AND PROGRAM - A user apparatus cannot acquire as many distribution keys K01-15-2009
20100223455Encrypted-traffic discrimination device and encrypted-traffic discrimination system - An encrypted-traffic discrimination device includes an input interface, a flow discrimination section, a data accumulation section, a selective data calculation section, a calculation result determination section, and an output interface. The flow discrimination section discriminates the input traffic into separate flows based on at least a transmission origin address and a transmission destination address. The data accumulation section accumulates characteristic amount data of the traffic for each of the separate flows. The selective data calculation section executes an evaluation computation utilizing specific data from the characteristic amount data. The calculation result determination section that, based on a calculated evaluation computation value, executes threshold value determination to determine whether or not the traffic is encrypted, and, if the traffic is determined to be encrypted, which encryption format the traffic is encrypted with.09-02-2010
20100228963METHODS OF PLACING ADVERTISMENTS, INTERSTITIALS AND TOOLBARS IN A WEB BROWSER - The present invention provides methods and systems that can render INE content to a web browser. Various methods and approaches are disclosed that when implemented would enable an INE to place some of INE's contents in a web browser of a user. The INE content can be in the form of a tool bar or interstitial content. The invention can provide one or more of the following advantages: a) provide an opportunity for INE to conduct e-commerce, b) enable an INE to develop alternate revenue generation model, and c) enable an INE or it's related entities to participate in e-commerce and advertising.09-09-2010
20100217969SYSTEM FOR, AND METHOD OF, PROVIDING THE TRANSMISSION, RECEIPT AND CONTENT OF AN E-MAIL MESSAGE TO A RECIPIENT - A server transmits a message and attachments from a sender to a recipient. A hash is provided of (a) the message, (b) an identification of the sender and (c) a hash of the attachments to form a data string. Instructions may be included for the recipient to send a hashed encryption of the string to a website at the server by registered electronic mail which provides options to obtain other electronic advantages. To authenticate the message, the recipient transmits the message, the attachments and the hashed encryption of the string to the server website. The server decrypts and detaches the hashed encryption of the string to provide a first string and hashes the message, the sender identification and the hashed attachments in the first string to form a second string. The server also detaches and hashes the attachments from the message received at the server website to form first hashed attachments and detaches the hashed attachments from the string to form second hashed attachments. When the first and second hashed attachments match and the first and second strings match, the server authenticates the message to the recipient.08-26-2010
20100185847Database outsourcing with access privacy - This invention introduces a new paradigm for outsourcing the transaction processing backend of a multi-client database application to an untrusted service provider. Specifically, the invention enables untrusted service providers to support transaction serialization, backup and recovery for clients, with full data confidentiality and correctness. Moreover, providers learn nothing about transactions (except their size and timing), thus achieving read and write access pattern privacy.07-22-2010
20100180112Secure Node Admission in a Communication Network - A system and method for key determination in a communication network having a network control node and a plurality of associated network nodes. According to various embodiments of the disclosed method and apparatus, an entry node sends to the network control node a submission requesting a salt; the entry node receives the salt from the network control node, wherein the salt is a random number generated by the network control node; the entry node combines the salt with its network password to calculate a network admission key; and the entry node submits an admission request to the network controller requesting admission to the network, wherein the admission request is encrypted by the entry node using the admission key.07-15-2010
20100241845METHOD AND SYSTEM FOR THE CONFIDENTIAL RECORDING, MANAGEMENT AND DISTRIBUTION OF MEETINGS BY MEANS OF MULTIPLE ELECTRONIC DEVICES WITH REMOTE STORAGE - A specific method is provided for recording, management and confidential distribution of meetings by means of multiple electronic devices, fitted with at least one microphone, mainly a mobile phone, an electronic agenda, or laptop. The method includes recording the meeting, sending this recorded data to the remote server, audio track synchronization, selecting optimum track sections to produce an optimum final track, store this ciphered, coded track in the database, and, finally, publish this track in a confidential manner.09-23-2010
20100228962OFFLOADING CRYPTOGRAPHIC PROTECTION PROCESSING - Some embodiments are directed to processing packet data sent according to a security protocol between a first computer and a second computer via a forwarding device. The forwarding device performs a portion of the processing, and forwards the packet data to a third computer, connected to the forwarding device, for other processing. The third computer may support non-standard extensions to the security protocol, such as extensions used in authorizing and establishing a connection over the secure protocol. The packet data may be subject to policies, such as firewall policies or security policies, that may be detected by the third computer. The third computer sends the results of its processing, such as a cryptographic key, or a detected access control policy, to the forwarding device.09-09-2010
20100217970ENCRYPTING OPERATING SYSTEM - A method of and system for encrypting and decrypting data on a computer system is disclosed. In one embodiment, the system comprises an encrypting operating system (EOS), which is a modified UNIX operating system. The EOS is configured to use a symmetric encryption algorithm and an encryption key to encrypt data transferred from physical memory to secondary devices, such as disks, swap devices, network file systems, network buffers, pseudo file systems, or any other structures external to the physical memory and on which can data can be stored. The EOS further uses the symmetric encryption algorithm and the encryption key to decrypt data transferred from the secondary devices back to physical memory. In other embodiments, the EOS adds an extra layer of security by also encrypting the directory structure used to locate the encrypted data. In a further embodiment a user or process is authenticated and its credentials checked before a file can be accessed, using a key management facility that controls access to one or more keys for encrypting and decrypting data.08-26-2010
20120036349DATEBASE SERVER, CUSTOMER TERMINAL AND PROTECTION METHOD FOR DIGITAL CONTENTS - A customer terminal is provided. The customer terminal includes a receiving module and a decryption module. The receiving module receives an encrypted digital content from a database server connected thereto. A predetermined encryption key encrypts the encrypted digital content. The decryption module decrypts the encrypted digital content utilizing hardware information from the customer terminal. A database server and a protection method are also provided to prevent an unauthorized customer terminal from copying digital contents.02-09-2012
20100250919METHODS AND SYSTEMS FOR SECURE DISTRIBUTION OF SUBSCRIPTION-BASED GAME SOFTWARE - A method for secure communications. At least one encryption key can be generated based on a pass-phrase that associates a unique identifier of a client system with a customer. Customer data encrypted with the at least one encryption key can be received such that the customer data is uniquely associated with both the client system and with the customer. The client system cannot decrypt the customer data if the unique identifier of the client system is changed. The client system cannot decrypt the customer data if the customer is changed.09-30-2010
20100228961HIERARCHICAL SECURE NETWORKS - Systems and methods for creating hierarchical network communications between trusted domains are described herein. An illustrative system includes a first, second, and third network. The first and second networks each include a plurality of routers, each router capable of establishing a secure data path with another router in the respective network. The third network includes a first router and a second router, each router capable of establishing a secure data path with the other router. The definition of each secure data path is provided by an external storage device that detachably couples to a router. The storage devices defining the secure data paths are unique to each router. The first and second networks communicate through the third network.09-09-2010
20100211770METHOD AND APPARATUS FOR PROTECTING PRIVATE DATA ON A VEHICLE - Methods and apparatus are provided for protecting private data on a vehicle. The method comprises receiving a first signal generated by a user of the vehicle and, in response to the first signal, deleting predetermined data stored on the vehicle to prevent the private data from being accessed.08-19-2010
20100250918METHOD AND SYSTEM FOR IDENTIFYING AN APPLICATION TYPE OF ENCRYPTED TRAFFIC - The present relates to a method and a system for identifying an application type from encrypted traffic transported over an IP network. The method and system extract at least a portion of IP flow parameters from the encrypted traffic using at least one of specific target encryption types. Then, the method and system transmit the extracted IP flow parameters to a learning-based classification engine. The learning-based classification engine has been trained with unencrypted traffic. Then, the method and system infer at least one corresponding application type for the extracted IP flow parameters.09-30-2010
20100138646EDGE OPTIMIZED TRANSRATING SYSTEM - A system and method for bandwidth management by controlling the bit rate of a signal stream in real time according to available link bandwidth. Applications include multiple-channel video data streams over a limited-bandwidth link such as a Digital Subscriber Line. A video signal is transrated at the head end to multiple streams having different bit rates, by a multirating device which sends the multiple streams over a network, along with metadata containing information about the data structure and parameters of the streams. At the network access edge, a demultirating device uses the metadata to select the stream with the highest video quality whose bit rate does not exceed the available bandwidth of the end-user's access link. This scheme provides multiple unicast signals to different end-users in place of a single multicast signal, supports multiple high-definition channels over a limited bandwidth link, and is compatible with standard encryption methods.06-03-2010
20080307217CONTENTS TRANSMITTING/RECEIVING APPARATUS AND METHOD - A contents transmitting apparatus includes an encryption algorithm storage section for storing a plurality of encryption algorithms; a key generation section for generating key information based on a mutual authentication result with a contents receiving apparatus; a control section for selecting one encryption algorithm from the encryption algorithm storage section and acquiring a key from the key information to provide it to an encryption section. The encryption section encrypts a content by use of a given encryption algorithm and a given key. During a period in which the generated key information is valid, a different encryption algorithm is selected from the encryption algorithm storage section every time a content to be transmitted is changed, and a different key is acquired from the key information for encryption.12-11-2008
20110131405INFORMATION PROCESSING APPARATUS - An information processing apparatus includes a monitoring unit configured to monitor transition of Web pages displayed by a browser, a determination unit configured to determine whether a current Web page is a page of a particular type when the transition of the Web pages displayed by the browser has occurred, an extraction unit configured to extract a feature quantity from the current Web page when the current Web page is not the page of the particular type, and a providing unit configured to provide a supplementary service related to the current Web page, using the extracted feature quantity.06-02-2011
20100115263TRACKING ELECTRONIC CONTENT - A method of tracking electronic content includes producing a file of electronic content and executable instructions that collect notification information and attempt to transmit the notification information to an address when triggered by an event. The executable instructions deny access to the electronic content until the notification information is transmitted successfully.05-06-2010
20100250917DISTRIBUTION SYSTEM AND METHOD OF DISTRIBUTING CONTENT FILES - A distribution system including, for connection over a network a plurality of client upload devices, each client upload device storing one or more chunks of a content file, a client download device configured to download from the client upload devices chunks of the content file stored by the respective client upload devices and an incentive device configured to generate token data packets exchangeable for chunks of the content file. The client download device is configured to acquire a plurality of token data packets from the incentive device and to communicate with individual respective client upload devices and thereby download, in exchange for respective token data packets, stored chunks of the content file. Each client upload device is configured to communicate with the client download device and, thereby, upload to the client download device stored chunks of the content file in exchange for token data packets acquired by the client download device from the incentive device and is configured to transmit to the incentive device token data packets received from the client download device.09-30-2010
20120036348DECRYPTION AND PRINT FLOW CONTROL SYSTEM AND METHOD - A method and system for determining a data file's security classification, special handling instructions, and disposition, with the additional option of subsequently adding material to the print image contained within the document, is disclosed. The method and system provide control of sensitive information contained in print documents, wherein a first file is encrypted. A second document accompanies the first document containing information for decrypting the first document, control redaction, and/or provide for addition of content or restrictions as to which rendering device the first document may print on. The rendering device, upon receipt of both first and second documents, communicates with a host computer that determines the first document's classification and disposition. The host computer then processes the second document, sending decryption information over a secure line from the second document to the rendering device to enable decryption and modification of the first document, followed by rendering.02-09-2012
20110066842SYSTEM AND METHOD FOR PLATFORM ACTIVATION - A platform discrimination indication register is stored in a wireless network card. This register holds a platform discrimination indication that indicates whether the wireless network card can be used to transfer data with notebook computers or whether the wireless network card is restricted to transferring data from a personal digital assistant or defined set of restricted devices. The platform discrimination indication can be upgraded using a key value obtained from an Internet site. This key value is limited to a specific wireless network card because of the use of a unique electronic I.D. An Internet site encrypts the electronic I.D. to produce the first key, such as a platform activation key (PAK). This first key is then decrypted at the personal data device in order to obtain a unique calculated I.D. value. If the calculated I.D. value matches the electronic I.D. value on the wireless network card, then the platform discrimination indication is altered (upgraded), allowing the operation of the wireless network card with notebook computers.03-17-2011
20110066841PLATFORM FOR POLICY-DRIVEN COMMUNICATION AND MANAGEMENT INFRASTRUCTURE - A policy-driven communication and management infrastructure may include components such as Agent, Server and Console, policy messages, and Relays to deliver security and system management to networked devices. An Agent resides on a Client, acting as a universal policy engine for delivering multiple management services. Relays, Clients additionally configured to each behave as though they were a root Server, Relaying information to and from other Clients, permit Clients to interact with the root Server through the Relay, enabling information exchange between Client and Server. Such information exchange allows Clients to gather information, such as new policy messages, from the Server, to pass status messages to the Server and to register their network address so that they can be readily located. Automatic Relay selection enables Clients and Relays to select their own parent Relays, thus allowing Clients and Relays to discover new routing paths through the network without administrator input.03-17-2011
20090319770METHOD, DEVICES AND COMPUTER PROGRAM PRODUCT FOR ENCODING AND DECODING MEDIA DATA - The invention relates to methods for encoding and decoding media data (MD, CMD). One of the methods comprises the following steps: A request is transmitted by a subscriber terminal (12-24-2009
20090319769DISCRETE KEY GENERATION METHOD AND APPARATUS - A computer enabled secure method and apparatus for generating a cryptographic key, to be used in a subsequent cryptographic process, where the key is to be valid only for example during a specified time period. The method uses a polynomial function which is a function of an input variable such as time, and dynamically computes the key from the polynomial. This is useful for generating decryption keys used for distribution of encrypted content, where the decryption is to be allowed only during a specified time period.12-24-2009
20110131406Secure Communication System For Mobile Devices - A comprehensive solution for providing secure mobile communication is provided. The system includes techniques for authentication and control of communication end-points; chain of trust to ensure devices are certified as authentic; contact list management; peer-to-peer encrypted voice, email, and texting communication; and a technique for bypassing an IP PBX to ensure high levels of security. The system is able to support use of commodity mobile communication devices (e.g., smart phones, laptops) over public carrier networks.06-02-2011
20090113200STEGANOGRAPHIC TECHNIQUES FOR SECURELY DELIVERING ELECTRONIC DIGITAL RIGHTS MANAGEMENT CONTROL INFORMATION OVER INSECURE COMMUNICATION CHANNELS - Electronic steganographic techniques can be used to encode a rights management control signal onto an information signal carried over an insecure communications channel. Steganographic techniques ensure that the digital control information is substantially invisibly and substantially indelibly carried by the information signal. These techniques can provide end-to-end rights management protection of an information signal irrespective of transformations between analog and digital. An electronic appliance can recover the control information and use it for electronic rights management to provide compatibility with a Virtual Distribution Environment. In one example, the system encodes low data rate pointers within high bandwidth time periods of the content signal to improve overall control information read/seek times.04-30-2009
20100306524SECURE STORAGE AND ACCELERATED TRANSMISSION OF INFORMATION OVER COMMUNICATION NETWORKS - A system and method for securely storing and transmitting digital information includes a computing device connected to at least one of a network device or a storage device or both. The system and method also includes a communication network connected to the at least one of a network device or the at least one of a storage device, or both. The system and method may include the computing device being configured to receive and receiving at least a portion of one or more first bit streams from an input device, being configured to parse and parsing the at least a portion of the one or more bit streams to form one or more first datasets, being configured to compress and compressing the one or more first datasets to form one or more second datasets, being configured to encrypt and cryptographically modifying the one or more second data sets to form one or more third datasets, being configured to assemble and assembling the one or more third datasets to form at least one second bit stream; and being configured to disperse and dispersing the at least one second bit stream into multiple portions in such a manner that any minimum number of the total number of dispersed portions contains a complete second bit stream, and being configured to output and outputting the total number of dispersed portions to one or more of local and remote data storage devices.12-02-2010
20110113233SYSTEM, SERVER, METHOD, AND COMPUTER PROGRAM FOR RELAYING ELECTRONIC MAIL - A system, a server, a method, and a computer program are described for relaying an electronic mail without a leak of secret information included in a quoted electronic mail to an unintended recipient without impairing the usability of the electronic mail system. The server receives an electronic mail that is newly created by one of the clients with quotation from one or a plurality of electronic mails received in the past. The server determines, for each quoted electronic mail quoted in the received electronic mail, whether a destination designated in the received electronic mail is included in an originator and a destination set in each quoted electronic mail. The server edits the content of each quoted electronic mail that is determined not to include the destination designated in the received electronic mail. The server transfers the electronic mail including the edited quoted electronic mail to the designated destination. The server stores edition information for returning the edited quoted electronic mail to a state before the editing in association with information that identifies the received electronic mail.05-12-2011
20100313010DIGITAL DATA RECORDING APPARATUS, DIGITAL DATA RECORDING METHOD, AND COMPUTER-READABLE RECORDING MEDIUM - A data communication unit receives encrypted digital data via a network and records the digital data on a primary recording medium. The digital data, having been encrypted indifferent encryption methods according to the distributors, include attribute information indicating the encryption methods The encryption method of the digital data is determined and the encrypted data is decrypted by an appropriate decryption unit. Identification information of a secondary recording medium or a playback apparatus is obtained according to whether the secondary recording medium is removable from the playback apparatus. A controller selects an encryption unit among a plurality of encryption units according to the obtained identification information. The selected encryption unit creates an encryption key according to the identification information and re-encrypts the digital data. A recording unit records the digital data on the secondary recording medium. An accounting unit charges according to accounting information in the attribute information.12-09-2010
20100281248ASSESSMENT AND ANALYSIS OF SOFTWARE SECURITY FLAWS - Security assessment and vulnerability testing of software applications is performed based at least in part on application metadata in order to determine an appropriate assurance level and associated test plan that includes multiple types of analysis. Steps from each test are combined into a “custom” or “application-specific” workflow, and the results of each test may then be correlated with other results to identify potential vulnerabilities and/or faults.11-04-2010
20100281247SECURING BACKING STORAGE DATA PASSED THROUGH A NETWORK - Techniques described herein generally relate to methods, data processing devices and computer readable media to ensure that data stored in a remote backing storage device are in encrypted form before that data is transferred to another device or over a network. In some examples, the methods, data processing devices and computer readable media may be arranged to encrypt the data passed to the network when the data stored in the backing storage device is in unencrypted form. Also disclosed are methods, data processing devices and computer readable media that identify when the data stored in the backing storage device is in unencrypted form, including methods that may detect that the data may appear to be in encrypted form as a result of the data being compressed.11-04-2010
20130138946SECURE TELEMESSAGING - Systems and methods are described that provide for targeted distribution of messages through communication networks, such as the Internet, in private and confidential environments. Messages, such as advertisements, can be stored in a message database. In a secure environment, consumer profiles, such as medical records, can be mined to identify target consumers for a given message. Messages can be retrieved from the message database, encrypted, and conveyed to the identified target consumers without inappropriately revealing or disclosing private or confidential consumer data.05-30-2013
20130138947USER-DRIVEN MENU GENERATION SYSTEM WITH DYNAMIC GENERATION OF TARGET FILES WITH PLACEHOLDERS FOR PERSISTENT CHANGE OR TEMPORARY SECURITY CHANGE OVER CLOUD COMPUTING VIRTUAL STORAGE FROM TEMPLATE FILES - Dynamic generation of target files is described. A user can select a template file. The template file includes: at least first and second changeable fields configured to be changed persistently, and a third changeable field. The second changeable field is configured to receive a security-related value. A third changeable field includes a first value configured to be changed temporarily to receive an encrypted version of the first value. The template file is parsed to generate a user interface, including: a first prompting label, corresponding to the first changeable field, requesting the user to enter the user content value, a second prompting label, corresponding to the second changeable field, requesting that the user enter audit data and/or access control data. An encrypted version of the first value corresponding to the third changeable field is generated. The first value is temporarily replaced with the encrypted value. The target file is then generated.05-30-2013
20100325417RENDERING RIGHTS DELEGATION SYSTEM AND METHOD - Methods and systems for controlling the distribution of digital content are provided. A license holder acquires protected content and an original digital license to the protected content from a content provider system. The license holder in turn delegates all or part of the grants in that original license to other qualified devices or clients. The content remains in its original, protected or encrypted form while it is delivered from the license holder to the client along with a digital sublicense that the client receives from the original license holder, whereupon the content can then be rendered. The original digital license defines or governs the conditions under which such delegation occurs, and includes terms under which such delegation is permitted to continue in order to enforce the intent of the content provider.12-23-2010
20100325413DATA HIDING BASED MESSAGES AND ADVERTISEMENTS - A steganographic message/advertisement embedding method is presented that can be used for contextual and targeted advertising supporting unobtrusive and on-demand message/advertisement delivery. The present invention presents over two client devices, the method includes receiving, on a first client device, a primary multimedia presentation with a plurality of steganographic codes embedded therein; whereby the steganographic code is not perceivable during a rendering of the multimedia presentation and the steganographic code is associated with at least one secondary multimedia presentation. Next; the primary multimedia presentation is rendered on the first client device. The first client device receives a user selection to select at least one of the steganographic codes. In response to the user selection, a secondary multimedia presentation is presented to the user in response to receiving the user selection, wherein the second multimedia presentation is presented over a second client device which is distinct from the first client device.12-23-2010
20100325415Controlling Media Distribution - A method and apparatus for distributing time-controlled media. A media chunk is encrypted using cryptographic materials and sending the encrypted media chunk over a media channel. The cryptographic materials are distributed over a time-guaranteed control channel such that the cryptographic materials are received by a remote receiver node after the remote receiver receives the encrypted media chunk. The receiver node receives the encrypted media chunk over the media channel and stores the encrypted media chunk in a memory at the receiver node. The receiver node also receives the cryptographic materials over the time guaranteed channel, and uses the cryptographic materials to decrypt the encrypted media chunk. In this way, the receiver node cannot render the media chunk until it has received the cryptographic materials.12-23-2010
20100332817CONTENT RECORDING SYSTEM, CONTENT RECORDING METHOD, CONTENT RECORDING DEVICE, AND CONTENT RECEVING DEVICE - Provided is a content receiving device, connected to a content recording device that records content data, including a receiving section that receives the content data, a recording folder specifying section that specifies a dedicated folder as a recording destination of the content data when a parental level is set on the content data and an normal folder as the recording destination of the content data when no parental level is set on the content data, and a transmitting section that transmits the content data so that the content data is recorded in a folder specified by the recording folder specifying section of a storage medium contained in the content recording device.12-30-2010
20100332821Mobile IP Over VPN Communication Protocol - The present invention supports a communication protocol for transmission of information packets between a mobile node and a virtual private network. Information packets are encapsulated and decapsulated along the route as the information packet is forwarded among the various networks on its path to the destination address; either the mobile node on a foreign network or a correspondence node on a virtual private network. A home agent on the virtual private network supports transmitting the information packets, and the information packets are transmitted from the virtual private network from the home agent or a virtual private network gateway.12-30-2010
20100332820INFORMATION SECURITY DEVICE AND INFORMATION SECURITY SYSTEM - The present invention provides a migration apparatus that realizes safe migration of data between devise that use different encryption algorithms and different security authentication levels. The fourth electronic terminal device 12-30-2010
20110010537DATA RECORDING DEVICE, DATA RECORDING METHOD USING SAME, AND DATA RECORD CONTROLLING COMPUTER PROGRAM - A data recording device is provided to record and redistribute stream data such as TV programs without imposing loads proportional to the number of users. Stream data of a distributed program is collated by a recording range judging section 01-13-2011
20110010535MULTI-MEDIA DIGITAL CARTRIDGE STORAGE AND PLAYBACK UNITS BACKGROUND OF THE INVENTION - A method and apparatus for playing back a digital media file. The invention comprises defining a plurality of predetermined media types based upon an advertising scheme associated therewith, and valuing each of the plurality of predetermined media types in accordance with the advertising scheme. Then, one of the plurality of media types is selected and played back, thus invoking the associated advertising scheme.01-13-2011
20110010533System and Method for Component Trust Model in Peer-to-Peer Service Composition - A system is provided for composition trust binding in a peer-to-peer network environment. The system includes: a service requestor (01-13-2011
20110010536OPTIMIZING ENCRYPTED WIDE AREA NETWORK TRAFFIC - Optimization of encrypted traffic flowing over a WAN is provided by an arrangement in which WAN compression is distributed between endpoints (i.e., client machines or servers) in a subnet of a hub and branch network and a WAN compression server in the subnet. A client portion of the WAN compression running on each of one or more endpoints interfaces with a disposable local cache of data seen by endpoints in the subnet that is used for compressing and decompressing traffic using dictionary-based compression techniques. The local WAN compression server in a subnet stores a shared central database of all the WAN traffic in the subnet which is used to populate local disposable caches in the endpoints.01-13-2011
20110010534SYSTEM AND METHOD OF SHARING WEB PAGE THAT REPRESENTS HEALTH INFORMATION - A method of displaying health information of a user, the method including: monitoring if a sharing request for a health information of a user is made by an external device, which provides a web page representing the health information of the user in the form of an image; downloading a captured image of the web page from the external device if the sharing request for the health information of the user is made; and displaying the downloaded captured image.01-13-2011
20110016306MEDICAL IMAGE DISPLAY SYSTEM AND MEDICAL IMAGE COMMUNICATION METHOD - A medical image display system according to an embodiment including a server that provides medical image display data and display/clinical applications and a terminal device that can access the server by way of a network, the system, configuring the medical image display data so that pieces of image display information of a plurality of types including medical image information and interface information for user operation are arranged in a multilayered manner; transmitting the pieces of image display information of a plurality of types to the terminal device from the server, assigning them to communication protocols of different types; synthetically combining and displaying the pieces of image display information of a plurality of types transmitted from the server with use of the terminal device; and generating operator information by utilizing the interface information for user operation displayed on the terminal device, and transmitting the operator information to the server by way of the network.01-20-2011
20110035577ENHANCED DIGITAL RIGHT MANAGEMENT FRAMEWORK - Machine-readable media, methods, apparatus and system for enhanced digital right management framework are described. A server platform may receive a request of downloading content and first attestation information from a client platform. The server platform may examine if the client platform attests to a client platform characteristic that affects integrity of the client platform by using the attestation information, and then encrypt and download the content to the client platform if the client platform attests to the client platform characteristic. The server platform may further receive a request of viewing the content and second attestation information from the client platform. The server platform may then examine if the client platform attests to its integrity by using the second attestation information; and then send a content key to the client platform if the client platform attests to its integrity, so that the client platform can decrypt and view the content.02-10-2011
20090013172METHOD AND DEVICES FOR REPRODUCING ENCRYPTED CONTENT AND APPROVING REPRODUCTION - A reproduction method capable of immediately revoking a leaked device key by dividing the device key into a first partial key and a second partial key is provided. The reproduction method includes the operations of receiving encrypted content to be reproduced, requesting a token for decrypting the received content from an external device containing a first partial key of a device via a network, receiving the requested token from the external device, and decrypting the received token by using a second partial key contained in the device, thereby preventing content encrypted and distributed before revocation of an illegally copied device from being reproduced, and minimizing damage due to key leakage.01-08-2009
20110029768METHOD FOR TRANSMITTING CONTENTS FOR CONTENTS MANAGEMENT TECHNOLOGY INTERWORKING, AND RECORDING MEDIUM FOR STORING PROGRAM THEREOF - A DRM technique interoperability system includes an exporter and an importer. The exporter cancels the DRM technique from the contents to which the DRM technique of a DRM device is applied to generate a contents stream, generates a plurality of packets from the contents stream, and transmits the packets to the importer. The importer receives a plurality of packets from the exporter, generates a contents stream from the plurality of packets, applies a DRM technique of a second DRM device to the contents stream, and provides it to the second DRM device.02-03-2011
20100180111 METHOD OF ESTABLISHING FAST SECURITY ASSOCIATION FOR HANDOVER BETWEEN HETEROGENEOUS RADIO ACCESS NETWORKS - A method of establishing security association between heterogeneous networks is disclosed. The method comprises a first step of receiving information of heterogeneous networks near a mobile station; a second step of transmitting a request message requesting authentication related information transfer to a target heterogeneous network where the mobile station intends to perform handover, among the heterogeneous networks near the mobile station; and a third step of receiving authentication related information and key related information of the target heterogeneous network. At this time, the first step, the second step, and the third step are preferable performed before handover is performed between heterogeneous networks.07-15-2010
20110119482Method and system for establishing a communications pipe between a personal security device and a remote computer system - A method and a system is provided for establishing a communications path over a communications network between a personal security device (PSD) and a remote computer system without requiring the converting of high-level messages such as API-level messages to PSD-formatted messages such as APDU-formatted messages (and inversely) to be installed on a local client device in which the PSD is connected.05-19-2011
20110119483Computing System With Off-Load Processing For Networking Related Tasks - A method is described that comprises executing a service selection method on an off load processor of a computing system to select an available network service for handling traffic sent to/from a handheld device. The execution of the service selection method is performed while a main CPU of said computing system is in a low power state.05-19-2011
20110113234User Device, Computer Program Product and Computer System for Secure Network Storage - A technique for providing secure network storage by a user device that includes one or multiple network interfaces, a driver configuration component comprising a volume mapping schema and a connection mapping schema, and a driver operable to map I/O requests for logical data blocks to one or multiple network storage volumes as specified by the volume mapping schema, the data transfer between the user device and the one or multiple network storage volumes being mapped to one or multiple network connections as specified by the connection mapping schema, the driver thereby being operable to provide the user device with a logical storage volume.05-12-2011
20110040963SECURE COMPUTING SYSTEM, SECURE COMPUTING METHOD, SECURE COMPUTING APPARATUS, AND PROGRAM THEREFOR - A third secure computing apparatus generates data Wb associated with each bit b of a segment t that satisfies a relation m02-17-2011
20110087876Dynamic Analytical Differentiator For Obfuscated Functions In Complex Models - Systems and methods are provided for providing secure transmission of software code, which includes a mathematical function, from a first computer to a second computer so that the mathematical function's content cannot be determined at the second computer. A method includes generating a secure container, where the secure container includes an encrypted representation of the mathematical function and metadata identifying the mathematical function encrypted in the secure container. The method further includes providing the secure container from the first computer to the second computer over a communication transmission medium, where the secure container is accessed at the second computer using the metadata to identify the mathematical function, and where the mathematical function contained within the secure container is decrypted and incorporated into program code in a compiled form so that the mathematical function can be used but the mathematical function's content cannot be determined at the second computer.04-14-2011
20120173867METHOD OF AUTHENTICATION AT TIME OF UPDATE OF SOFTWARE EMBEDDED IN INFORMATION TERMINAL, SYSTEM FOR SAME AND PROGRAM FOR SAME - A load on a server or a network is suppressed at a minimum, the authentication server is not necessary, and download of falsified software is prevented. A server creates a time-limited authentication key, computes a hash value of a file included in update software for each file to create a hash table in which hash values of a file are listed, and encrypts the hash table using the authentication key. A unit obtains the encrypted hash table and the authentication key from a server. An information terminal obtains the encrypted hash table from the unit, obtains the authentication key from the unit, determines whether or not a time limit of the authentication key is valid, obtains the encrypted hash table from the server if the time limit is determined to be valid as a result of the determination, decrypts the tables using the authentication key, compares the tables after decryption, and initiates download of the update software if both the tables are identical to each other.07-05-2012
20120173865System And Method For Generating Multiple Protected Content Formats Without Redundant Encryption Of Content - Embodiments may include generating a first protected version of content, which may include packetizing the content into multiple packets that each includes content information and non-content information and using initialization vectors to perform chained encryption on multiple blocks of the packetized content. At least some of the initialization vectors are generated dependent upon the non-content information. Embodiments may also include using the encrypted blocks to generate a second protected version of the content without re-encrypting the content. The second protected version of the content may include multiple encrypted content samples each including multiple encrypted blocks from the first protected version of the content. For a given encrypted content sample, different sets of encrypted blocks in that sample may form different encryption chains. The second protected version of the content may include decryption information for decrypting the encrypted content samples including initialization vectors used to create the first protected version.07-05-2012
20120036351CONFIGURABLE MEMORY ENCRYPTION WITH CONSTANT PIPELINE DELAY IN A MULTI-CORE PROCESSOR - Described embodiments provide a method of coordinating debugging operations in a network processor. The network processor has one or more processing modules. A system cache of the network processor requests a data transfer between the system cache and at least one external memory. A memory interface of the network processor selects an encrypted data pipeline or a non-encrypted data pipeline based on whether the processed data transfer request includes an encrypted operation. If the data transfer request includes an encrypted operation, the memory interface provides the data transfer to the encrypted data pipeline and checks whether a debug indicator is set for the data transfer request. If the debug indicator is set, the memory interface disables encryption/decryption of the encrypted data pipeline. The data transfer request is performed by the encrypted data pipeline to the at least one external memory.02-09-2012
20110087877SYSTEM, DEVICE AND METHOD FOR SECURELY TRANSFERRING DATA ACROSS A NETWORK - A method, system, server device and computer program product for securely transferring data from one or more non-subscribers to a subscriber or subscriber-defined destination, via a network, are provided. Access is provided, to one or more non-subscriber, to a network location indicator (NLI) and a private data transfer conduit is established, accessible via the NLI and configured to accept data from the non-subscribers. Data received at the conduit is transformed into secured data and transferred to the subscriber or subscriber-defined destination. In some embodiments, access to the NLI may be provided by accepting a request from a subscriber and sending, upon receipt of the request, a notification to at least one non-subscriber.04-14-2011
20100191954METHOD AND APPARATUS FOR TRANSMITTING MESSAGE IN HETEROGENEOUS FEDERATED ENVIRONMENT, AND METHOD AND APPARATUS FOR PROVIDING SERVICE USING THE MESSAGE - Provided are a method and apparatus for transmitting a message in a heterogeneous federated environment, and a method and apparatus for providing a service according to the message. In the method of transmitting a message to an external domain in the heterogeneous federated environment, a service server of a domain creates a transmission message to be transmitted to the external domain and supplies it to a protocol interpretation unit of the domain. The protocol interpretation unit detects protocol information of the external domain, interprets the created transmission message based on the detected protocol information, and supplies the interpreted transmission message to the service server. The service server then supplies the interpreted transmission message to the external domain. Accordingly, two service servers in different domains with different protocol information can exchange messages with each other while guaranteeing security.07-29-2010
20100037045METHOD AND APPARATUS FOR CREATING AN INSTANCE ID BASED ON A UNIQUE DEVICE IDENTIFIER - A method and apparatus for signaling between a device and network. The method comprises the step of generating, by a device, an Instance Identification (ID) that matches an Instance ID used by a network. The apparatus of the present invention includes a means of generating an ID that matches the Instance ID used by the network.02-11-2010
20090327690Methods and Systems for Facilitaing Secure Communication - A method of facilitating secure communication, the method comprising the steps of obtaining a cryptographic key, identifying at least one trusted computing device and sending the cryptographic key to the trusted computing device.12-31-2009
20090327693NETWORK TASK OFFLOAD APPARATUS AND METHOD THEREOF - A network task offload apparatus includes an offload circuit and a buffer scheduler. The offload circuit performs corresponding network task processing on a plurality of packets in parallel according to an offload command. The buffer scheduler includes a buffer control unit and a plurality of buffer units. The plurality of buffer units are controlled by the buffer control unit and are scheduled to store the processed packets.12-31-2009
20090327691METHOD AND APPARATUS OF ENCRYPTING CONTENT DELIVERY - The invention relates to a method and apparatus for delivering a data stream to a plurality of clients in a network. The method involves receiving the data stream from a media server, where the data stream includes a plurality of data packets and a data stream identifier associated with at least one of the plurality of data packets, securing the data stream received from the media server by applying a filter to the data stream to obtain a filtered data packet from the plurality of data packets based on the data stream identifier, encrypting the filtered data packet using an encryption scheme to obtain a encrypted media content, and distributing the encrypted media content to at least one of the plurality of clients in the network.12-31-2009
20090217028METHOD OF ADDING A POSTSCRIPT MESSAGE TO AN EMAIL - A system and method providing for appending of a note or instruction to the contents of an email such that the note or instructions is only appended to emails of selected recipients of a group of recipients, with only the email going to the other recipients of the group of recipients is provided.08-27-2009
20090217027Safe e-mail for everybody - Like wearing seatbelts. Like using condoms. Security measures only work if done correctly and done all the time, but we don't use security measures when burden weighs more heavily than risk. That's why e-mail is rarely encrypted. Too difficult. Too costly. Balanced against little perceived risk in sending e-mails in the clear. Our simple, yet secure, e-mail encryption system changes that. It's easy to use—anyone who can use e-mail can use our encryption system. Users pay no charge for basic service—it's free. We make money in other ways. Other e-mail encryption systems cost too much, are too complex, need special hardware, and are not compatible. Ours is safe, easy, and free, and viral adoption can make our system the global standard for sending secure e-mails. With the privacy people get from our invisible, easy-to-use system, e-mail will be safe for everybody.08-27-2009
20100070753ENHANCED DISTRIBUTION OF DIGITAL CONTENT - The enhanced distribution of digital content, in which a digital content distribution process is dynamically modeled, the digital content distribution process is invoked, and a serviced digital copy is provided to a recipient. Invoking the digital content distribution process further includes ingesting digital content, further including storing a digital master of the digital content in a digital vault, and servicing the digital copy of the stored digital master based on a servicing request received from the recipient.03-18-2010
20100064129Network adapter and communication device - A network adapter includes: a network connection unit which is connected to a network, transmitting and receiving packet data; a bus connection unit which is connected to a bus, transmitting and receiving data and control information to a host device; an encryption/decryption processing unit executing an encryption/decryption application which encrypts contents or decrypts the encrypted contents; and a control unit executing software including respective hierarchies of a socket interface, a protocol stack and a device driver, and wherein the encryption/decryption application performs communication with the network connection unit or the bus connection unit through the socket interface, and wherein the control unit controls transmission and reception of data and control information of the bus connection unit by using a network device driver as the device driver.03-11-2010
20100058050DATA KEEPING METHOD, CLIENT APPARATUS, STORAGE DEVICE, AND PROGRAM - A storage device sends its storage-device-specific information A to a client apparatus. The client apparatus generates an encryption key P03-04-2010
20110154014DATA EXCHANGE FOR MOBILE DEVICES - A method may include identifying a selected file recipient device based on a location of the file recipient device, a location of a file transmitting device, and an orientation of a file transmitting device. A file transfer request may be transmitted to the selected file recipient device. An acknowledgement may be received from the selected file recipient device based on the orientation of the selected file recipient device being approximately 180 degrees offset from the orientation of the file transmitting device. A selected file may be transmitted to the file recipient device following receipt of the acknowledgement.06-23-2011
20110154016METHOD FOR AGGREGATING INFORMATION VALUES IN A NETWORK - A method for aggregating information values in a network, the network including trusted network nodes and untrusted network nodes, wherein a communication session is established by directing messages through the network along a network path from an originating network node (06-23-2011
20110083009Methods and Apparatus for Persistent Control and Protection of Content - A novel method and apparatus for protection of streamed media content is disclosed. In one aspect, the apparatus includes control means for governance of content streams or content objects, decryption means for decrypting content streams or content objects under control of the control means, and feedback means for tracking actual use of content streams or content objects. The control means may operate in accordance with rules received as part of the streamed content, or through a side-band channel. The rules may specify allowed uses of the content, including whether or not the content can be copied or transferred, and whether and under what circumstances received content may be “checked out” of one device and used in a second device. The rules may also include or specify budgets, and a requirement that audit information be collected and/or transmitted to an external server. In a different aspect, the apparatus may include a media player designed to call plugins to assist in rendering content. A “trust plugin” is disclosed, along with a method of using the trust plugin so that a media player designed for use with unprotected content may render protected content without the necessity of requiring any changes to the media player. In one aspect, the streamed content may be in a number of different formats, including MPEG-4, MP3, and the RMFF format.04-07-2011
20110060901Cryptographic System for Performing Secure Iterative Matrix Inversions and Solving Systems of Linear Equations - Disclosed embodiments include a cryptographic system implemented in at least one digital computer with one or more processors or hardware such as FPGAs for performing iterative secure computations, analysis, and signal processing directly on encrypted data in untrusted environments. According to a basic embodiment, the proposed cryptographic system comprises: (a) at least one secure protocol for performing matrix multiplications in the encrypted domain, and (b) at least one secure iterative protocol for performing matrix inversions and solving systems of equations based on an iterative secure protocol substantially equivalent to a Newton secure protocol. According to a particular embodiment, the system comprises a plurality of privacy-preserving protocols for solving systems of linear equations (SLE) directly based on homomorphic computation and secret sharing. More specifically, according to a particular embodiment the system uses a secure iterative protocol whereby systems of linear equations and matrix inversions are solved securely and iteratively without imposing any restrictions on the matrix coefficients based on an iterative protocol substantially equivalent to a Newton secure protocol.03-10-2011
20120066488PROTECTED DISTRIBUTION AND LOCATION BASED AGGREGATION SERVICE - A system for and method of per access-point streaming media customization and privacy protected feedback in a wireless network. The system is operative to: encrypt real time streamed media content from a streaming media source; multicast the streamed encrypted media content for availability to a user device for playback, the user device sending out unicast responses at the time of joining or dropping the multicast; aggregate the unicast responses in the form of a connect multicast state or a disconnect multicast state of the user device based on the joining or dropping of the multicast; and provide information back to the streaming media source based on the aggregated unicast responses.03-15-2012
20110252226PRESERVING USER PRIVACY IN RESPONSE TO USER INTERACTIONS - User privacy is preserved in response to user interactions with information items, such as advertisements, by controlling the behavior of a user's computer. Information items are associated with item response specifiers. Item response specifiers control the behaviors of the user's computer in response to user interactions with information items. Item response specifiers may be communicated to the user's computer with the associated information items or be retrieved separately by the user's computer from an information item broker or trusted third party. Item response specifiers may be cryptographically signed to ensure their integrity. Following a user interaction with an information item, the user's computer refers to the item response specifier to determine an appropriate privacy-preserving post-interaction behavior. Examples of privacy-preserving behavior include a silent privacy-preserving behavior, a proxied interaction privacy-preserving behavior, a partial proxied interaction privacy-preserving behavior, a delayed handoff privacy-preserving behavior, and a direct to provider privacy-preserving behavior.10-13-2011
20100325414Method and transmitting device for securely creating and sending an electronic message and method and receiving device for securely receiving and processing an electronic message - The subject matter relates to a method for securely creating and sending an electronic message, whereby the message is created using a first application running in a secure operating system, the created message is stored in a storage that can only be accessed by the secure operating system and a virtualizing unit. In a second application executed by the virtualizing unit, the internal storage is analyzed for the presence of a message and, if the message is present, the message is transmitted to a receiver. The subject matter also relates to a method for securely receiving and processing an electronic message, whereby an external storage is analyzed for the presence of a message using a second application and, if the message is present, the message is transmitted to the internal storage. The presence of the message is polled using the first application and, if the message is present, the message is transmitted from the internal storage to the first application for processing. The subject matter further relates to a transmitting device for carrying out the method for securely creating and sending the electronic message and a receiving device for carrying out the method for securely receiving and processing the electronic message.12-23-2010
20110016305SYSTEM AND METHOD FOR TRANSFORMING INFORMATION - A method for transforming information, comprising the steps of encoding two or more original messages into a single encoded information and decoding the single encoded information using multiple different decoding schemes to recover the two or more original messages.01-20-2011
20120204023DISTRIBUTION SYSTEM AND METHOD FOR DISTRIBUTING DIGITAL INFORMATION - A distribution system and method for distributing digital information is provided, which has high recoverability from a security breach. The distribution system comprises a server (08-09-2012
20100100721METHOD AND SYSTEM OF SECURED DATA STORAGE AND RECOVERY - A method and a system of secured data storage and recovery are provided. First, a secured key and an encrypted user password of a storage device are obtained by using a controller of a storage device. Then, the secured key is encrypted by using the encrypted user password to generate a first private key, the encrypted user password is encrypted by using the secured key to generate a second private key, and data to be stored is encrypted by using the secured key. Finally, the encrypted data, the first private key, and the second private key are transmitted to a remote device for storage through a host. Thereby, the security of data storage is enhanced and data recovery mechanism is provided when the storage device is damaged or lost.04-22-2010
20110258432METHOD AND SYSTEM FOR RELIABLE PROTOCOL TUNNELING OVER HTTP - The embodiments described herein generally relate to methods and systems for tunneling arbitrary binary data between an HTTP endpoint and an arbitrary destination. Such tunneling of data is valuable in an environment, for example, in which a browser-based client communicates in the HTTP protocol and desires to exchange data with a remote endpoint understanding non-HTTP communications. A relay server is used as a “middle man” to connect the client to the destination, and components supporting the necessary protocols for data exchange are plugged into the relay server. To achieve reliable and ordered transmission of data, the relay server groups sessions through the assignment of session identifiers and tracks the exchange of messages through the assignment of sequence and acknowledgment numbers. Further, the relay server provides for authenticating the HTTP endpoint with the destination and for handling other operations not available in the constrained environment of the Web-based client.10-20-2011
20110258431SYSTEM AND METHOD FOR PROVIDING PREFIXES INDICATIVE OF MOBILITY PROPERTIES IN A NETWORK ENVIRONMENT - An example method includes receiving an Internet protocol (IP) address request in a network and selecting an IP address associated with a prefix that represents an IP subnet. The prefix includes a color attribute to be provided as part of a communication session that includes a plurality of packets. The prefix defines one or more properties associated with an application for the session. The prefix is communicated to a network element in a signaling plane, the prefix is configured to be used to make a routing decision for at least some of the plurality of packets. In more specific embodiments, the method can include applying one or more network policies based on the prefix associated with the IP address. The method could also include decrypting an encryption protocol in order to identify the prefix of a subsequent communication flow, and executing a routing decision based on the prefix.10-20-2011
20110258430METHOD AND APPARATUS FOR APPLYING EXECUTION CONTEXT CRITERIA FOR EXECUTION CONTEXT SHARING - An approach is provided for applying execution context criteria for secure execution context sharing. A criterion application retrieves an execution context of a device. The criterion application determines one or more context criteria associated with the execution context. The context criteria include state information associated with the execution context. The criterion application encrypts the execution context using the one or more context criteria as a public key of an identity-based encryption.10-20-2011
20090254744SYSTEM AND METHOD FOR THE CONCEALMENT OF DEVICE INPUT PARAMETERS - A system and method for concealing input parameters that are being loaded into a device. In one embodiment, the system provides a transformed interface, in which a device into which the parameters are loaded contains a series of inverse transformation keys. The parameters to be concealed are transformed using a particular key, along with a transformed index value to indicate the particular key that must be used to inversely transform the parameter.10-08-2009
20110161653Logical Partition Media Access Control Impostor Detector - Provided are techniques for to enable a virtual input/output server (VIOS) to establish cryptographically secure signals with target LPARs to detect an imposter or spoofing LPAR. The secure signal, or “heartbeat,” may be configured as an Internet Key Exchange/Internet Protocol Security (IKE/IPSec) encapsulated packet (ESP) connection or tunnel. Within the tunnel, the VIOS pings each target LPAR and, if a heartbeat is interrupted, the VIOS makes a determination as to whether the tunnel is broken, the corresponding LPAR is down or a media access control (MAC) spoofing attach is occurring. The determination is made by sending a heartbeat that is designed to fail unless the heartbeat is received by a spoofing device.06-30-2011
20090210695SYSTEM AND METHOD FOR SECURELY COMMUNICATING ELECTRONIC DOCUMENTS TO AN ASSOCIATED DOCUMENT PROCESSING DEVICE - The subject application is directed to securely communicating electronic documents to an associated document processing device. User identification data inclusive of a user credential is received from a user with a document processing request having one or more electronic documents. Page job language information is generated for output of the request by a document processing device. A seed value is received in accordance with the user credential and used to generate a random number. Each document is encrypted using the random number. The encrypted data and page language information are communicated to the document processing device and stored in association with user identification. Upon receipt of user login data a listing of requests is displayed. The seed value is retrieved from user credentials for generation of a random number. Selected electronic documents are decrypted via the random number and output in accordance with the associated page job language information.08-20-2009
20080320296METHODS AND SYSTEMS FOR SECURE REMOTE MOBILE PRINTING - Systems and methods for for secure, remote printing includes a mobile device (e.g., cell phone or PDA) establishing a secure communication connection with a mobile printer and a server, such a connection using one or more encryption protocols (e.g., SSL, TLS, etc.). The server encrypts the requested data and transmits it to the printer via the secure connection, whereon the printer decrypts and prints the data. The mobile device can, according to other aspects of the invention, logs operational performance characteristic of the printer, the server, and/or the communication connections therebetween. A media cartridge can be provided includes an enclosure having a substantially planar shape, wherein each of its length and width dimensions are greater than its height. An opening is disposed along a width-wise edge (e.g., a “front” of the enclosure), and one or more regions are also disposed on opposing length-wise edges (e.g., a “left side” and a “right side” of the enclosure). The regions permit a user to see and/or exert a force on sheet media (e.g., paper) contained within the enclosure.12-25-2008
20090138701METHOD FOR RECORDING AND RESTORING A CIPHERED CONTENT BY A PROCESSING UNIT - A method of operating by a second processing unit a content recorded by a first processing unit, said first and second processing units having a specific key being managed by a central server. The processing units have access to a removable storage memory intended to record a content ciphered by a content key accompanied by a file associated to the content. The content key is produced by means of a cascaded deciphering starting from the specific key of the first unit of at least two constants provided by the central server and a variable. The content is restored by the second processing unit by means of a cascaded deciphering starting from the specific key of the second unit by using the constants and the variable stored in the file accompanying the content and a transcoding key calculated by the central server.05-28-2009
20090138700CRYPTOGRAPHIC MANAGEMENT APPARATUS, DECRYPTION MANAGEMENT APPARATUS AND PROGRAM - A cryptographic management apparatus includes a storage unit which stores cryptographic key information containing a cryptographic key and cryptographic process condition information containing the cryptographic key information, a cryptographic process information input unit which receives an input of the object information and cryptographic key search request information, a cryptographic key information acquisition unit which acquires the cryptographic key information from the storage unit based on the search request information, a cryptographic module evaluation description information acquisition unit which acquires evaluation description information of the cryptographic module corresponding to the cryptographic key information, a cryptographic process ID creation unit which attaches an identifier of the cryptographic process condition information to the object information based on the cryptographic key information and the cryptographic module corresponding to the evaluation description information, and an output which outputs the identifier and the result of the cryptographic process executed on the object information.05-28-2009
20090132805Systems and methods for secure transaction management and electronic rights protection - The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node. These techniques may be used to support an all-electronic information distribution, for example, utilizing the “electronic highway.”05-21-2009
20080229094METHOD OF TRANSMITTING CONTENTS BETWEEN DEVICES AND SYSTEM THEREOF - A method of transmitting content between devices and a system therefor are provided. The method of transmitting encrypted content in a state in which the encrypted content and license information is stored and in which an external device is connected, includes: transmitting the license information corresponding to the encrypted content to the external device; transmitting the encrypted content to the external device, when receiving a request for transmitting the encrypted content from the external device; and updating the license information. Accordingly, content can be rapidly and stably transmitted between the devices. Also, it is possible to improve the accuracy and the security in the procedure of updating the license information.09-18-2008
20120204024Deduplication of Encrypted Data - A mechanism is provided which allows to de-duplicate encrypted data such that the de-duplication ratio for encrypted data is similar to the de-duplication ration of the corresponding un-encrypted data and the purpose of encryption is not obfuscated, i.e. only the originator of the data (the client) can decrypt—and hence read—the data. This is achieved by interwoven the de-duplication algorithm with the encryption algorithm in a way that the data are encrypted with a key that is generated from the unencrypted data. Afterwards, that key is itself encrypted with an encryption key being private to a particular client. Due to the fact that the private key is not effecting the encrypted data stream, it can still be de-duplicated efficiently.08-09-2012
20110161655DATA ENCRYPTION PARAMETER DISPERSAL - A method begins with a processing module obtaining encoded key slices from a plurality of user devices and decoding a threshold number of the encoded key slices utilizing a first error coding dispersal storage function to produce a key when the threshold number of the encoded key slices has been obtained. The method continues with the processing module receiving encoded data slices and decoding a threshold number of encoded data slices utilizing a second error coding dispersal storage function to produce encrypted data when the threshold number of the encoded data slices has been received. The method continues with the processing module decrypting the encrypted data utilizing the key and an encryption function to produce data.06-30-2011
20110161654PEER-TO-PEER TELEPHONY RECORDING - System and method for recording communication sessions in a peer-to-peer communication networks. End-devices of the peer to peer communication network may register with a selected super-node that may fork media to a recording system for recording. Communication sessions arriving at a call center may be transferred between the external end-device and the target agent end-device via a recorder and the communication session media may be recorded. Alternatively, a conference call may be established between an external end-device, a target agent end-device of a call center and a recorder over a peer-to-peer communication network. After the conference call is established, the recorder may receive media transferred between the external end-device and the target agent end-device and record that media.06-30-2011
20110047370SYSTEMS AND METHODS FOR RE-COMMISSIONING A CONTROLLED DEVICE IN A HOME AREA NETWORK - Systems and methods for preparing and re-commissioning a controlled device in a home area network are described. A utility meter is communicated with. An authentication key and encryption data for communicating with the utility meter may be determined. The authentication key and encryption data are sent to a controlled device. A set of translation rules for a message are determined. The translation rules are sent to the controlled device. The controlled device establishes a secure communication link with the utility meter using the authentication key and the encryption data. The controlled device receives a request to change power usage from the utility meter over the secure communication link. The controlled device translates the request to change power usage into control instructions using the translation rules.02-24-2011
20110055549Method and System for Providing Trustworthiness of Communication - A method and system of providing trustworthiness of communication among a plurality of communication nodes is described. This comprises arranging each of said communication nodes to perform a trustworthiness judging operation on received data elements for judging a received packet to be trustworthy or not, grouping said plurality of communication nodes into a plurality of distinguishable clusters, each cluster comprising at least two of said communication nodes, implementing in each respective cluster an intro-cluster trust mechanism such that trustworthiness of data elements sent by any member node of said respective cluster is judgable within said respective cluster, arranging said clusters such that each of said clusters comprises one or more multi-cluster-member nodes that belong to at least two different of said clusters, and muting inter-cluster traffic through said multi-cluster-member nodes.03-03-2011
20110055548ONLINE DATA ENCRYPTION AND DECRYPTION - Systems and methods for providing encryption and decryption of data transmitted on a computer implemented network, preferably user authentication identifier data, such as a password, at the point of entry into the user's computer. The systems and methods enable an end user to mentally select a marker from one of the randomly arranged elements on a first portion of a graphical image. A second portion of the graphical image includes an arrangement of possible elements of any individual authentication identifier sequence, and is positioned adjacent to the first portion. The systems and methods prompt a user to enter each element of the identifier by moving the selected marker and the first portion as necessary to substantially align the selected marker with a chosen element of the authentication identifier appearing on the outer portion. According to one embodiment, the image portions are concentric wheels. According to another embodiment, the image portions are arranged in adjacent rows.03-03-2011
20110055547PERSONAL INFORMATION MANAGEMENT AND DELIVERY MECHANISM - Some general aspects relate to secured means for managing and delivering personal information, for example, in the context of electronic commerce. A request from a first entity to encrypt personal information includes a first specification of the personal information to be encrypted. An encrypted specification of the personal information is then generated according to an encoding strategy. The encrypted specification of the personal information is provided to the first entity for subsequent use by a personal information user. A second entity sends a request to decrypt the encrypting specification of the personal information. Upon determining that the second entity is an authorized personal information receiver, a decrypted specification of the personal information is formed according to a decoding strategy determined based on an analysis of the encrypted specification. This decrypted specification of the personal information is then provided to the second entity.03-03-2011
20110055546MOBILE DEVICE MANAGEMENT - A device management method, is disclosed in which available features on a slave mobile device are managed (monitored or controlled) by a slave manager module commanded by a master device through secure messages exchanged between the two devices using respective electronic messaging capabilities on the two devices. Selection of the features of the slave mobile device to be controlled or monitored is facilitated on the master device through a master manager module resident thereon. The features that are controlled or monitored may comprise any user-accessible feature incorporated or installed on the slave mobile device and user access to the feature may be prevented according to at least one criterion, such as: date of use, time of day of use, number of times of use, originator and recipient. User access to the feature may be prevented access to the user-accessible feature when usage limitations for the feature have been reached.03-03-2011
20110055545METHOD AND APPARATUS FOR ENCODING DECISION DIAGRAMS - An approach is provided for reducing decision diagram related communication traffic and cost by encoding decision diagrams. A hash identifier application constructs a reduced ordered binary decision diagram from a resource description framework graph, computes a hash identifier corresponding to the decision diagram, and stores the hash identifier with the decision diagram.03-03-2011
20120173866SYSTEM FOR SECURING VIRTUAL MACHINE DISKS ON A REMOTE SHARED STORAGE SUBSYSTEM - Embodiments of the present invention provide a method, data processing system and computer program product for secure distribution of virtualized storage. In an embodiment of the invention, a method for secure distribution of virtualized storage in a host in a cloud computing can include composing at least one virtual machine (VM) disk in a secure container and configured to deploy VM images into a cloud computing environment, encrypting the composed at least one VM disk, transmitting the encrypted VM disk to a hypervisor in the cloud computing environment receiving a request to activate a VM instance and generating a bootloader in the secure container, transmitting the bootloader to the hypervisor in the cloud computing environment and providing a key to the bootloader to unlock the at least one VM disk.07-05-2012
20080235507Encrypted Communication Method - A DNS Proxy unit (A09-25-2008
20110072258Modular Secure Data Transfer - A method and system that modularizes a message by separating the message definition data from the message data. The message definition data and message data are transmitted over a secure channel to a target computing device. The message definition data and message data are recombined to form the original message at the target computer using a process corresponding to the modularization process. A key is used to track the associated definitions and message data and determine the corresponding combination process. Separate transmission of the data definitions and message data provides an added level of security. If message data is intercepted and decrypted by a third party, then the data is not easily utilized, because the definition data is absent. Similarly, interception of the message definition is not useful without the message data.03-24-2011
20100293368Signaling System for Telecommunications - A pair of devices (11-18-2010
20110119480METHODS AND APPARATUSES FOR SELECTIVE DATA ENCRYPTION - A method of encryption, using an encryption key K with key length k, of at least one message M comprising uniformly distributed symbols, k bits are encrypted of messages at least k bits long, while shorter messages are lengthened, e.g. by padding or concatenation, to obtain a lengthened message at least k bits long before encryption. The encryption efficiency is thus optimized while the encryption security is retained. The encryption method is particularly suitable for JPEG2000 encoded packets comprising a message M. Also provided are an encryption apparatus, a decryption method and a decryption apparatus.05-19-2011
20110119481CONTAINERLESS DATA FOR TRUSTWORTHY COMPUTING AND DATA SERVICES - A digital escrow pattern and trustworthy platform is provided for data services including mathematical transformation techniques, such as searchable encryption techniques, for obscuring data stored at remote site or in a cloud service, distributing trust across multiple entities to avoid a single point of data compromise. Using the techniques of a trustworthy platform, data (and associated metadata) is decoupled from the containers that hold the data (e.g., file systems, databases, etc.) enabling the data to act as its own custodian through imposition of a shroud of mathematical complexity that is pierced with presented capabilities, such as keys granted by a cryptographic key generator of a trust platform. Sharing of, or access to, the data or a subset of that data is facilitated in a manner that preserves and extends trust without the need for particular containers for enforcement.05-19-2011
20110138170SYSTEM AND METHOD OF PER-PACKET KEYING - A method of per-packet keying for encrypting and decrypting data transferred between two or more parties, each party having knowledge of a shared key that allows a per-packet key to differ for each packet is provided. Avoiding the use of a static session key during encryption offers several advantages over existing encryption methods. For example, rejecting packets received with duplicate sequence numbers, or sequence numbers that are beyond a specified deviation range mitigates Replay Attacks.06-09-2011
20120311319CONTENT DATA DELIVERY SYSTEM, AND METHOD FOR DELIVERING AN ENCRYPTED CONTENT DATA - A handheld device is configured to be connectable to a storage media that holds a unique media identifier and holds a content key data used to decrypt an encrypted content data. A content data delivery system is provided that is configured to be able to deliver various data to the handheld device and to make a content data available to the handheld device. The system includes a member-registration information database that holds member-registration information including a data pair of a handheld-device identifier related to the relevant handheld device and the relevant media identifier. The media identifier held by the storage media is verified with the member-registration information database.12-06-2012
20120311318INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD AND PROGRAM - An information processing system includes: a client executing acquisition and reproduction of contents; a management server providing the client with content selection information applied for acquisition of contents; and a content providing server receiving the content selection information from the client and providing the content selected in accordance with the content selection information, wherein the content selection information includes content identifiers as identifiers of encrypted contents respectively encrypted by different encryption keys and range information indicating data areas of range data which is configuration data of respective encrypted contents, and the content providing server provides the client with an encrypted content formed by combining range data as partial data of the encrypted contents specified by the content identifiers and the range information.12-06-2012
20120311317Access-controlled customer data offloading to blind public utility-managed device - A method and system for access-controlled customer data offloading uses a blind public utility-managed device. A customer-managed device encrypts collected customer data using per-type, per-period keys and transmits the encrypted customer data to the utility-managed device. The customer-managed device further encrypts the per-type, per-period keys using a master key and transmits the encrypted per-type, per-period keys to the utility-managed device. When the current period ends (e.g., each day at midnight), the customer-managed device generates new per-type, per-period keys and continues the above customer data offloading using the new per-type, per-period keys. As a result, the customer offloads storage of customer data to the public utility without relinquishing control over access to the customer data. Moreover, the fact that the customer data are encrypted by data type and period allows the customer to access and expose the customer data in highly granular fashion.12-06-2012
20100332819DIGITAL CONTENT ACCESS CONTROL - Control of access to at least one digital content is managed as a function of at least one access criterion. The digital content is transmitted to at least one terminal in the form a data stream. The access criterion is stored in the terminal as a function of an identifier. The terminal receives the data stream in association with a control message indicating the identifier. It then retrieves the stored access criterion as a function of the identifier received in the control message. Finally, it verifies whether the stored access criterion is satisfied in order, where appropriate, to authorize access to the content.12-30-2010
20110145561 SYSTEM AND METHOD OF REDUCING ENCRYPTION OVERHEAD BY CONCATENATING MULTIPLE CONNECTION PACKETS ASSOCIATED WITH A SECURITY ASSOCIATION - A method and system for encryption is provided. The method includes detecting one or more security associations corresponding to data payloads in response to receipt of the data payloads from multiple source connections. Each data payload includes one or more data packets from each source connection. The method also includes concatenating the data payloads corresponding to each security association. Further, the method includes encrypting the concatenated data payloads for each security association. The system includes a determination module that detects one or more security associations corresponding to data payloads in response to receipt of the data payloads from multiple source connections and concatenates the data payloads corresponding to each security association. The system also includes an encryption module that encrypts the concatenated data payloads for each security association.06-16-2011
20110093695SECURE OFFLINE RELOCATION OF PORTABLE SOFTWARE LICENSES - A method for the secure offline relocation of portable software licenses. The portable software license has an associated time limit. A license relocation record can be generated including the portable software license and limit information for the time limit for relocation to a second computing device operating in an offline state. The license relocation record is temporarily securely stored on a removable security device attached to a first computing device that is connected to a licensing network. The removable security device can be disconnected from the first computing device and subsequently connected to the second computing device. Provided the time limit is not exceeded, the portable software license can then be installed upon the second computing device. Upon successful installation of the portable software licenses, the license relocation record can be removed from the removable security device.04-21-2011
20120151205POLYNOMIAL EVALUATION DELEGATION - Shares for one or more data values in a dataset can be computed using evaluation point values and sharing polynomials. Lagrangian coefficients can also be computed for the evaluation point values. The shares and the Lagrangian coefficients may be used to evaluate the polynomials on the data values. The technique can also include encrypting the Lagrangian coefficients according to an encryption scheme that provides for addition operations between encrypted values. An operation on representations of coefficients of the evaluation polynomial, representations of the shares, and the encrypted representations of the Lagrangian coefficients can be delegated to a remote computing environment. The operation can be performed at the remote computing environment, such as by performing a map-reduce operation. Results of the delegated operation can be received from the remote computing environment and processed to produce representation(s) of evaluation(s) of the polynomial on the data value(s).06-14-2012
20100082970Method and System for Ensuring Sequential Playback of Digital Media - Techniques for ensuring that media playback proceeds sequentially through media content of a digital media asset are disclosed. In one embodiment, distinct portions (e.g., segments) of a digital media asset can be separately encrypted such that on playback decoded data being output from at least one prior portion can be used to derive a cryptographic key that is used in decrypting a subsequent portion of the digital media asset.04-01-2010
20120210121SECURE END-TO-END TRANSPORT THROUGH INTERMEDIARY NODES - A communication network encrypts a first portion of a transaction associated with point-to-point communications using a point-to-point encryption key. A second portion of the transaction associated with end-to-end communications is encrypted using an end-to-end encryption key.08-16-2012
20090292913APPARATUS AND METHOD FOR COUNTER-BASED COMMUNICATIONS IN WIRELESS SENSOR NETWORKS AND OTHER NETWORKS - A method includes wirelessly receiving a message at a receiving node. The method also includes extracting a partial counter value from the message, where the partial counter value represents a subset of bits from a complete counter value of a transmitting node. The method further includes decrypting and authenticating the message based on the partial counter value. Decrypting and authenticating the message could include examining a bitmap to identify a bit value associated with the partial counter value, decrypting and authenticating the message if the identified bit value has a first value, and discarding the message if the identified bit value has a second value. Decrypting and authenticating the message could also include identifying at least one complete counter value at the receiving node based on the partial counter value and attempting to decrypt and authenticate the message using the at least one complete counter value.11-26-2009
20100138644SYSTEM AND METHOD FOR DYNAMIC DATA MINING AND DISTRIBUTION OF MARITIME DATA - A system for dynamically collecting and distributing maritime data includes a vessel configured to transmit at a predetermined time, or upon electronic inquiry, a signal representative of a current location of the vessel or an expected location of the vessel; a computer network including one or more databases, each of which includes one or more zone of concern data, wherein the zone of concern data corresponds to a zone of concern; and a service provider configured to receive the signal, retrieve the one or more zone of concern data from the computer network based upon the signal and transmit the one or more zone of concern data to the vessel. The zone of concern data, which may he continually changing, may be sent from the service provider to the vessel on a continuous basis with respect to the changing location and heading of the vessel.06-03-2010
20110154015Method For Segmenting A Data File, Storing The File In A Separate Location, And Recreating The File - A method includes transmitting file identifying information to a dispatch server; receiving from the dispatch server a storage location identifier and a distribution algorithm identifier; performing the distribution algorithm to generate a distribution map for segments of the file; and transmitting the file segments to storage locations in accordance with the distribution map. The distribution map indicates for each file segment a segment size and a storage destination for that segment. The storage location identifier may identify a server cluster; the dispatch server and the server cluster may be located at a third-party facility physically and/or logically remote from the client. A plurality of distribution algorithms may be provided, so that the distribution algorithm and the distribution map for one stored file are distinct from the distribution algorithm and the distribution map for another stored file.06-23-2011
20090300344Device and Method for Identifying a Certificate for Multiple Identifies of a User - A device and method associates a certificate with a first recipient identity. The method comprises receiving the first recipient identity of a user. The method comprises associating the first recipient identity of the user with a second recipient identity of the user. The second recipient identity is associated with a certificate so that subsequent transmissions of data to the first recipient identity encrypts the data according to specifications of the certificate.12-03-2009
20100031015IP Network Communication Method Having Security Function, And Communication System - An IP network communication system which applies encryption with a reduced processing delay caused by a CPU load which is increased by the application of IPsec etc., and with reduced degradation of data transmission efficiency in a network, is provided. The IP network communication system having a security function includes an encryption processing part to encrypt a predetermined area range of one packet to be transmitted, and not to encrypt a residual area of the one packet; and a transmission part to transmit the packet encrypted by the encryption processing part through a tunnel for encryption.02-04-2010
20100031014INFORMATION CONCEALING DEVICE, METHOD, AND PROGRAM - An information concealing device comprises a mask means for prompting the user to specify a secret area in an input image, a secret area specifying means for generating image data describing the image of the specified area in the input image and describing an area other than the specified area in a single color, an encoding means for converting the image data, which describes the image of the specified area in the input image and describes an area other than the specified area in a single color, to image data describing a code, and an embedding means for generating the image data of an image describing the specified area in the input image in a single color and embedding the code into the image.02-04-2010
20100023750System and Method for Controllably Concealing Data from Spying Application - A method for use in controllably concealing an input data that has been entered into a computer system via an input device, from being comprehended by a spying application during transportation of the input data across a communication link of the computer system, the method including the steps of: (i) encrypting the input data when the input data is being processed at a relatively low level within the computer system so as to form an encrypted input data; (ii) thereafter, transporting the encrypted input data across the communication link; (iii) thereafter, providing a device for decrypting the encrypted input data so as to obtain a decrypted input data; (iv) selectively providing access to the decrypted input data by at least one authorised software application operably connected to the computer system.01-28-2010
20100023751System and method for preventing web crawler access - Preventing web crawler access includes receiving a request for a webpage that includes web content that should be protected from a web crawler, encrypting the web content to be protected to generate encrypted content and responding to the request, including sending the encrypted content and a decryption instruction. The decryption instruction is configured to allow a web browser to decrypt the encrypted content.01-28-2010
20100023749Harvesting Entropy from Trusted Cryptographic Sources - Extending entropy in a random number generation utility. Where a device has access to trusted sources of encrypted data, such as encrypted network traffic, such encrypted network traffic may be sampled and the bits fed into the entropy seeding routines of the random number generation utility.01-28-2010
20100023748SELF CHECKING ENCRYPTION AND DECRYPTION BASED ON STATISTICAL SAMPLING - The present invention is related to the checking of encryption. Embodiments of the present invention are based on the discovery that sufficiently high reliability may be established without checking every encryption block. Instead, embodiments of the present invention provide that data being encrypted may be sampled at certain rate (which may be constant or varying) and only the sampled data may be checked. In general, embodiments of the present inventions are applicable to a fast encryption circuit that may encrypt an entire stream of incoming data into a stream of encrypted data and one or more slower (or slow) encryption circuit and/or one or more slow decryption circuit that operate(s) only on selected samples of the incoming or encrypted data in order to check the encryption of the fast circuit. Thus, encryption can be verified without incurring the costs of exhaustively checking all encrypted data.01-28-2010
20100023747Critical Security Parameter Generation and Exchange System and Method for Smart-Card Memory Modules - A storage device contains a smart-card device and a memory device, which is connected to a controller. The storage device may be used in the same manner as a conventional smart-card device, or it may be used to store a relatively large amount of data. The memory device may also be used to store data or instructions for use by the smart-card device. The controller includes a security engine that uses critical security parameters stored in, and received from, the smart-card device. The critical security parameters may be sent to the controller in a manner that protects them from being discovered. The critical security parameters may be encryption and/or decryption keys that may encrypt data written to the memory device and/or decrypt data read from the memory device, respectively. Data and instructions used by the smart-card device may therefore stored in the memory device in encrypted form.01-28-2010
20100023746INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING APPARATUS, AND INFORMATION PROCESSING METHOD - This invention prevents confidential information included in information contents from leaking from an external apparatus when the external apparatus executes a layout process and print process of the information contents. An information processing system of this invention includes an information contents converter (01-28-2010
20100017594TRANSMITTING METHOD AND TRANSMITTING DEVICE, RECEIVING METHOD AND RECEIVING DEVICE, AND TRANSFER METHOD AND TRANSFER SYSTEM - Data broadcast data, which is broadcast in data broadcasts, is constructed by disposing, for example, EMD (Electric Music Distribution) links required to acquire song data as actual broadcast data, which is broadcast in actual broadcasts by a transmitting device, the actual broadcast data is transmitted, and the data broadcast data wherein the EMD links for the song data in the actual broadcasts are disposed, is transmitted periodically during the transmission of the actual broadcast data. The actual broadcast data and the data broadcast data are received by a user terminal, and the EMD links disposed in the data broadcast data are stored whenever there is an input of an operation to attach a “bookmark”. Thus, audio data such as songs in programs broadcast can easily be acquired by radio.01-21-2010
20110219226Method of Triggering Location Based Events in a User Equipment - Methods, a user equipment, a server host, a client application, computer program products, and a server computer program. These methods and components can be utilized by a location based service. One method regards triggering of events in the user equipment based on a position of the user equipment, comprising the steps of:—looking up, in a server database at least one network cell-identity associated with a predefined geographical area,—sending the network cell-identity to the user equipment,—storing the network cell-identity in a database in the user equipment,—obtaining a current network cell-identity to which the user equipment currently is connected,—comparing in the user equipment the current network cell-identity with network cell-identities stored in the database, and—retrieving content associated with the current network cell-identity if the current network cell identity is among the network cell-identities in the database.09-08-2011
20080276083Method for Transmitting a Message Containing a Description of an Action to be Executed in a Receiver Equipment - The invention relates to a method for transmitting a message to a reception equipment by an operator, the message containing a description of an action to be executed in the said equipment at a time chosen by the operator.11-06-2008
20110307691METHOD OF TRACING AND OF RESURGENCE OF PSEUDONYMIZED STREAMS ON COMMUNICATION NETWORKS, AND METHOD OF SENDING INFORMATIVE STREAMS ABLE TO SECURE THE DATA TRAFFIC AND ITS ADDRESSEES - A network includes communication media transmitting streams to addressees, and a method includes: step of allocation of a cryptonymic identity to communication media by a first instance, the streams transmitted by a medium bearing a mark, as a function of its cryptonym, the cryptonymic identity of a medium being distinct from its real identity; step of reading and of analyzing the streams by a second instance, the analysis including a phase of identifying streams to their communication media by searching for similarity between the mark of the streams and the cryptonymic identity of the media, with the aid of a table listing the cryptonyms, and a phase of logging observable characteristics of the streams through the network. A behavior defined by a set of characteristics is declared typical or atypical by comparison with a given set of criteria, the table of cryptonymic identities having no link with the real identities. The invention is applied notably for combating illegal downloads, the sending of material that is unsolicited or likely to cover up identifiable malicious intentions.12-15-2011
20090172389SECURE CLIENT/SERVER TRANSACTIONS - In some embodiments a controller establishes a secured connection between a remote computer and a user input device and/or a user output device of a computer. Information is securely transmitted in both directions between the remote computer and the user input device and/or user output device in a manner such that a user of the user input device and/or the user output device securely interacts with the remote computer in a manner that cannot be maliciously interfered with by software running on the computer. Other embodiments are described and claimed.07-02-2009
20110093694Pattern Recognition Using Transition Table Templates - Methods, systems, and apparatus, including computer programs encoded on computer storage media, for using transition table templates. In one aspect, a method includes receiving a transition table for a current state of a finite automaton and determining whether the transition table for the current state is similar to a transition table template in a set of transition table templates. The method further includes generating a condensed representation of the transition table if the transition table is similar to a transition table template and otherwise adding the transition table to the set of transition table templates. In another aspect, a method includes receiving an input element and determining whether a next state corresponding to the input element is in the difference region of a condensed transition table. The method further includes retrieving the next state from the difference region, or a transition table template, based on the determination.04-21-2011
20110320804DATA ACCESS MANAGEMENT IN A HYBRID MEMORY SERVER - A method, accelerator system, and computer program access data in an out-of-core processing environment. A data access configuration is received from a server system managing a plurality of data sets. A determination is made that data sets retrieved from the server system are to be stored locally based on the data access configuration. A request to interact with a given data set is received from a user client. At least a portion of the given data set is retrieved from the server system. The at least a portion of the given data set is stored locally a memory based on the data access configuration that has been received.12-29-2011
20120210120SELF-ENCRYPTION PROCESS - This invention is a network that is defined by its novel approach to privacy, security and freedom for its users. Privacy by allowing access anonymously, security by encrypting and obfuscating resources and freedom by allowing users to anonymously and irrefutably be seen as genuine individuals on the network and to communicate with other users with total security and to securely access resources that are both their own and those that are shared by others with them. The functional mechanisms that this invention provides will restore open communications and worry-free access in a manner that is very difficult to infect with viruses or cripple through denial of service attacks and spam messaging, plus, it will provide a foundation where vendor lock-in need not be an issue.08-16-2012
20120047360INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD, AND PROGRAM - An information processing device including: a data processing unit that generates content for transmitting to a client; and a communication unit that transmits the generated content of the data processing unit, wherein the data processing unit generates, based on basic encrypted content having a plurality of units that each includes a SEED that is data for encryption key generation and a block that is encrypted data that is encrypted by an encryption key generated using the SEED, each data of (a) converted encrypted content on which conversion processing to replace the SEED with dummy data or to delete the SEED is performed, and (b) encrypted SEED that is the SEED encrypted by content transmission processing or by individual keys that are different by units of users at a transmission destination, and transmits the generated converted encrypted content and encrypted SEED as data provided to the client via the communication unit.02-23-2012
20120005475Terminal Device, Computer Program Product, and Communication Control Method - A terminal device capable of communication with a plurality of other terminal devices via a network includes a decryption information acquisition portion that acquires decryption information including a decryption level, an encryption information acquisition portion that acquires encryption information including an encryption level in a case where a pointer position is located within a confidential area, a first transmission portion that transmits the encryption information to the plurality of other terminal devices in a case where the decryption level is equal to or higher than the encryption level, an encryption portion that, based on the encryption level, encrypts audio data and video data that have been input in a case where the pointer position is located within the confidential area, and a second transmission portion that transmits, as encrypted data, the audio data and the video data that have been encrypted to the plurality of other terminal devices.01-05-2012
20120005474INFORMATION SYSTEM AND METHOD OF IDENTIFYING A USER BY AN APPLICATION SERVER - The present invention relates to an information system and a method for the identification, by an application server (01-05-2012
20110167254SYSTEM AND METHOD FOR ENSURING CONFORMANCE OF ONLINE MEDIA DISTRIBUTION TO COPYRIGHT RULES - A system and a method are described for presenting media content for users to view over the internet. Rights pertaining to said media to be viewed are uploaded to servers by users holding such rights to rent or resell such media content. Servers restrict the viewing of the content in accordance with the limitations of the uploaded rights such that copyright rules are respected at all times.07-07-2011
20120023323Instant Messaging Private Tags - Systems for instant messaging private tags preferably comprise a parser for parsing an instant message for sensitive data and an encryption engine for encrypting the sensitive data. A modified uuencoder is also preferably included for converting the encrypted sensitive data into a data stream that complies with an XML format. Other systems and methods are also provided.01-26-2012
20120159148LOCAL TRUSTED SERVICES MANAGER FOR A CONTACTLESS SMART CARD - Systems, methods, computer programs, and devices are disclosed herein for deploying a local trusted service manager within a secure element of a contactless smart card device. The secure element is a component of a contactless smart card incorporated into a contactless smart card device. An asymmetric cryptography algorithm is used to generate public-private key pairs. The private keys are stored in the secure element and are accessible by a trusted service manager (TSM) software application or a control software application in the secure element. A non-TSM computer with access to the public key encrypts and then transmits encrypted application data or software applications to the secure element, where the TSM software application decrypts and installs the software application to the secure element for transaction purposes.06-21-2012
20120159147SECRET KEY GENERATION - The technology includes a method for generating a secret key. The method includes receiving initialization data, the initialization data includes an initialization packet and a transmission path channel response; generating sample data based on the transmission path channel response; and generating a secret key based on the sample data utilizing a chaotic map.06-21-2012
20120159146System and Method for Transcoding Content - A system is provided for use with secure content in a first format. The system includes a conditional access device, a transcoding device and a media processor. The conditional access device is arranged to receive the secure content and can generate second secure content based on the secure content. The conditional access device is can further provide the second secure content to the transcoding device. The transcoding device can transcode the second secure content into transcoded content of a second format, can secure the transcoded content as secure transcoded content and can provide the secure transcoded content to the media processor.06-21-2012
20120210119Method and Apparatus for Secure Internet Browsing - A method and apparatus for providing users with permission-based secure Internet browsing of sponsored and unsponsored content by connecting a portable storage/secure connection device to a host computer, activating firmware in the device causing the host computer to recognize the device as peripheral hardware, and assuming control of the host computer's Internet browser registry key to re-direct Internet click stream data onto the device or a data server instead of the host computer. Information is encrypted and transmitted via a secure protocol to a proxy server then redirected to a web server that authenticates the device via software on the device, an application server facilitating user authentication via security questions, requests and captures specific information from the user to create a profile, initiates corresponding scripts, applications, encryption and stores user-defined personal information for secure and user-authorized user data transmission and Internet browsing activities based on user-defined consent and access criteria.08-16-2012
20110072259VIRTUAL PAD - A system and method for communicating information over an insecure communications network include one or more computing devices that may access a first server via the communication network. In operation the first server displays an authentication Web page having a virtual pad with a plurality of characters that may be selected directly from a display of the computing device.03-24-2011
20120233453Reducing Processing Load in Proxies for Secure Communications - In one embodiment, a method for providing secure communications using a proxy is provided. The proxy negotiates with a client and a server to determine a session key to use with communications between the client and the proxy and between the proxy and the server. Encrypted data may then be received from the client at the proxy. The proxy can decrypt the encrypted data for processing using the session key. In one embodiment, the decrypted data is not altered. The proxy then sends the encrypted data that was received from the client to the server without re-encrypting the data that was decrypted. Because the proxy did not alter the data in its processing of the decrypted data and the same session key is used between communications for the proxy and the server, the encrypted data stream that was received from the client can be forwarded to the server.09-13-2012
20110107082Storing and Forwarding Media Data - A method apparatus for storing and forwarding media data in a communication network. An intermediate node disposed between a media data source node and a client node receives encrypted media data packets from the media data source node. The intermediate node stores the received media data packets in a memory for later sending to the client node, and adjusts fields in the original header of each stored media data packet to create modified media data packets having a modified header, and sends adjustment information to the client node. The adjustment information allows the client node to recreate the original headers from the modified headesr, before decrypting the encrypted media packets with keying materials already sent between the media data source node and the client node. The modified media data packets are then sent to the client node for decryption. This allows the intermediate node to “store and forward” SRTP data without being able to access the encrypted data content.05-05-2011
20110107081METHOD AND APPARATUS FOR PROCESSING OF BROADCAST DATA - A plurality of conditional access (CA) clients are needed to receive services from a plurality of service, where the CA clients respectively correspond to the service providers. Thus, the CA clients should be installed into a broadcast receiver, and in this case, a method of managing the CA clients is needed. Provided are a method and apparatus for processing broadcast data by using a security client. The method includes determining a first security client based on a security client list, where the first security client is used to decrypt encrypted broadcast data and the security client list comprises information regarding each of security clients available which provide information necessary to decrypt the encrypted broadcast data; and decrypting the encrypted broadcast data by using the first security client. Accordingly, it is possible to allow a user to receive various services.05-05-2011
20110107080Data broadcasting system, server and program storage medium - A data broadcasting system includes a user device and a data broadcasting server. The device includes: a transmission requesting section transmitting the own model information and a request to transmit a content; and a content reproduction section reproducing the requested encoded content by decoding the content using key information for decoding the content. The server includes: a qualification storage section storing correspondence information where model information and reproduction qualification information are associated with each other; a reproduction qualification determination section referring to the correspondence information upon receiving the model information and the request from the user device, obtaining the reproduction qualification information corresponding to the model information, and determining whether the user device is qualified to reproduce the content; and a content transmission section transmitting, to the user device, the content and the key information when the user device is determined as being qualified by the reproduction qualification determination section.05-05-2011
20110107083CONTENT TRANSMISSION DEVICE AND CONTENT TRANSMISSION METHOD - Provided is a content transmission device 05-05-2011
20110107079TARGET DEVICE, METHOD AND SYSTEM FOR MANAGING DEVICE, AND EXTERNAL DEVICE - A device management system is configured with a target device including at least one unit that includes a tamper-resistant chip, a management apparatus that manages or uses the target device, and an authentication apparatus including a database for authentication, connected via a network in a communicable manner. In the target device, each unit is equipped with the tamper-resistant chip that collects device information specific to a unit, stores collected device information, and stores a confidential-key.05-05-2011
20110107078ENCODED DATA SLICE CACHING IN A DISTRIBUTED STORAGE NETWORK - A distributed storage processing unit encodes data objects into multiple encoded data slices to prevent reconstruction of the original data object using a single encoded data slice, but to allow reconstruction using at least a threshold number of encoded data slices. The distributed storage processing unit can decide to whether and where to cache frequently requested data slices. When retrieving data slices related to a particular data object, a check can be made to determine if the data slices are cached in a temporary memory associated with the distributed storage processing unit, or elsewhere in the distributed storage network. This check can be facilitated by storing data slices and a hash table identifying the location of stored data slices in the same temporary memory.05-05-2011
20100095108DATA TRANSFER DEVICE AND DATA TRANSFER METHOD - A data transfer device and method include obtaining a compression ratio and a compression speed of data for each of a plurality of compression levels, obtaining a compression ratio of data for each of the compression levels, adding a predicted time required for the compression and a predicted time required for the transfer of the data for each of the compression levels to determine a compression level for which the added predicted time is shortest, compressing the data to be transferred at the determined compression level and transferring the compressed to a transfer destination.04-15-2010
20100095107METHOD AND APPARATUS FOR DEVICE DETECTION AND MULTI-MODE SECURITY IN A CONTROL NETWORK - A method and apparatus for device discovery and multi-mode security in a wired and/or wireless control network are described. A controlled device is configured with discovery-level instructions and application-level control instructions. The controlled device includes a user-configurable parameter for selecting between multiple security modes. In one or more security modes, the controlled device may ignore application-level messages until encrypted communications are established with a controller. In one mode, the encrypted communication is established with an encryption key exchange using a predetermined security key. In another mode, a specific key is manually entered into the controller by the user/administrator to facilitate the encryption key exchange. Additionally, for control applications where security is not important, an unencrypted security mode may be implemented. A driver ID provided by the controlled device facilitates loading of a preferred device driver by the controller.04-15-2010
20110099365METHODS AND APPARATUS FOR MULTI-LEVEL DYNAMIC SECURITY SYSTEM - Methods and apparatus for converting original data into a plurality of sub-bands using wavelet decomposition; encrypting at least one of the sub-bands using a key to produce encrypted sub-band data; and transmitting the encrypted sub-band data to a recipient separately from the other sub-bands.04-28-2011
20110099364Method for accessing services by a user unit - The invention concerns a method for accessing services by a user unit, said services being a subset of all services broadcast by a management center and comprising at least two services, said subset of services defining a package, each service being simultaneously broadcast and containing audio/video data, the data of a service being encrypted by at least one control word, the method comprising the steps of: 04-28-2011
20110099363SECURE END-TO-END TRANSPORT THROUGH INTERMEDIARY NODES - A communication network encrypts a first portion of a transaction associated with point-to-point communications using a point-to-point encryption key. A second portion of the transaction associated with end-to-end communications is encrypted using an end-to-end encryption key.04-28-2011
20120124366SYSTEM AND METHOD FOR A DERIVATION FUNCTION FOR KEY PER PAGE - Disclosed herein are systems, methods and computer-readable media to perform data encryption and decryption using a derivation function to obtain a key per page of data in a white-box environment. The method includes sharing a master key with the sender and receiver, splitting the input data into blocks and sub-blocks, and utilizing a set of keys and a master key to derive a page key. In another aspect of this disclosure, the key validation and shuffling operations are included. This method allows for the derivation of a key instead of storing a predetermined key, thus maintaining system security in a white-box environment.05-17-2012
20120124365ACCESSING A SECURE TERMINAL - A method of accessing content on a secure terminal is described. The method comprises: capturing an image of a visual code presented on a display of a secure terminal. The method then involves decoding the visual code to ascertain (i) a set of connection parameters and (ii) a unique identifier. The set of connection parameters are used to establish a connection with the secure terminal. The method also comprises receiving the content from the secure terminal via the established connection in response to transmission of the unique identifier.05-17-2012
20090132804SECURED LIVE SOFTWARE MIGRATION - A novel approach is introduced for secured live migration of a software component currently running on one hosting device to another hosting device. One or more pages of the software component are encrypted before migration of the software component, and are later decrypted after the migration is complete. The software component is kept operational during the encryption, migration, and decryption of the software component. The one or more pages to be encrypted and decrypted can be selected based on data sensitivity and/or other criteria.05-21-2009
20090132803Secure Delivery System - Aspects of the present invention provide systems and methods relating to storing and forwarding electronic files securely throughout the lifecycle of the file. One aspect of the invention relates to providing encrypted copies of electronic files that can only be unencrypted by the intended recipient.05-21-2009
20090132802Encryption Data Integrity Check With Dual Parallel Encryption Engines - An encryption method encrypts a clear text twice using a first encryption engine to produce a first cipher text and a second encryption engine to produce a second cipher text. The method compares the first cipher text with the second cipher text, or compares a checksum of the first cipher text with a checksum of the second cipher text. If the comparison succeeds, the method transmits the data. In some embodiments, the method uses a first instance of an encryption key to produce the first cipher text and a second instance of the encryption key to produce the second cipher text.05-21-2009
20120221845SYSTEMS AND METHODS FOR MIGRATING DATA AMONG CLOUD-BASED STORAGE NETWORKS VIA A DATA DISTRIBUTION SERVICE - Embodiments relate to systems and methods for migrating data between cloud networks via a data distribution service. In aspects, an administrator of a data payload may wish to migrate the data payload from a host cloud network to a target cloud provider to leverage cost, security, redundancy, consolidation, or other advantages. The data distribution service can identify target cloud providers with sets of resources that are capable of hosting the data payload. Further, the data distribution service can determine that the target cloud providers are connected to or capable of being connected to the data distribution service via a set of dedicated communication channels. According to aspects, the data distribution service can receive the data payload from the host cloud network, and transport the data payload to a selected target cloud provider via the set of dedicated communication channels.08-30-2012
20120317409Mobile Printing - A method of printing comprising, at an imaging device, receiving a print-by-reference print request and an encryption key from a mobile device, transmitting the print-by-reference print request and the encryption key to a print service, receiving encrypted print content from the print service, receiving a decryption key from the mobile device, decrypting the encrypted print content, creating decrypted print content, and printing the decrypted print content. A method of printing content requested from a mobile device, comprising receiving a print request and encrypted print content, receiving a decryption key from the mobile device, decrypting the encrypted print content, and printing the decrypted print content.12-13-2012
20120131326SECURING PARTNER-ENABLED WEB SERVICE - The claimed subject matter provides a method for securing a partner-enabled web service. The method includes receiving a request to access the partner-enabled web service. The request is received from a browser client for a partner application. The browser client is associated with a user. Additionally, the method includes determining that the user is authorized to access the partner application. The method further includes generating a token that associates the user with the partner application. Also, the method includes sending the token to the browser client.05-24-2012
20120166792EFFICIENT NEMO SECURITY WITH IBE - An apparatus, method and system are provided to use identity based encryption (IBE) in Mobile IP and/or Network Mobility (NEMO) compliant communication networks to secure communications between various entities of the communication networks, as selected entities and their associated apparatus/system roam among the communication networks. Other embodiments may be disclosed or claimed.06-28-2012
20120131328SYSTEM AND METHOD FOR SECURE COMMERCIAL MULTIMEDIA RENTAL AND DISTRIBUTION OVER SECURE CONNECTIONS - A method for securing intellectual property includes establishing contact between an IP server and a client. At least two component codes are shared and pre-stored in both the player and the server prior to ordering the intellectual property. The IP server accepts an order for an intellectual property product from the client. The IP server creates a shared private key based on the pre-stored shared component codes and an additional shared component code at the time the intellectual property product is ordered. The shared private key is not distributed to the player software. The IP server encrypts the intellectual property product with the created shared private key prior to distribution to the client. The intellectual property product further comprises content data and rights data in digital form. The IP server electronically distributes the intellectual property product to the client in encrypted form without the shared private key.05-24-2012
20120166794Dual Cryptographic Keying - A dual cryptographic keying system. In particular implementations, a method includes responsive to an initial session key negotiation, storing security association information for a tunnel in a security association memory; responsive to a session key renegotiation, storing security association information for the tunnel in a cache; decrypting received packets associated with the tunnel conditionally using the security association information in the cache or the security association information in the security association memory; and upon an expiration condition, overwriting the security association information, for the tunnel, in the security association memory with the security association information, for the tunnel, copied from the cache.06-28-2012
20120166791SYSTEM AND METHOD FOR MUTUALLY AUTHENTICATED CRYPTOGRAPHIC KEY EXCHANGE USING MATRICES - Two parties can establish a cryptographic key using a matrix based key exchange protocol, for secure communications without any prior distribution of secret keys or other secret data, and without revealing said key to any third party who may have access to all of the transmissions between them. The two parties use a shared secret to produce a common matrix M. The common matrix M, is multiplied by a random matrix K on the sending side, and a different random matrix N on the receiving side. The matrix product KM is sent from the sending side to the receiving side, and the matrix product MN is sent from the receiving side to the sending side. Both sides produce the common matrix product KMN, and use it for producing a symmetric key for encrypted communications, after mutually authenticating one another over an insecure network.06-28-2012
20120137124MULTI-VERSION MESSAGE CONDITION BASED DELIVERY - A method for condition-based message delivery may be provided. The method may comprise receiving a first message, a second message and a condition on a sending message server at a first time instance. The method may also comprise encrypting the first message with a first encryption key and encrypting the second message with a second encryption key, as well as sending the first and the second message to a recipient message system. Moreover, the method may comprise receiving a request from the recipient message system at a second time instance for sending one of the decryption keys corresponding to either the first or the second encryption key, and sending the first decryption key or the second decryption key depending on the condition to the recipient message system.05-31-2012
20120137123ENCRYPTION/DECRYPTION COMMUNICATION SYSTEM - The present disclosure relates to an encryption/decryption device and method and a communication system including the encryption/decryption device. The device includes a receiving part; an address analyzing part; a judging part; an encrypting/decrypting part and a sending part. The judging part is adapted to judge whether an encryption/decryption process needs to be performed in accordance with the source address and/or the destination address of the data package. Thus, a safe network transmission of the user data is achieved without the need of installing and configuring software and the user is easy to realize the security of data transmission.05-31-2012
20120137122Data File Decryption Method, Decryption Device and Data Broadcasting System - A data file decryption method, a decryption device and a data broadcasting system are disclosed, which are applied to a data broadcasting service. Among them, the data file decryption method includes the steps of: receiving the file delivery information which includes a data file identification and a key file identification corresponding to the data file; receiving the corresponding data file and key file according to the data file identification and the key file identification; and decrypting the data file according to the key file. According to the data file decryption method, decryption device and the data broadcasting system of the present invention, by setting the data file identification and the corresponding key file identification in the file delivery information and receiving the corresponding file according to the data file identification and the key file identification, the resource dissipation due to a large quantity of useless information received at a terminal is avoided, and the file to be received can be quickly located by the terminal, so that the time delay due to the decryption of a data file is avoided, and the service experience for users is improved.05-31-2012
20120137121METHOD AND DEVICE FOR STORING SECURED SENT MESSAGE DATA - Methods and devices for storing sent message data are described. The sent message data corresponds to a message sent to a destination by a communication device via a server. The method includes compiling a first portion of the message which has a plurality of components; applying security encoding to the first portion; and storing the first portion. The first portion includes at least one but not all of the plurality of components in the message, and pointers to the components not included in the first portion.05-31-2012
20110185168Method and Apparatus for File Sharing Between a Group of User Devices with Separately Sent Crucial Portions and Non-Crucial Portions - A communication system and method for operating the same includes a group of user devices and a content delivery network in communication with the group of user devices. The content delivery network selects a plurality user devices from the group of user devices, divides the content into a crucial portion and a non-crucial portions, and encrypts the crucial portions differently for each of the user devices in the group using conditional access encryption. The content delivery network communicates the non-crucial portions to the plurality of user devices, communicates the encrypted crucial portion to the plurality of user devices separately from the non-crucial. The plurality of user devices assembles the crucial portion and the non-crucial portions to form the content.07-28-2011
20100174897ENCRYPTION METHOD FOR HIGHEST SECURITY APPLICATIONS - A method for encrypting a message M of I07-08-2010
20120173868Communication Across Domains - Communication across domains is described. In at least one implementation, a determination is made that an amount of data to be communicated via an Iframe exceeds a threshold amount. The data is divided into a plurality of portions that do not exceed the threshold amount. A plurality of messages is formed to communicate the divided data across domains.07-05-2012
20120216032MULTIPLE-STAGE SYSTEM AND METHOD FOR PROCESSING ENCODED MESSAGES - System and methods for processing encoded messages at a message receiver are described. Encoded message processing is performed in multiple stages. In a first stage, a new received message is at least partially decoded by performing any decoding operations that require no user input and a resulting context object is stored in memory, before a user is notified that the new message has been received. When the user accesses the new message, any further required decoding operations are performed on the stored context object in a second stage of processing. The message can subsequently be displayed or otherwise processed relatively quickly, without repeating the first stage decoding operations. Decoding operations may include signature verification, decryption, other types of decoding, or some combination thereof.08-23-2012
20100299517Network System with a Plurality of Networked Devices with Various Connection Protocols - Methods and devices for retrieving data from a variety of devices, such as biomedical devices, are disclosed. In an embodiment, a communications path is established between a device manager and a device configured to collect data from a patient. A device type associated with the device is detected. Based on the device type, connections settings required to exchange data between the device manager and the device are requested from a first server. A patient identifier is also obtained. The patient identifier is sent to a second server, which may be the same as the first server. Verification of the patient identifier is received at the device manager from the second server. Data is then received at the device manager from the device. Upon receipt, the data is either stored in a storage or the data is sent via an encrypted communication channel to a server for data format conversion.11-25-2010
20100049964Method and Apparatus for Integrating Precise Time Protocol and Media Access Control Security in Network Elements - A system includes a medium access control (MAC) module and a precise time protocol (PTP) module. The MAC module is configured to generate an identifier for a PTP frame, generate an encrypted PTP frame by encrypting the PTP frame, and output the identifier. The PTP module is configured to receive the identifier, identify the encrypted PTP frame based on the identifier in response to the encrypted PTP frame being output from the MAC module, and time stamp the encrypted PTP frame prior to the encrypted PTP frame being transmitted.02-25-2010
20100275007Secure Transmission System and Method - A method is provided for transmitting information from a user to a first network entity over a communications network. The user enters information into a browser executed at a user terminal. The browser generates a first message comprising the information using a first communication protocol for despatch over the network via a network port, the first message including an identifier of the first network entity. A client executed at the user terminal receives the first message before the first message reaches the network port. The first message is wrapped in a second message of a second communication protocol used for transmitting messages between the client and a second network entity. The second message is transmitted to the second network entity over the communications network. The first message is unwrapped from the second message at the second network entity, the identifier of the first network entity translated to a network address of the first network entity and the first message is transmitted to the first network entity over the communications network.10-28-2010
20100275005Secure Data Storage System And Method - A system and method for the secure storage of data in a network. Data stored on a primary server connected to the network is initially encrypted. The IP address of the primary server is sent to a second server, via the network, and a communication is received from the second server indicating pending instructions. If the instructions indicate that theft of the primary server has occurred, then the data stored on the primary server is re-encrypted and the IP address of the primary server is sent to the second server. if attempted unauthorized access of the primary server is determined, and a predetermined number of consecutive unauthorized attempts to access the primary server are made, then the data stored on the primary server is erased.10-28-2010
20120233454DATA SECURITY FOR DIGITAL DATA STORAGE - A computing system includes data encryption in the data path between a data source and data storage devices. The data storage devices may be local or they may be network resident. The data encryption may utilize a key which is derived at least in part from an identification code stored in a non-volatile memory. The key may also be derived at least in part from user input to the computer. In a LAN embodiment, public encryption keys may be automatically transferred to a network server for file encryption prior to file transfer to a client system.09-13-2012
20100011205SECURE DATA EXCHANGE TECHNIQUE - Techniques utilizing common encryption approaches for data from multiple parties enable those parties to discover information that is held in common by the parties without disclosing to any party information that is not held in common by the parties. Encrypted information for each party can be compared to determine which encrypted values match, and those encrypted values can be returned to any of the parties such that a party can determine which corresponding data the parties have in common, without having access to any other data of any other parties.01-14-2010
20110107077OBSCURING FORM DATA THROUGH OBFUSCATION - Obscuring form data to be passed in forms that are sent in messages over a communications network. The form data to be obscured is removed from a form and inserted as a portion of a Uniform Resource Location (“URL”) string. The obscured form data may comprise hidden fields and/or links. An obfuscation is then applied to the portion of the URL string, thereby obscuring the information for sending on an outbound message. The original information is recovered from an inbound message which contains the obscured information by reversing the processing used for the obscuring. In one aspect, the obfuscation comprises encryption. In another aspect, the obfuscation comprises creating a tiny URL that replaces the portion of the URL string.05-05-2011
20120254606Privacy-Preserving Probabilistic Inference Based on Hidden Markov Models - A most likely sequence of states corresponding to an observation sequence stored at a client is determined securely with respect to a HMM stored at a server. An encryption of a log-probability of the current element of the observation sequence is determined for each state of the HMM. A product of an encryption of the log-probability of the state for the current element, an encryption of a transition probability to the state, and the encryption of a log-probability of the current element of the observation sequence is determined iteratively, for each state of the HMM, to produce an encrypted matrix of indexes of the states; and the encrypted matrix is transmitted to the client.10-04-2012
20120254605Privacy-Preserving Probabilistic Inference Based on Hidden Markov Models - Parameters of a hidden Markov model (HMM) are determined by a server based on an observation sequence stored at a client, wherein the client has a decryption key and an encryption key of an additively homomorphic cryptosystem, and the server has only the encryption key. The server initializes parameters of the HMM and updates the parameters iteratively until a difference between a probability of the observation sequence of a current iteration and a probability of the observation sequence of a previous iteration is above a threshold, wherein, for each iteration, the parameters are updated based on an encrypted conditional joint probability of each pair of states given the observation sequence and the parameters of the HMM, wherein the encrypted conditional probability is determining in an encrypted domain using a secure multiparty computation (SMC) between the server and the client.10-04-2012
20090327694Methods and apparatus for providing integrity protection for management and control traffic of wireless communication networks - Embodiments of the present invention provide a method comprising transmitting, by a communication node, an information element (IE), the IE including a feature field indicating whether the communication node operates in accordance with an integrity protection protocol specifically for management frames, and the IE further including an enforcement field that advertises whether the integrity protection protocol for management and control frames is mandatory, and generating, by the communication node, a pairwise transient key (PTK), the PTK including a first plurality of keys and a pairwise integrity key (PIK), wherein the first plurality of keys are configured to protect an integrity of data frames transmitted by the communication node and the PIK is configured to protect an integrity of management frames transmitted by the communication node, wherein management frames are dedicated to management traffic and wherein the first plurality of keys and the PIK are different keys. Other embodiments may be described and claimed.12-31-2009
20090327692METHOD AND DEVICE FOR DISTRIBUTING SECURE DIGITAL AUDIOVISUAL CONTENTS BY INTEROPERABLE SOLUTIONS - A method for distributing a nominal audiovisual stream to a recipient device including modifying, in the nominal audiovisual stream, at least one nominal coefficient among the nominal coefficients to generate a modified main stream; generating complementary information such that the nominal audio-visual stream may be implemented based from the complementary information and on the modified main stream, applying a plurality of methods for protecting the complementary information to generate multiple protected complementary information, each of the protected complementary information enabling the nominal stream of the main stream to be implemented upon application of an access method compatible with the protection method which has been used to protect it; and transmitting to the recipient device the modified main stream and the multiple protected complementary information.12-31-2009
20120084555ENFORCING USE OF CHIPSET KEY MANAGEMENT SERVICES FOR ENCRYPTED STORAGE DEVICES - A method, system, and computer-readable storage medium containing instructions for controlling access to data stored on a plurality of storage devices associated with a first platform. The method includes authenticating a user to access the first platform, wherein the first platform includes first and second storage devices, chipset encryption hardware, and a memory. Data stored on the storage devices are encrypted, with first data on the first storage device being encrypted by the chipset encryption hardware and second data stored on the second storage device being encrypted by another encryption mechanism. The data are decrypted and the user is allowed to access the first data and the second data.04-05-2012
20120084554SYSTEM AND METHOD FOR HOSTING ENCRYPTED MONITORING DATA - A monitoring system includes at least one monitoring devices coupled to the electrical power distribution system at selected locations for collecting data related to the operation of the monitored system. The monitoring device(s) includes a communication port and processors programmed to segment the collected data into blocks optimized for user analysis operations, encrypt the segmented blocks of data, bundle the encrypted blocks of data with unencrypted metadata that identifies the data blocks by at least the monitoring location at which the encrypted blocks of data were obtained and the type of data, and transmit the encrypted blocks of data with the unencrypted metadata. The system includes at least one client device that has a communication port that is coupled to the monitoring device(s) and the client device and that has a processor programmed to generate and transmit queries regarding selected ones of the encrypted blocks of data. A monitoring service is coupled to the monitoring device(s) and includes a processor programmed to receive and store the encrypted blocks of data with the unencrypted metadata from the monitoring device(s), process the unencrypted metadata, and retrieve and transmit the selected ones of the encrypted blocks of data in response to the queries from the client device.04-05-2012
20120260086APPARATUS AND METHODS FOR DISTRIBUTING AND STORING ELECTRONIC ACCESS CLIENTS - Apparatus and methods for efficiently distributing and storing access control clients within a network. In one embodiment, the access clients include electronic Subscriber Identity Modules (eSIMs), and an eSIM distribution network infrastructure is described which enforces eSIM uniqueness and conservation, distributes network traffic to prevent “bottle necking” congestion, and provides reasonable disaster recovery capabilities. In one variant, eSIMs are securely stored at electronic Universal Integrated Circuit Card (eUICC) appliances which ensure eSIM uniqueness and conservation. Access to the eUICC appliances is made via multiple eSIM depots, which ensure that network load is distributed. Persistent storage is additionally described, for among other activities, archiving and backup.10-11-2012
20120260085COMPUTER SYSTEMS, METHODS AND PROGRAM PRODUCT FOR MULTI-LEVEL COMMUNICATIONS - Systems, methods and a computer program product for facilitating multi-level communications within a computer system provide for generating while using a first network component a network data packet including a code within a field other than a payload field. The code corresponds with a coded communication within a library of coded communications. The network data packet is transmitted from the first network component to a designated second network component connected to the first network component that reads the code and selects the coded communication from the library of coded communications that corresponds with the code. The selected coded communication is then transmitted from the designated second network component to an intended recipient. The systems, methods and computer program product are applicable within the context of generalized computer systems, as well as restricted access computer systems.10-11-2012
20100332818CLOUD STORAGE AND NETWORKING AGENTS, INCLUDING AGENTS FOR UTILIZING MULTIPLE, DIFFERENT CLOUD STORAGE SITES - Systems and methods are disclosed for performing data storage operations, including content-indexing, containerized deduplication, and policy-driven storage, within a cloud environment. The systems support a variety of clients and cloud storage sites that may connect to the system in a cloud environment that requires data transfer over wide area networks, such as the Internet, which may have appreciable latency and/or packet loss, using various network protocols, including HTTP and FTP. Methods are disclosed for content indexing data stored within a cloud environment to facilitate later searching, including collaborative searching. Methods are also disclosed for performing containerized deduplication to reduce the strain on a system namespace, effectuate cost savings, etc. Methods are disclosed for identifying suitable storage locations, including suitable cloud storage sites, for data files subject to a storage policy. Further, systems and methods for providing a cloud gateway and a scalable data object store within a cloud environment are disclosed, along with other features.12-30-2010
20080301430Interoperable Systems and Methods for Peer-to-Peer Service Orchestration - Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL. In a preferred embodiment, a media services framework is provided that enables nodes to find one another, interact, exchange value, and cooperate across tiers of networks from WANs to PANs.12-04-2008
20080301429Dual Cryptographic Keying - A dual cryptographic keying system. In particular implementations, a method includes responsive to an initial session key negotiation, storing security association information for a tunnel in a security association memory; responsive to a session key renegotiation, storing security association information for the tunnel in a cache; decrypting received packets associated with the tunnel conditionally using the security association information in the cache or the security association information in the security association memory; and upon an expiration condition, overwriting the security association information, for the tunnel, in the security association memory with the security association information, for the tunnel, copied from the cache.12-04-2008
20080301432Direct mail decoder product - A direct mail decoder device is provided having a mailable carrier, an integral information panel, and an integral decoder. The carrier has a first side and a second side, and contact specific data, such as name and address information, on one of the first and second sides. The information panel is located on one of the first and second sides of the carrier, and contains encrypted information. The decoder is provided to decode the encrypted information.12-04-2008
20110004751SYSTEMS AND METHODS FOR PROVIDING PRODUCT INFORMATION OVER A CARRIER WAVE - A customer relationship management (CRM) method using IBOC-radio signals is provided. A message in the radio signal is parsed to obtain a key. The key is compared to a plurality of stored keys. When the received key matches a stored key, a data structure associated with the message is outputted. A device comprising a lookup table with a plurality of stored keys, a tuner unit that receives a CRM in an IBOC signal, and a controller in electrical communication with the lookup table and tuner is provided. The controller comprises (i) instructions for comparing a key in the CRM to one or more stored keys in the plurality of stored keys and (ii) instructions for permitting the display of a display text associated with the received key when there is a match between the received key and a key in the plurality of stored keys.01-06-2011
20110004750Hierarchical skipping method for optimizing data transfer through retrieval and identification of non-redundant components - A method for optimizing data transfer through retrieval and identification of non-redundant components. Efficiently packing each network transmission block using sequence search criteria. A hierarchical skipping method. Avoidance of sending undesired pieces. Segmentation of each file and object into a hierarchy of pieces in a plurality of types.01-06-2011
20120265981ELECTRONIC DEVICE AND METHOD FOR SECURING USER INPUT DATA - An apparatus to secure input data includes a main processor to enter into a secure mode, a touch panel to detect an input, and a touch integrated circuit (IC) to obtain coordinate data of the input, and to encrypt data related to the input using a secure key, in which the data related to the input is encrypted in the secure mode, and the touch IC transmits the encrypted data to the main processor. A method for securing input data in an electronic device includes entering into a secure mode, receiving an input using a touch panel, obtaining coordinate data of the input using a touch integrated circuit (IC), and encrypting data related to the input using a secure key, in which the data related to the input is encrypted in the secure mode, and the touch IC transmits the encrypted data to the main processor.10-18-2012
20120265980APPARATUS AND METHOD FOR SECURING USER INPUT DATA - An apparatus and method for securing user input data in an electronic device including an input interface. A touch panel senses touch events in an input interface, a touch integrated circuit receives coordinate data associated with the touch events and encrypts the coordinate data using a secure key. The touch integrated circuit blocks a main processor of the electronic device from being aware that a touch event has been sensed and may directly transmit the coordinate data to a server without the intervention of the main processor.10-18-2012
20110131404APPARATUS AND METHOD FOR VISUALIZING GAME PACKET DATA - An apparatus for visualizing game packet data, includes a packet capturing unit for capturing game packet data transmitted and received during a game service; a decryption unit for decrypting the captured game packet data; and a packet filtering unit for extracting packet data having a valid protocol ID from the game packet data and extracting visualization data from the extracted packet data. Further, the apparatus for visualizing game packet data includes a virtual map creation unit for creating a virtual map using the extracted visualization data; and a visualization unit for displaying the visualization data in the created virtual map.06-02-2011
20120324215DATA SECURITY METHOD AND APPARATUS USING A CHARACTERISTIC PRESERVING ENCRYPTION - Provided is a data security method and apparatus using a characteristic preserving encryption. The data security apparatus includes an interface communicating with a user terminal or a database server, an input unit receiving information, an output unit outputting information, an encryption unit encrypting data in the data security method, a storage unit storing information, and a control unit controlling functions of the interface, the input unit, the output unit, the encryption unit or the storing unit.12-20-2012
20120272051SECURITY KEY DISTRIBUTION IN A CLUSTER - Provided are techniques for the fast and reliable distribution of security keys within a cluster of computing devices, or computers. One embodiment provides a method for secure distribution of encryption keys, comprising generating a symmetric key for the encryption of communication among a plurality of nodes of a cluster of nodes; encrypting the symmetric key with a plurality of public keys, each public key corresponding to a particular node of the plurality of modes, to generate a plurality of encrypted symmetric keys; storing the plurality of encrypted symmetric keys in a central repository; and distributing the encrypted symmetric keys to the nodes such that each particular node receives an encrypted symmetric key corresponding to a corresponding public key of the particular node.10-25-2012
20120272053Virtual private network for real-time data - The present disclosure describes a method for protecting real-time data exchanged between a mobile electronic device and a VPN gateway over a communications link. The method comprises: establishing a first VPN connection between the mobile electronic device and the VPN gateway through the communications link; establishing, while the first VPN connection is established, a second VPN connection between the mobile electronic device and the VPN gateway through the communications link; providing key information to at least one of the mobile electronic device or VPN gateway through the first VPN connection; and exchanging real-time data packets between the mobile electronic device and the VPN gateway through the second VPN connection, wherein the key information is for encrypting and decrypting the real-time data packets exchanged through the second VPN connection.10-25-2012
20110238977SYSTEM AND METHOD FOR PROVIDING A SINGLE USE IMAGING DEVICE FOR MEDICAL APPLICATIONS - A system and methods for providing and reclaiming a single use imaging device for sterile environments is disclosed and described. The system may include a single use high definition camera used for general purpose surgical procedures including, but not limited to: arthroscopic, laparoscopic, gynecologic, and urologic procedures, may comprise an imaging device that is a sterile and designed to ensure single use. The imaging device may have a single imaging sensor, either CCD or CMOS, encased in a housing.09-29-2011
20110238975INFORMATION PROCESSING DEVICE, ROUTE CONTROL DEVICE, AND DATA RELAY METHOD - A server notifies a route control device of a session ID indicating a session and generated for a user of a terminal device together with its own IP address. The terminal device notifies a route control device of data for a connection to a relay device together with a session ID. The route control device associates the data for the connection with the IP address of the server using the session ID, and sets the associated combination as relay setting information in the relay device. Thus, the relay device refers to the relay setting information using data for a connection extracted from a message when the message is received from the terminal device, and determines a destination of the message.09-29-2011
20120278609JOINT ENCRYPTION OF DATA - A method for joint generation of a ciphertext by devices of a data processing system includes providing, by a first device, a first message, representing secret data of the first device, generating an initial ciphertext comprising an initial blinded encrypted message, in which the first message is encrypted under a public key of a trusted entity, and an initial consistency component for validating the initial ciphertext using the bilinear map; and sending the initial ciphertext to a second device; wherein the second device provides a second message, representing secret data of the second device, generates an updated ciphertext comprising an updated blinded encrypted message and an updated consistency component for validating the updated ciphertext, and generating a final ciphertext comprising the final encrypted message and a final consistency component for validating the final ciphertext, wherein the final consistency component is generated using the updated consistency component and the bilinear map.11-01-2012
20120278608INFORMATION PROCESSING APPARATUS, SECURE MODULE, INFORMATION PROCESSING METHOD AND COMPUTER PRODUCT - An information processing apparatus securely stores a program group comprising one or more programs and includes a first detector that detects an execution waiting state of a given program among the program group; a secure module that is configured such that information stored therein cannot be referred to by an external device, and when the execution waiting state is detected by the first detector, that encrypts the given program and writes the encrypted given program to a storage area that is different from that of the program group; a second detector that detects an execution request concerning the given program; a decrypter that decrypts the given program encrypted by the secure module and writes the decrypted given program to the storage area, when the execution request concerning the given program is detected by the second detector; and a program executor that executes the given program decrypted by the decrypter.11-01-2012
20120331283USER-CONTROLLED DATA ENCRYPTION WITH OBFUSCATED POLICY - An obfuscated policy data encryption system and method for re-encrypting data to maintain the confidentiality and integrity of data about a user when the data is stored in a public cloud computing environment. The system and method allow a user to specify in a data-sharing policy who can obtain the data and how much of the data is available to them. This policy is obfuscated such that it is unintelligible to the cloud operator and others processing and storing the data. In some embodiments, a patient species with whom his health care data should be shared with and the encrypted health care data is stored in the cloud in an electronic medical records system. The obfuscated policy allows the electronic medial records system to dispense the health care data of the patient to those requesting the data without disclosing the details of the policy itself.12-27-2012
20110320806SYSTEM AND METHOD FOR MODULUS OBFUSCATION - Disclosed herein are methods for obfuscating data via a modulus operation. A client device receives input data, stores an operation value, performs a modulus obfuscation on the operation value, performs a modulus operation on the operation value and the input data, performs a modulus transformation on the operation value and the input data to obtain client output data, and checks if the client output data matches corresponding server output data. A corresponding server device receives input data, performs a modulus transformation on the input data to obtain a result, performs a plain operation on the result and an operation value to obtain server output data, and checks if the server output data matches corresponding client output data from the client device. The client and/or server can optionally authenticate the client input data and the server input data if the server output data matches the client output data.12-29-2011
20110320805SECURE SHARING OF DATA ALONG SUPPLY CHAINS - Implementations of methods of sharing data in a supply chain, the data corresponding to an item having a tag associated therewith, include generating data corresponding to the item, generating a data reference, encrypting the data using an encryption key to provide encrypted data, transmitting the encrypted data over a network for storage in a database based on the data reference, writing the data reference and the encryption key to the tag, and transferring the item to a successor in the supply chain. Implementations include retrieving information electronically stored on the tag, the information comprising a data reference and an encryption key, transmitting a data request over a network for retrieving encrypted data from a database, the data request comprising the data reference, receiving the encrypted data from the database, and decrypting the encrypted data using the encryption key to provide decrypted data.12-29-2011
20110320803Light-weight security solution for host-based mobility & multihoming protocols - A transport connection system is set forth. The system includes a first device adapted to send and receive messages. A second device, adapted to send and receive message, is also provided. A message i generated by the first device includes a secret Ri-12-29-2011
20120102315VERIFICATION OF PEER-TO-PEER MULTIMEDIA CONTENT - A method including receiving, at a first entity, from a second entity, the content and an identification of the second entity, over a peer-to-peer communication link. The received content is rendered and verification information containing the identification of the second entity and an identification of the received content is generated. The verification information is encrypted using an encryption key.04-26-2012
20120102316STORING ENCODED DATA SLICES IN A DISPERSED STORAGE NETWORK - A method begins by a dispersed storage network (DSN) access module encoding a data segment to produce slices and sending temporary write requests to DSN storage modules, wherein the temporary write requests includes slices. In response to one of the temporary write requests, the method continues with a DSN storage module temporarily storing a slice to produce a temporarily stored slice and sending an indication of temporary storage of the slice. When a write threshold number of indications of temporary storage has been received by the DSN access module, the method continues with the DSN access module sending permanent write requests to DSN storage modules. In response to one of the permanent write requests, the method continues with the DSN storage module storing the temporarily stored slice in permanent memory and sending an indication of permanent storage of the slice.04-26-2012
20120290829SYSTEM AND METHOD FOR SELECTIVE INSPECTION OF ENCRYPTED TRAFFIC - Inspection of encrypted network traffic where multiple network connections are monitored that carry encrypted data, but only a subset of the network connections are decrypted and inspected. Typically, only network connections that are associated with designated target users whose encrypted data is to be inspected are decrypted. A Network Monitor Center (NMC) dynamically establishes a list of rules for selection of encrypted data connections. The rules are provided to a Secure data Inspection Appliance (SIA) that accepts some or all of the network user encrypted traffic and checks it against a rule table. When detecting an encrypted connection that matches the rule table, the SIA decrypts the connection and provides a copy of the connection plain data to the NMC. The NMC then inspects the plain data for security threats. Once a security threat is found in a connection, the NMC applies predefined consequent actions to this connection.11-15-2012
20120290831METHODS FOR DECRYPTING, TRANSMITTING AND RECEIVING CONTROL WORDS, STORAGE MEDIUM AND SERVER FOR SAID METHODS - A method for deciphering control words for mechanically and electronically independent terminals includes causing first and second terminals to transmit a first and second cryptograms to a control-word server, causing that server to decipher them to obtain first and second control words for enabling descrambling of first and second multimedia content broadcast simultaneously on respective first and second channels, causing the server to transmit the control word to the respective terminals, the second control word obtained by deciphering the second cryptogram before the first terminal executes a channel change, and in response to the channel change, causing the first terminal to search to determine whether the second control word has already been transmitted in advance by the server before the channel change, and if the control word has been transmitted in advance, causing the first terminal to immediately start descrambling the second multimedia content with the second control word.11-15-2012
20120290830GENERATING AN ENCRYPTED MESSAGE FOR STORAGE - A method begins by a dispersed storage (DS) processing module generating a shared secret key from a public key of another entity and a private key using a first modulo prime polynomial function, wherein a public key is generated from the private key using a second modulo prime polynomial function and wherein the public key of the other entity is derived using the second modulo prime polynomial function on a private key of the other entity. The method continues with the DS module encrypting a message using the shared secret key to produce an encrypted message. The method continues with the DS module outputting the encrypted message to the other entity.11-15-2012
20100199084SECURE CONTENT DISTRIBUTION SYSTEM - A secure system for online media content distribution is described, which system utilizes a proprietary, controlled environment media player. This player is specifically registered to a particular machine, directly downloads encrypted files from a media distributing server via a secure nugget browser, and retrieves secure decryption keys from a key distributing server via the registered player or the secure nugget browser.08-05-2010
20100199083ONBOARD ACCESS CONTROL SYSTEM FOR COMMUNICATION FROM THE OPEN DOMAIN TO THE AVIONICS DOMAIN - An onboard access control system to an information system onboard an aircraft, for communication from the open domain to the avionics domain, the open end avionics domains being connected to each other through a single-directional link from the avionics domain to the open domain. The system includes: a security device including: access switches controlling access to the avionics and open domains, a controller, a module for acquisition putting data into buffer memory and transmission to the avionics domain, a data control module, an acquisition module from the open domain and putting into buffer memory, and an operator's authentication mechanism.08-05-2010
20130013912Systems and Methods for Securing Media and Mobile Media Communications with Private Key Encryption and Multi-Factor Authentication - Systems and methods protect and secure one-path and/or multi-path data, media, multi-media, simulations, gaming, television and mobile media communications and their fixed or mobile devices over diverse networks with symmetric key rotation, various forms of encryption, and multiple factors of authentication to provide optimal security for the integrity of any media asset. The distribution of said media asset is driven through virtual servers with effective stealth or cloaked processes, rendering them invisible to outside attacks, and securing any media from internal theft during the distribution process. The systems and methods curtail the ability to copy and/or revise the protected media and are instrumental in preventing piracy of media assets over the Internet, intranets, or private networks.01-10-2013
20120151204Efficient Routing for Reverse Proxies and Content-based Routers - Efficient routing for a client-server session or connection is provided in an application layer of multi-layered systems interconnect stack by caching a plurality of application-specific information at an intermediary network point; using the application specific information to route messages for an application connection; and indexing the application-specific information with a key provided by the application. Optionally, a second key may be used to retrieve the application-specific information if the first key is not provided in an application connection request, where the second key is optionally opaque to the application program. The intermediary network point may be an edge of network Internet Protocol (IP) switch, and the application layer in which the routing is performed may be layer seven of the Open Systems Interconnection model.06-14-2012
20110138168METHOD, APPARATUS AND COMPUTER PROGRAM TO PERFORM DYNAMIC SELECTION OF SERIALIZATION PROCESSING SCHEMES - The present application is directed to a method, apparatus a computer program product configured to perform certain operations of dynamic serialization. In one example, a message is received which includes at least one message element requiring serialization. A first message element of the message is examined. A serialization scheme from a serialization scheme library is selected based on the at least one examined attribute of the first message element. Then, at least the first message element is encoded using the serialization scheme selected.06-09-2011
20130024683SYSTEM AND METHOD FOR SENDING ENCRYPTED MESSAGES TO A DISTRIBUTION LIST - A system and method for sending encrypted messages to a distribution list. In one embodiment, the method comprises: identifying a distribution list address in a message; determining one or more member addresses associated with the distribution list address; for each member address, determining if a public key for a member identified by the member address is available on the computing device; and if so, encrypting the message to the member; sending the encrypted message to the distribution list address only if each of the one or more member addresses associated with the distribution list identifies a member for which a public key is available on the computing device.01-24-2013
20130173904SECURE DATA COMMUNICATIONS WITH NETWORK BACK END DEVICES - Devices located on a back end of a web application in a private cloud may establish secure communications to other back end devices or client devices with a secure boot device integrated in the back end device. The secure boot device enables the back end component to cryptographically split data and encrypt data for transmission to other devices through a secure communications link. The secure communications link may improve security on private cloud networks. Further the secure communications link may improve security to allow back end devices to be located remote to other back end devices.07-04-2013
20130173905TRANSMITTING TERMINAL, RECEIVING TERMINAL, ID NUMBERING DEVICE, AND KEY TRANSMISSION METHOD - Provided is a transmitting terminal capable of sharing an encryption key among a number of specific apparatuses using fewer resources and securely. A transmitting terminal (07-04-2013
20130173903UNIFIED NETWORK ARCHITECTURE HAVING STORAGE DEVICES WITH SECURE BOOT DEVICES - A unified computer network may be created between network devices, such as storage devices, servers, and client computing system through multiple protocols and multiple connections. Each of the connections, regardless of different protocols or physical connections, may employ secure communications links through a secure boot device. For example, a secure communications link may be created through a fibre channel over Ethernet (FCoE) protocol.07-04-2013
20110246763Parallel method, machine, and computer program product for data transmission and reception over a network - A method, machine, and computer program product for high speed data transmission over networks by multiple data connections transmitting data in parallel having read from a data source sequentially a fixed number of blocks equal to the number of data connections in use to transmit the data. A method, machine, and computer program product for high speed data receipt from networks by multiple data connections receiving data in parallel and writing to a data target sequentially a fixed number of blocks equal to the number of data connections in use to receive the data. The purpose is to provide high speed data transfers over a network while maintaining: the same sequential order of data which was read from the data source and subsequently written to the data target, a stable and uniform transmission speed, and limited data loss in the event of a network failure.10-06-2011
20110246762System and Method for Exchanging Cryptographic Protocol Capabilities - In some data communication configurations, data received from a sender may need to be viewed or otherwise processed by more than one entity with a corresponding client. For example, a message sent to a corporate email address may be viewed by either or both a mobile device and a desktop device. For the sender to utilize the strongest algorithm or protocol used by the recipient, it would therefore need to know which algorithms or protocols are supported by both the mobile and desktop mail clients. A system and method are provided to enable the mobile device to know about the capabilities of related mail clients associated with the communication address (e.g. email address) and vice versa such that the intersection of the capabilities (i.e. the strongest algorithm or protocol supported by all parties involved) can be chosen and the messages or data cryptographically processed accordingly.10-06-2011
20110246761Systems and methods for distributed media stream transcoding and sharing - A new approach is proposed that contemplates systems and methods to support distributed stream media transcoding and sharing in real time. Under the approach, a host associated with a sender generates a high quality stream of media content that is to be shared with a plurality of viewers over a communication network. The hosting devices associated with the plurality of viewers are evaluated for their capability to process and/or transcode the high quality media stream. Based on the evaluation, the host of the sender encodes and transmits the high quality media stream to at least one selected host associated a viewer. Besides decoding the received high quality media stream and displaying it for its own consumption, the selected host of the sender further transcodes the media stream by re-encoding the high quality media steam into a different, probably lower quality media stream, and transmits the re-encoded media stream to a mobile device associated with another viewer, which then decodes and displays the lower quality media stream on the mobile device.10-06-2011
20130179675COMPOSITE SYSTEM, METHOD, AND STORAGE MEDIUM - In a composite system that includes a main system that operates with a main program and a plurality of sub-systems that operate both with sub-programs and under the control of the main system attachably and detachably connected with each other via a predefined bus, the main system transfers each fragment of divided target data to the sub-system, and the sub-system includes a receiving buffer that can read and write the fragment of data received from the main system temporarily. An encrypting process can be executed with the main system and the sub-system regardless of the size of target data to be encrypted, the size of memory in the sub-system, and data transfer capability between the main system and the sub-system even if the size of the target data in the main system is bigger than the size of the receiving buffer in the sub-system.07-11-2013
20130179677SECURE DATA EXCHANGE BETWEEN DATA PROCESSING SYSTEMS - A data transfer method performed at a proxy server includes intercepting a data request from a client computer that is directed to a target server, encrypting profile information, augmenting the data request by adding the encrypted profile information to the data request, and sending the augmented data request to the target server. A data transfer method that is performed at an information server includes receiving a data request from a proxy server, extracting profile information added to the data request by the proxy server, using the extracted profile information to generate a response, and sending the response to the proxy server.07-11-2013
20120254607System And Method For Security Levels With Cluster Communications - A cluster of computing nodes communicate through an unsecure network by selectively sending information in encrypted and unencrypted formats. Heartbeat packets are sent between the computing nodes to coordinate operation of the computing nodes and using an encrypted format. Messages are selectively sent between the computing nodes with an encrypted or an unencrypted format based upon one or more predetermined factors, such as an end user selection, the type of message or the load at the computing nodes.10-04-2012
20130179676CLOUD-BASED HARDWARE SECURITY MODULES - A cloud-based hardware security device (HSM) providing core security functions of a physically controlled HSM, such as a USB HSM, while allowing user access within the cloud and from a user device, including user devices without input ports capable of direct connection to the HSM. The HSMs can be connected to multi-HSM appliances on the organization or user side of the cloud network, or on the cloud provider side of the cloud network. HSMs can facilitate multiple users, and multi-HSM appliances can facilitate multiple organizations.07-11-2013
20130091349Enabling Packet Handling Information in the Clear for MACSEC Protected Frames - Techniques are provided to append packet handling information “in the clear” ahead of security related information in a packet to be routed over a network to optimize wide area network deployments of security-configured equipment. In one form, at a network device that performs connectionless secure communication and network routing of packets, data is received from a source device to be sent through a network to a destination device. Packet handling information is inserted in a packet that is to be used to transport the data. The packet handling information is configured to enable controlled handling of the packet in the network and is inserted in an unprotected portion of the packet. Encrypted payload data is generated from the data received from the source device. The encrypted payload data and security information are inserted in a protected portion of the packet and the packet is sent to the network.04-11-2013
20130097417SECURE PRIVATE COMPUTATION SERVICES - An encryption scheme allows meaningful, efficient computation of encrypted data in various application domains, including without limitation patient health care, financial analysis, market research, and targeted advertising. Data providers, computational services, and results consumers work in concert using a somewhat homomorphic encryption scheme to preserve the secrecy while providing practical computational performance. Encrypted data is stored within network-accessible storage. The data is encrypted using an encryption scheme that allows predictive analysis on the encrypted data without decrypting the encrypted data. The predictive analysis includes evaluation of polynomials of bounded degree on elements of the encrypted data. The evaluation includes ciphertext addition compositions and a bounded number of ciphertext multiplication compositions. The predictive analysis is performed on the encrypted data without decrypting the encrypted data to create encrypted results, which are transmitted to an entity possessing a decryption key capable of decrypting the encrypted results.04-18-2013
20130124850SMART GRID AND METHOD FOR OPERATING A SMART GRID - Method for operating a smart grid including a plurality of smart meters configured to monitor at least one physical measured quantity and to provide measurement results of the at least one physical measured quantity to a central entity, includes the following steps: 05-16-2013
20130124849System And Method For Individualizing Content For A Consumer - Protected content that has been encrypted according to an encryption algorithm is individualized for a consumer according to pseudorandomly-generated individualization data values and individualization indexes. When different instances of individualized protected content are generated from the same protected content for different consumers, the different instances differ in content. To generate the individualized protected content, a packaging component is configured to identify pseudorandom intervals within the protected content using the individualization indexes, and for each given one of the intervals, to combine the protected content included within the given interval with a respective one of the individualization values according to a reversible data transform operation. The data transform operation is less computationally expensive than the given encryption algorithm.05-16-2013
20080209203Data encryption apparatus, data decryption apparatus, data encryption method, data decryption method, and data transfer controlling apparatus - A crypt processor is connected to a host computer and a storage apparatus. Data from the host computer is transferred to the crypt processor via DMA (Direct Memory Access) to be encrypted and then stored in the storage apparatus. The crypto processor acquires a descriptor defining a DMA number for identifying a DMA channel used to DMA-transfer the data. The crypto processor stores therein, based on the DMA number included in the acquired descriptor, the data transferred using the same DMA channel in units of a data size specified in a data bus. The crypto processor then encrypts the stored data in units of data size specified in a crypt system, and transfers the encrypted data to the storage apparatus.08-28-2008
20100287368METHOD, APPARATUS AND SYSTEM FOR HOSTING INFORMATION EXCHANGE GROUPS ON A WIDE AREA NETWORK - A method and system for hosting information exchange groups on a wide area network is disclosed, using various tools for promoting topical organization and self-evolution of the information exchange groups, and of a system of information exchange groups. These tools include methods for providing user rating of posts within the exchange group, for rating and ranking users of the exchange group, for rating and ranking links to related information pages and especially to related exchange groups operating according to the methods of the invention, and for continuously updating rating and ranking information. Additionally, methods are provided for users to found exchange groups, to filter information in exchange groups according to specified user preferences, and to protect private information from inadvertent disclosure to other users of the exchange group.11-11-2010
20110238976WIRELESS LAN RELAY DEVICE, WIRELESS COMMUNICATION SYSTEM, AND METHOD FOR CONTROLLING WIRELESS LAN RELAY DEVICE - A wireless LAN relay device connecting an outer device to a network includes a communication section for controlling wired communication and wireless communication performed between the wireless LAN relay device and the outer device using a packet. The communication section performs, in an initial state, wireless communication without encrypting the packet, and encrypts, upon reception of a setting instruction from the outer device, the packet by using a predetermined encryption key and a predetermined encryption method which are preliminarily defined in the wireless LAN relay device.09-29-2011
20120278610APPARATUS AND METHOD FOR SENDING ENCRYPTED DATA TO CONDITIONAL ACCESS MODULE OVER COMMON INTERFACE, CONDITIONAL ACCESS MODULE AND SYSTEM THEREOF - An apparatus and method for sending encrypted data to a conditional access module (CAM) over a common interface (CI). A plurality of data packets are formed, and one data packet of the plurality of data packets includes a header and a payload for storing the encrypted data. The data packets are sent to the CAM over a transport stream (TS) interface of the CI. Encrypted data in different file formats can be sent over the TS interface. An initialization message including information about a selected format can be sent to the CAM over a control interface of the CI, and the CAM can send data request messages over the control interface to request specific data.11-01-2012
20130151842ENCRYPTION KEY TRANSMISSION WITH POWER ANALYIS ATTACK RESISTANCE - Methods and mechanisms for transmitting secure data. An apparatus includes a storage device configured to store data intended to be kept secure. Circuitry is configured to receive bits of the secure data from the storage device and invert the bits prior to transmission. The circuitry may invert the bits prior to conveyance if more than half of the bits are a binary one, set an inversion signal to indicate whether the one or more bits are inverted, and convey both the one or more bits and inversion signal. Embodiments also include a first source configured to transmit Q bits of the secure data on an interface on each of a plurality of clock cycles. The first source is also configured to generate one or more additional bits to be conveyed concurrent with the Q bits such that a number of binary ones transmitted each clock cycle is constant.06-13-2013
20100313009SYSTEM AND METHOD TO ENABLE TRACKING OF CONSUMER BEHAVIOR AND ACTIVITY - A method for collecting, processing and analyzing Internet and e-commerce data accessed by users of messaging devices such, for example, as mobile terminal users includes receiving network access data extracted from packetized traffic of a communication system. A portion of the extracted network access data is encrypted to anonymize the received network access data, obscuring information from which messaging device users' identities might otherwise be determined. The encrypted portion constitutes a unique, anonymized identifier that can be correlated to the messaging device user associated with the traffic. Network access data anonymized in this manner, once received, is processed for analysis. By referencing the identifier, anonymized network access data associated with any messaging device user is distinguishuable from anonymized network access data associated with all other messaging device user—allowing patterns of internet access activity of the users to be tracked and reported anonymously. By correlating the identifier to a socio-demographic profile, it is further possible to monitor a sample of users sufficiently large to represent an entire population sharing the same socio-demographic characteristic(s).12-09-2010
20130205132OBTAINING A CONTROL WORD TO REVEAL A CLIENT DEVICE IDENTITY - The invention provides for a solution enabling obtaining a control word in the client. The client device has a unique binary identification. An input transformed control word is mapped from an input transform domain to an output transform domain to thereby obtain an output transformed control word by successively applying a transformation function to the input transformed control word using each compound of seeds from the set successively as an input to the successive transformation functions. Each of the successive transformation functions is one of a regular transformation function, a first special transformation function and a second special transformation function. The obtained control word can be used to decrypt one of two copies of a part of content data. The copy that can be decrypted contains a watermark representing either a binary “0” or a binary “1” and represents a bit of the unique binary identification of the client device.08-08-2013
20100318783SERVICE ACTIVATION USING ALGORITHMICALLY DEFINED KEY - Systems and methods for service activation using algorithmically defined keys are disclosed. A consumer who has a relationship with a first party may wish to enroll in a service provided by a third party. The first party can maintain control of such enrollments through the use of algorithmically defined keys. The algorithmically defined keys also allow the third party service provider to verify data provided by the consumer as matching data stored by the first party. The verification provides for data synchronization without requiring the third party to have access to the first parties data systems.12-16-2010
20100318782SECURE AND PRIVATE BACKUP STORAGE AND PROCESSING FOR TRUSTED COMPUTING AND DATA SERVICES - A digital escrow pattern is provided for backup data services including searchable encryption techniques for backup data, such as synthetic full backup data, stored at remote site or in a cloud service, distributing trust across multiple entities to avoid a single point of data compromise. In one embodiment, an operational synthetic full is maintained with encrypted data as a data service in a cryptographically secure manner that addresses integrity and privacy requirements for external or remote storage of potentially sensitive data. The storage techniques supported include backup, data protection, disaster recovery, and analytics on second copies of primary device data. Some examples of cost-effective cryptographic techniques that can be applied to facilitate establishing a high level of trust over security and privacy of backup data include, but are not limited to, size-preserving encryption, searchable-encryption, or Proof of Application, blind fingerprints, Proof of Retrievability, and others.12-16-2010
20120284504Method and system for the Orange family of stream ciphers and method and system for generating stream ciphers based on the ERINDALE-PLUS hashing function - The present invention introduces the Orange family of stream ciphers. The cipher may involve several elements including splitting with jumping, iterated transformations and padding. The construction of the cipher also involves constantly updated bit strings that may be used as multiple keystreams in transformations of various degrees. The cipher permits parameterizing speed, security and consumed memory. A customization of the cipher allows generating practically unlimited number of stream ciphers with different inner structures and IV parameters. The present invention also presents a transformation of the ERINDALE-PLUS hashing function. The transformed ERINDALE-PLUS hashing is capable simultaneously generate a ciphertext and a secure hash value of a message.11-08-2012
20130159696SENDING MESSAGES BY OBLIVIOUS TRANSFER - A system includes a server connectable to a client, the server configured to allow the client to acquire a message of an index designated by the client among N messages held by the server where N is an integer of two or more. The server includes a classification unit configured to classify the N messages into M classified messages by contents of the messages; a message encryption unit configured to encrypt each of the M classified messages; a message provision unit configured to provide the M encrypted classified messages to the client; and a key sending unit configured to send the client, by oblivious transfer, a message key for decrypting the classified message corresponding to the message of the index designated by the client.06-20-2013
20130159697DISTRIBUTING DATA TO MULTIPLE CLIENTS FROM SERVER - Provided are techniques for distributing data in a trackable manner while suppressing an increase in the size of data to be distributed as much as possible and minimizing interruption of usage of the data. A method for distributing data to multiple clients from a server includes the steps of: generating a common noise by using noises unique to the multiple clients, respectively; embedding the common noise in the data to be distributed to make the data unusable; and distributing the data containing the embedded common noise, so that the data containing the embedded common noise is made usable by each of the multiple clients using a unique noise generated in the client.06-20-2013
20130159695DOCUMENT PROCESSING METHOD AND SYSTEM - A document processing method and system divides a document into document pages, and encrypts the document pages by first key to obtain a plurality of encrypted pages; picks a part of words from the document pages and encrypts them by second key to obtain a Significant Word Set (SWS); picks a part of words from the picked part of words and encrypts them by third key to obtain a Most Relevant Word Set (MRWS). The encrypted pages, the SWS and the MRWS are transmits to a remote server for storage. When user search a keyword in the document, the keyword is encrypted by the second and third keys for performing two query. The first query result is decrypted to obtain the search result. The second query result is decrypted and then checked whether it is a subset of the first decrypted query result for detecting unfaithful execution.06-20-2013
20130159694DOCUMENT PROCESSING METHOD AND SYSTEM - A document processing method and system are provided. A client divides at least one document into a plurality of document pages, and individually encrypts the document pages by a first key to obtain a plurality of encrypted pages. The client removes a part of words from the document pages to obtain a plurality of significant words, and individually encrypts the significant words by a second key different to the first key to obtain a plurality of encrypted significant words. The client records the encrypted significant words and a plurality of first index information in a significant word set (SWS), where the first index information indicates a page in the encrypted pages where the encrypted significant word comes from. Then, the client transmits the encrypted pages and the SWS to a remote server for storage.06-20-2013
20110314269Website Detection - A website fingerprint is generated that characterizes network traffic associated with a website as a website traffic fingerprint that includes size description(s), order description(s), and timing description(s) of packet traffic for the website. A website monitor generates website trace(s) of packet statistics. A correlation processor correlates a sequence of packet statistics from the website trace(s) with the size description, the order description, and timing description found in the website traffic fingerprint(s).12-22-2011
20130191627Controlling and auditing SFTP file transfers - Encrypted SFTP file transfers and other encrypted file transfers may be audited and what files can be transferred may be controlled at a firewall or other gateway. Transferred files may be subjected to data loss prevention analysis and/or virus checks.07-25-2013
20130191626RECORDING DEVICE, TERMINAL DEVICE, AND CONTENT TRANSMISSION SYSTEM - A content transmission system transmits content, using a cloud computing system. A recording device records the content to a local storage or a cloud storage. When the local storage is selected as a recording destination, the recording device generates an encryption key, encrypts the content with the key, and generates management information associating the key with an address of the cloud storage. The recording device furthermore determines whether a portable recording medium is connected thereto. If connected, the recording device records the key and the management information to the portable recording medium. The terminal device first reads the key and the management information from the portable recording medium. The terminal device then accesses the cloud storage without performing user authentication, referring to the management information, and downloads the encrypted content from the cloud storage. Furthermore, the terminal device decrypts the content from the encrypted content, using the key.07-25-2013
20130198508SYSTEM AND METHOD FOR REMOTE RESET OF PASSWORD AND ENCRYPTION KEY - Data is secured on a device in communication with a remote location using a password and content protection key. The device stores data encrypted using a content protection key, which itself may be stored in encrypted form using the password and a key encryption key. The remote location receives a public key from the device. The remote location uses the public key and a stored private key to generate a further public key. The further public key is sent to the device. The device uses the further public key to generate a key encryption key, which is then used to decrypt the encrypted content protection key. A new content encryption key may then be created.08-01-2013
20120047361METHOD FOR SECURING COMMUNICATIONS IN A WIRELESS NETWORK, AND RESOURCE-RESTRICTED DEVICE THEREFOR - The present invention relates to a method for securing communications between a resource-restricted device (02-23-2012
20120066487SYSTEM AND METHOD FOR PROVIDING LOAD BALANCER VISIBILITY IN AN INTELLIGENT WORKLOAD MANAGEMENT SYSTEM - The system and method for providing load balancer visibility in an intelligent workload management system described herein may expand a role or function associated with a load balancer beyond handling incoming and outgoing data center traffic into supporting governance, risk, and compliance concerns that may be managed in an intelligent workload management system. In particular, the load balancer may establish external connections with destination resources in response to client devices establishing internal connections with the load balancer and then attach connection tracers to monitor the internal connections and the external connections. The connection tracers may then detect incoming traffic and outgoing traffic that the internal and external connections pass through the load balancer, and traffic tracers may collect data from the incoming traffic and the outgoing traffic, which the workload management system may use to manage the data center.03-15-2012
20120096257Apparatus and Method for Protecting Storage Data of a Computing Apparatus in an Enterprise Network System - The present invention relates to data security, in particular relates to data protection for storage data, and more particularly relates to encrypting and decrypting process to data on a removable non-volatile storage in an enterprise network. There is provided an apparatus and a method for protecting storage data of a computing apparatus within an enterprise network system, the method comprising: intercepting data transferred between an application of the computing apparatus and a storage; determining whether the data intercepted at the data transfer interception step is confidential data; obtaining a key automatically generated for the confidential data; and encrypting and decrypting the confidential data with the obtained key.04-19-2012
20130212376DATA ACCESS MANAGEMENT IN A HYBRID MEMORY SERVER - Once or more embodiments manage access to data by accelerator systems in an out-of-core processing environment. In one embodiment, a request from an accelerator system is received for access to a given data set. An access context associated with the given data set is determined. The accelerator system is dynamically configured, based on the access context that has been determined, based on the access context that has been determined, to one of access the given data set directly from the server system; locally store a portion of the given data set in a memory; and locally store all of the given data set in the memory.08-15-2013
20130212373STORAGE AVAILABILITY USING CRYPTOGRAPHIC SPLITTING - Methods and systems for maintaining data connectivity in a secure data storage network are disclosed. In one aspect, a method includes assigning a volume to a primary secure storage appliance located in a secure data storage network the primary secure storage appliance selected from among a plurality of secure storage appliances located in the secure data storage network, the volume presented as a virtual disk to a client device and mapped to physical storage at each of a plurality of storage systems. The method further includes detecting at one of the plurality of secure storage appliances a failure of the primary secure storage appliance. The method also includes, upon detecting the failure of the primary secure storage appliance, reassigning the volume to a second secure storage appliance from among the plurality of secure storage appliances, thereby rendering the second secure storage appliance a new primary secure storage appliance.08-15-2013
20130212374METHOD FOR IDENTIFYING A DEVICE USED BY A HACKED TERMINAL, AND RELATED DEVICE - The invention relates to a method for preventing the fraudulent use of an electronic device and thus for effectively combating the fraudulent dissemination of protected content.08-15-2013
20130212375Method of Checking and Protecting Data and Identity Especially Within Processes Using Information and Communication Technologies. - A method of checking and protecting data and identities within a communication or computing process between at least one author and at least one recipient comprises at least: a step of allocation by an anonymization authority of one and the same stamp forming a cryptonymic marking, to one or to several different authors and to their objects; a step of inserting said stamp into the communication or computing protocol associated with the data stream, by means of a stamp system, the protocol containing the identity of said author or of said object of the author or authors, and each author being able moreover to simultaneously have a plurality of different cryptonyms; a step of reading, at at least one recipient, of said protocol by means of a reading system able to detect the presence of said stamp.08-15-2013