147 results about "S/KEY" patented technology

In an exemplary embodiment, digital content is mastered as a combination of encrypted data and data processing operations that enable use in approved playback environments. Player devices having a processing environment compatible with the content's data processing operations are able to decrypt and play the content. Players can also provide content with basic functions, such as loading data from media, performing network communications, determining playback environment configuration, controlling decryption/playback, and/or performing cryptographic operations using the player's keys. These functions allow the content to implement and enforce its own security policies. If pirates compromise individual players or content titles, new content can be mastered with new security features that block the old attacks. A selective decryption capability can also be provided, enabling on-the-fly watermark insertion so that attacks can be traced back to a particular player. Features to enable migration from legacy formats are also provided.

A TV-set is equipped with HDMI and USB connections that allow it to display and run audio-video content from a variety of conventional consumer devices. The TV-set is further equipped to provide a secure HDMI-USB interface that will allow the transfer of licensed high definition content and Internet subscriber services. Such secure HDMI-USB interface also enables a selection of proprietary application modules to be attached. Downloadable user interface templates, much like XML style sheets, are rendered to a user interface displayed on the screen. These are associated with corresponding thumbnails and URI's that allow a user to surf through lists and catalogs of materials, and then to play them in the appropriate formats and provide the machine with a customized controller. A remote commander is simplified, yet expanded to control all the attached devices through interactions with the user interface. The functions of the remote commander's keys change depending on where the user is navigating and what device is being controlled, similar to so-called soft-keys.

The invention provides a method for a sender to send a message on a tangible medium and ensure that it is privacy protected until verification that the medium has been received by the authorized recipient. The invention provides a method in which a sender creates an encrypted content message that may be decrypted using a content decryption key that is unknown to the authorized recipient. The sender creates an encrypted authentication message that may be decrypted using a recipient's key that is known to the authorized recipient but is unknown to others, except perhaps to the sender. The sender fixes the encrypted content message and the encrypted authentication message onto a tangible medium and then permits the authorized recipient to obtain the tangible medium. The authorized recipient uses the recipient's key to decrypt the encrypted authentication message and then creates a valid reply that is based upon or which uses the decrypted authentication message. The authorized recipient sends the valid reply to the sender and upon verification that the reply is valid the sender allows the authorized recipient to obtain the content decryption key. With the content decryption key, the authorized recipient is able to decrypt the encrypted content message. The invention also includes an article of manufacture for sending an encrypted message from a sender to an authorized recipient using a method, of the invention.

Methods and systems for virtual checking are described. A virtual check is created by a payor's device and then sent to the payee's device. The payee can be another mobile device. The virtual check has many of the same features as a regular, paper check plus additional features only available in digital form. In an example, the data can be encrypted by either the banks key or the payor's key. Further encryption can occur between the payor's device and the payee's device, which can connect on a peer-to-peer network. The check can be an image with tag data. In an example, data can be encoded into the image itself. The virtual check can include populated data that cannot be changed by the payee. In an example, the virtual check application of the payee can automatically perform a funds availability check.

A digital cryptograph and encryption process encrypts and transmits in a digital format specific items of information requested by a user of a digital content transmission system by using key information, a user's key and a temporary validation key, to decrypt and replay the encrypted digital information at the user's terminal by using the key information and the user's authorization information. Each registered subscribing user is provided with unique key information. The user key is generated by applying the key information to a key generation algorithm. The temporary validation key that is created when the registered user accesses the server, is encrypted with the user key. The digital information is encrypted by using the temporary validation key in an encryption algorithm. The decryption algorithm allows the user to decrypt and replay the encrypted digital information upon receipt of the key information that has a one-to-one correspondence to the identity characters of the registered subscribing user.

Systems and methods for providing an auditing file system for theft-prone devices are disclosed. The auditing file system supports fine-grained file auditing: a user may obtain reliable, explicit evidence that no files have been accessed after a device's loss. A user may also disable future file access after a device's loss, even in the absence of device network connectivity. In one embodiment, files are encrypted locally but the encryption keys are stored remotely, so that an audit server is queried for encryption keys to access protected files. By configuring the audit server to refuse to return a particular file's key, the user can prevent new accesses after the device is lost.

In a distributed information network, a broker server is coupled to a plurality of child servers and to a plurality of clients in the network. The broker server connects clients to a child server in a queue on a FIFO basis and provides the client with a key identifying the child server. The client provides the server with a copy of its key at the time of the initial service request. Both the child server and the client retain a copy of the other's key upon disconnect. The child server returns to the bottom of the queue after disconnect. On a subsequent client service request, the client includes the child server key in the service request and the broker automatically re-connects the client to the child server wherever S1 may be in the queue, provided the child server is not busy serving other clients. When reconnected, the client send its key to the child server which compares the key to the retained copy of the client key. If the keys match, the child server does not refresh and reload the client state data which improves server performance. If the child server is not available, the broker assigns the client to the child server at the top of the queue. The client may also be an intermediate server for other or first tier clients, in which case the intermediate server forwards the server keys to the first tier clients for service requests to the child server.

This invention provides a user friendly, email encryption system allowing users to send and receive encrypted messages for registered and unregistered users. Encrypted messages can be sent to registered or non-registered users by transmitting the encrypted message to cloud system servers. The cloud system servers acquire certificates from certificate authorities or any end-to-end exchange of keys between the sender and the recipient of the encrypted message. For registered users, messages sent by senders are encrypted by the sender and sent to the cloud system servers which decrypt the message and re-encrypt the message with the recipient's key. For non-registered users, once the encrypted message is decrypted at the cloud system servers, another message is sent to the non-registered informing them that an encrypted message awaits them if they select a link in the message which allows them to log into the cloud system servers and view the original message.

A cryptosystem is described which automatically provides an extra “message recovery” recipient(s) when an encrypted message is generated in the system. The system is typically configured such that the extra recipient or “message recovery agent” (MRA)—an entity which itself has a public key (i.e., a MRA public key)—is automatically added, under appropriate circumstances, as a valid recipient for an encrypted message created by a user. In a corporate setting, for example, the message recovery agent is the “corporate” message recovery agent designated for that company (firm, organization, or other group) and the user is an employee (or member) of that company (or group). In operation, the system embeds a pointer (or other reference mechanism) to the MRA public key into the public key of the user or employee, so that encrypted messages sent to the company's employees from outside users (e.g., those individuals who are not employees of the company) can nevertheless still be recovered by the company. Alternatively, the MRA public key itself can be embedded within the public key of the employee or user (i.e., a key within a key), but typically at the cost of increasing the storage requirement of the user's key. By including in the user's key (e.g., an employee) a pointer to a message recovery agent's key (or the MRA key itself), the system provides a mechanism for assisting a user outside a group (e.g., a user who is outside a particular company) with the task of including in an automatic and non-intrusive manner the key of an additional recipient, such as one intended for message recovery.

A user interface method for creating a multimedia message of a mobile communication terminal is disclosed in which menu fields for creating a multimedia message are displayed in one screen, and when inputting content for each menu field is completed, it is automatically switched to a multimedia message-creating screen in which a selecting bar is positioned at the next field. In addition, while a user is using a multimedia function, a current image can be switched to the multimedia message-creating screen according to a user's need. Thus, the number of user's key manipulations can be reduced in creating the multimedia message, thereby enhancing a user's convenience.

A method for fast and efficient record retrieval in large databases using cyclical redundancy check (CRC) computations as hash functions. Two hash values are computed for each record's key using the CRC-CCITT and CRC-16 generator polynomials. The two CRC values then are combined into a four-byte composite hash value that represents a binary signature of the record's key. Alternately, a single CRC-32 value can be used as a four-byte hash value. In most cases, this four-byte hash value uniquely identifies the record's key. An index file is constructed using a hybrid search method, part hash table and part linear search. The index file is searched to find a match for the four-byte hash value and the record's offset is obtained. The record's offset is used to retrieve the record from the database.

In an encryption apparatus for encrypting a data body to contain an encrypted data body in transmission data and transmitting the transmission data to a receiver, the transmission data includes sender's key recovery data obtained by encrypting recovery information for recovering a key for decrypting the encrypted data body to allow a key recovery agent registered by a sender to decrypt the recovery information, and receiver's key recovery data obtained by encrypting the recovery information for recovering the key for decrypting the encrypted data body to allow a key recovery agent registered by a receiver to decrypt the recovery information.

A storage area network resistant to spoofing attack has several nodes each having a port, and storage area network interconnect interconnecting the ports. Each port is provided with a hash function generator for providing and verifying an authentication code for frames transmitted over the storage area network, and a key table for providing a key to the hash function generator. The authentication code is generated by applying a hash function to the key and to at least an address portion of each frame. In each node, the key is selected from that node's key table according to address information of the frame.

An apparatus and method to significantly improve performance of certain group queries using an encoded vector index (EVI) is disclosed. An EVI provides the data necessary to generate query results for COUNT, SUM, MIN, and MAX commands that specify the one or more database fields upon which the EVI is built. Only the EVI symbol table's key count, and the one or more database fields duplicated in the EVI symbol table are necessary to generate the query results.

The key count in each EVI symbol table entry contains the number of records in the database having identical values in the EVI fields (that is, the fields upon which the EVI is built). These duplicated database values are called key values in the EVI symbol table entry. The EVI symbol table entry's key count allows quick generation of query results for COUNT and SUM commands that specify one or more EVI fields. SUM command processing of an EVI field is further facilitated by calculating a product of the key count and the key value of that EVI field. The highest or lowest key value in an EVI field provides query results for MAX or MIN commands specifying that EVI field. A HAVING operand specifying a key value delimiter on an EVI field for any of the aforementioned grouping commands is also facilitated using the EVI symbol table.

Disclosed herein is a system and method for wireless proximity-based access to a computing system, which in accordance with certain aspects of an embodiment of the invention includes a small, portable, person-carried or personal-item-carried (e.g., by attachment to a user's key's, purse, knapsack, etc.) wireless transmitter that serves as a “key,” and a wireless receiver configured for attachment to the computing system that serves as a “lock.” The lock may comprise, for example, a USB device that both wirelessly communicates with the key to detect its physical proximity, and communicates with the computer access software that is native on the computing system (e.g., standard WINDOWS username and password authentication processes) to either allow or disallow such computer access software from allowing access to the computing system based upon the physical proximity of the key to the lock.

The present invention provides a trading keyboard that can be configured both physically and functionally according to a user's preferences. The trading keyboard preferably includes self-identifying key covers that can be physically arranged on any of the keyboard's key bases. Detection mechanisms included in the key bases detect the commands of the trading application associated with each self-identifying key cover. Therefore, the user may reposition the key covers on the keyboard according to the user's preferences, and yet retain the same functionality for the key covers. The user may also switch between keyboard modes that allow the keyboard to be functionally reconfigured. By selecting different modes, the user can chose between different keyboard mapping configurations that assign the functions of the trading application to the keys in different arrangements. The mode selection mechanism may also be used to select between different commands associated with a single key or key cover.

The present invention relates to an ID identification method based on the S/Key system. The present invention submits the registration data comprising a user name, a code and password, iteration value and the biological property value to an identification server through a user side; the server forms the seed value corresponding to the user and calculates the first one-off password of the password sequence. A duplex identification between the client side and the server which is also the duplex identification of the combination of the one-off password of the registered user and the biological proper value is implemented in the process of user ID identification. .

A computer system and method for securing files in a file system equipped with storage resources that are accessible to an authenticable user operating with an untrusted client device under the semi-trusted client threat model. The file to be secured is stored in one or more blocks belonging to the storage resources along with symmetric per-block key(s) KB_i assigned to each of the blocks in the file. The blocks are encrypted with the symmetric per-block keys to obtain encrypted blocks. The user is assigned user key(s) and each per-block key that was used for encryption is in turn encrypted with one of the user's keys to derive wrapped key(s) for each encrypted block. Wrapped key(s) are placed in encrypted block headers and introduce a level of indirection to encrypted file(s) that is appropriate for the semi-trusted client threat model.