In a content management method, content data is encrypted by a first key, the first key is encrypted by plural types of second keys, the encrypted first key is multiply encrypted by a third key, and the third key is encrypted by a fourth key. These encrypted content data, a medium key which is the first key encrypted by the second key and a move key which is a first key multiply encoded by the second and third keys are recorded in a recording medium, the third key encrypted by the fourth key is ...

A client computer runs an operating system that executes additional applications by loading them using an application loader and executes device drivers for peripheral devices by loading the drivers using a device loader. The operating system restricts the functionality of the operating system, such as by making selected portions and functionality of the operating system unavailable to the user or by limiting the user's ability to add software applications or device drivers to the computer. Addi...

According to the invention, a method for authenticating download of a number of digital content files ordered from a web site is disclosed. In one step, a selection of the digital content files is received with the web site. Download manager software, media information, the digital content files, and first codes for each of the digital content files are sent to the client computer. The media information indicates a location of each of the number of digital content files. A first code is calculat...

Risk profiling in order to optimize the deployment of security measures such as behavior-blocking, hardening, or securing techniques is disclosed. Risk profiling includes evaluating a risk to a host service based on communication with a remote system, creating a risk profile for the host service, and deploying a security measure to protect the host service based on the risk profile. Risk profiling enables optimization of deployment of security measures to protect a host service that is either di...

According to an embodiment of the present invention, the wireless activity in a geographic area containing LAN connection ports is monitored using one or more sensor devices, called sniffers. By analyzing said wireless activity, one or more APs that are operating in said geographic area are identified. The active APs so identified are classified into three categories, namely "authorized" APs (those that are allowed by network administrator), "unauthorized" APs (those that are not allowed by the ...

An authentication system includes a smart access card issued to a user, a client computer, a desktop authentication module configured to prevent a user from accessing resources of the client computer prior to successful completion of a two factor authentication; a card reader interface providing communication between the smart access card and the desktop authentication module; and an enrollment server for enrolling the access card into a server data store. The smart access card has an authentica...

The invention provides a method for controlling the operating state of a lock characterized by a locked state and an unlocked state. The method comprises: entering secret information on an electronic input device (e.g. keypad) located on a radio frequency identity card, then electronically comparing the secret information against an authorized code to determine whether the secret information is authorized, then transmitting by radio frequency an unlocking signal to a radio frequency reader locat...

The present invention generally relates to the acceleration of customer premises equipment based virtual private networks (CPE-VPN). To provide virtual private network service from an enterprise network to a mobile client in a secure manner apparatus and method are provided whereby VPN service is provided which allows the wireless network to use data acceleration techniques. This is accomplished by providing a VPN acceleration server that terminates VPN tunnel from the enterprise network, accele...

The invention provides a method for preventing a denial-of-service attack on a responder during a security protocol key negotiation. The responder receives key negotiation requests designating a source port and source IP address. The responder only maintains state when a key negotiation request is received from an initiating computer with a valid, non-spoofed, source IP address. The responder further limits the number of in-process key negotiations for which the responder maintains state. If a k...

A system and method for allowing a licensee having mobile station hardware to support its own set of carriers and software demands of these carriers, the software including licensor software, the method comprising the steps of: assigning a unique third party identifier to the licensee; assigning a range of carrier identifiers for the licensee; allowing the licensee to create a unique identifier by combining the unique third party identifier with an identifier chosen from the range of carrier ide...