摘要:
A Basic Input/Output System (BIOS) device is designed to control access to a portion of BIOS code loaded in its internal memory. For example, during a boot process, an internal state machine permits access to the portion of the BIOS code in response to authentication of a portable token in communication with the BIOS device. Otherwise, the BIOS device precludes access to the portion of the BIOS code until the portable token is authenticated.
摘要:
A data management system and method for a limited cryptographic storage unit, such as a smartcard or other hardware token, includes a cryptographic data manager that interfaces with the limited capacity cryptographic storage unit and a data overflow memory coupled to the cryptographic data manager. The cryptographic data manager stores cryptographic data, such as decryption private keys or other secret cryptographic data, in the overflow memory from the limited capacity cryptographic storage unit based on a limited capacity storage unit data update condition. The cryptographic data manager may serve as a secondary cryptographic data manager that receives the cryptographic data from an original cryptographic data storage device, or primary storage device such as a server that generates the cryptographic data, that stores a history of the cryptographic data.
摘要:
Within a communications system, first and second end stations coupled to a network participate in a communications session with one another using the network. Each end station includes an encryptor having at least a first linear feedback shift register (LFSR) and at least an associated first interconnect mask of a length not longer than the length of the first LFSR. At a particular one of the end stations, the encryptor generates an output sequence using the first LFSR and the first interconnect mask. An interconnect mask table contains polynomials that each correspond to an available interconnect mask. The end station receives a session key specifying the first interconnect mask. The end station uses the output sequence of the encryptor to encrypt an information stream during the session. In one particular embodiment, the network includes a local area network (LAN) that supports Internet Protocol (IP) and the end stations use real time protocol (RTP) to communicate audio information streams.
摘要:
An object-based security framework provides automatic caller chain building to track the identity of upstream callers. An application developer can define impersonation settings declaratively using a graphical interface. At runtime, logic outside the application objects handles the caller chain and impersonation, relieving the developer from having to incorporate impersonation logic into the application. A group of special identities are permitted to provide identities of others without themselves being recorded in the chain when the chain traverses a method invocation queue. The framework supports a copy style for the chain to support various caller scenarios. Additionally, a minimum authentication level can be enforced throughout the chain. The caller chain can be used in conjunction with roles, and objects may consult the chain programmatically to enforce a custom security scheme.
摘要:
A device and method for processing image data, a transmitting medium, and a recording medium are disclosed. More particularly, in image data processing by which accompanying information is embedded as a watermark into coded image data, a position in a block as a unit of coding the coded image data is detected, a blocked watermark pattern is provided, an area in which an operation relative to a first level value is performed and an area in which an operation relative to a second level value is performed are offered, and a watermark is appended to the coded image data in accordance with the blocked watermark pattern. It is thus possible to easily append a watermark that can be certainly detected.
摘要:
The invention relates to methods and apparatuses for acquiring a physical measurement, and for creating a cryptographic certification of that measurement, such that its value and time can be verified by a party that was not necessarily present at the measurement. The certified measurement may also include corroborative information for associating the actual physical measurement process with the certified measurement. Such corroborative information may reflect the internal or external state of the measurement certification device, as well as witness identifiers of any persons that may have been present at the measurement acquisition and certification. The certification may include a signal receiver to receive timing signals from a satellite or other external source. The external timing signals may be used to generate the time included in the certified measurement, or could be used to determine the location of the measurement certification device for inclusion in the certified measurement.
摘要:
A method for establishing a secured communication channel between a client and a server is disclosed where a program and a set of encryption information for establishing the secured communication channel are delivered from the server to the client. The set of encryption information is compact and can be used to quickly and efficiently encipher and decipher data. In particular, the client requests a program from the server via a first secured communication channel that can be established by a web browser under the HTTPS (Hypertext Transfer Protocol with SSL) protocol. The server in response dynamically generates a set of encryption information and a token identifying this particular set of encryption information. This information is then sent with the requested program. While the program can be written in any language, the language of choice is a platform-independent language such as Java. When the program executes on the client and performs its programmed tasks, one of the tasks is to establish a separate, secured communication channel with the server using the encryption information from the server.
摘要:
Restricted execution contexts are provided for untrusted content, such as computer code or other data downloaded from websites, electronic mail messages and any attachments thereto, and scripts or client processes run on a server. A restricted process is set up for the untrusted content, and any actions attempted by the content are subject to the restrictions of the process, which may be based on various criteria. Whenever a process attempt to access a resource, a token associated with that process is compared against security information of that resource to determine if the type of access is allowed. The security information of each resource thus determines the extent to which the restricted process, and thus the untrusted content, has access. In general, the criteria used for setting up restrictions for each untrusted content's process is information indicative of how trusted or untrusted the content is likely to be.
摘要:
Methods and apparatus for encryption and decryption of digital images are disclosed. A preferred embodiment operates on an image frame after that frame has undergone a space-frequency transform operation, such as a block DCT or wavelet transform, and before the frame is passed to a bitstream coder for entropy coding. The transform coefficient map is subjected to one or more encryption operations that render a subsequently decoded (but not decrypted) image incomprehensible. These operations are designed to operate with low computational overhead and with only minor effects on compressed bit rate. They also allow secure transcoding at intermediate routers of the transmission channels without the cryptographic key. In one operation, the sign bits of transform coefficients are scrambled. In another operation, two dimensional blocks of coefficients from a common subband are shuffled and/or rotated to pseudorandom locations and orientations. In yet another operation, coefficients occupying a common “subband”, but taken from different DCT blocks, are shuffled. Still another operation shuffles motion vectors and/or scrambles sign bits for motion vector coefficients. These operations perturb the data as it will appear visually, without greatly perturbing the entropy of the data as presented to an entropy coder.
摘要:
A system and method are disclosed for distributing, monitoring and managing information requests on a computer network including one or more client computer systems, a first server computer system, and one or more secondary server computer systems. Information requests from the client computer systems to the first server computer system are intercepted and examined by a request broker software system implemented on the first server computer system. The request broker software system examines information regarding the capabilities and resources available on the first server computer system and the secondary server computer systems to determine whether to process the information request locally on the first server computer system or to process the information request remotely on one of the secondary server computer systems. The request broker software system will off-load or distribute the information requests to the secondary server computer systems so as to load-balance the information requests among the secondary server computer systems. The request broker software system will also monitor the processing of information requests and initiate recovery actions in the event a fault or error occurs during the processing of the request. If the information request is to be processed remotely on one of the secondary server computer systems, the request broker software system establishes an authenticated communication channel with the selected secondary server computer system to transmit the information request to the selected server computer system. The secondary server computer system processes the information request and sends the results back to the request broker software system on the first server computer system. The request broker software then sends the results of the information request that was processed either locally or remotely back to the client computer system that originated the information request.