Inventors list

Assignees list

Classification tree browser

Top 100 Inventors

Top 100 Assignees


Authentication by digital signature representation or digital watermark

Subclass of:

713 - Electrical computers and digital processing systems: support

713150000 - MULTIPLE COMPUTER COMMUNICATION USING CRYPTOGRAPHY

713168000 - Particular communication authentication technique

Patent class list (only not empty are listed)

Deeper subclasses:

Class / Patent application numberDescriptionNumber of patent applications / Date published
713179000 Including generation of associated coded record 52
713178000 Time stamp 42
713177000 Signature tree 3
20090193260METHOD AND APPARATUS FOR SECURE AND SMALL CREDITS FOR VERIFIABLE SERVICE PROVIDER METERING - A method and apparatus for obtaining access to services of service providers. In one embodiment, the method comprises requesting a desired service through a foreign service provider, generating a hash tree and generating a digital signature on a root value of the hash tree, sending the digital signature and the root value to the foreign service provider, providing one or more tokens to the foreign service provider with the next packet if the foreign service provider accepts the signature and continuing to use the service while the foreign service provider accepts tokens.07-30-2009
20110219237DOCUMENT REGISTRATION - A document accessible over a network can be registered. A registered document, and the content contained therein, cannot be transmitted undetected over and off of the network. In one embodiment, the invention includes maintaining a plurality of stored signatures, each signature being associated with one of a plurality of registered documents, intercepting an object being transmitted over a network, calculating a set of signatures associated with the intercepted object, and comparing the set of signatures with the plurality of stored signatures. In one embodiment, the invention can further include detecting registered content from the registered document being contained in the intercepted object, if the comparison results in a match of at least one of the signatures in the set of signatures with one or more of the plurality of stored signatures.09-08-2011
20100064141EFFICIENT ALGORITHM FOR FINDING CANDIDATE OBJECTS FOR REMOTE DIFFERENTIAL COMPRESSION - The present invention finds candidate objects for remote differential compression. Objects are updated between two or more computing devices using remote differential compression (RDC) techniques such that required data transfers are minimized. An algorithm provides enhanced efficiencies for allowing the receiver to locate a set of objects that are similar to the object that needs to be transferred from the sender. Once this set of similar objects has been found, the receiver may reuse any chunks from these objects during the RDC algorithm.03-11-2010
Entries
DocumentTitleDate
20110185179System And Method For Digital Rights Management With A Lightweight Digital Watermarking Component - Various embodiments of a system and method for digital rights management with a lightweight digital watermarking component are described. Embodiments may include methods as well as elements for performing such methods. Such a method may include receiving content onto a computer system; the computer system may include a runtime component configured to consume the content. The method may include receiving a digital watermarking component on the computer system. The digital watermarking component may specify information for generating a digital watermark on the content. The method may include applying a digital watermark to the content with the runtime component in order to generate watermarked content. The digital watermark may be applied by the runtime component in accordance with the digital watermarking component. In various embodiments, the received runtime component may be configured to prevent the received content from being consumed without the digital watermark applied to the received content.07-28-2011
20100088519CLIENT DEVICE, KEY DEVICE, SERVICE PROVIDING APPARATUS, USER AUTHENTICATION SYSTEM, USER AUTHENTICATION METHOD, PROGRAM, AND RECORDING MEDIUM - In a user authentication system according to the present invention, at user registration, a client device obtains a signature for a user ID, a password, and a public key by using a private key corresponding to the public key, and sends user information that includes the signature and the above-described information items to a service providing apparatus. The service providing apparatus verifies the signature by using the public key and stores the user information by which the password and the public key are associated with each other. When a request for a service is made, the client device allows authentication processing by sending to the service providing apparatus an authentication response that includes the user ID together with password authentication information, a signature for a challenge sent from the service providing apparatus, or a signature for the password and the challenge, irrespective of whether the authentication method for the service is password authentication, public key authentication, or public-key-and-password combination authentication.04-08-2010
20100017615DIGITAL DATA AUTHENTICATION - A method for protecting a digital document and user data typed into a digital document is presented. The method comprises computation of an authentication tag when the document is sent from a server. A similar authentication tag is computed when the document is shown on a client. When another document referenced in the document is requested by the client from the server, the authentication tag computed by the client is attached to the request for that other document. The server receiving the request compares the authentication tag it computed with the one it received to verify if the request came from an authentic copy of the document. The method is suitable for protection of online banking, online investment, online shopping, and other electronic applications.01-21-2010
20130046991SYSTEM AND METHOD FOR USING A PORTABLE SECURITY DEVICE TO CRYPTOGRAHICALLY SIGN A DOCUMENT IN RESPONSE TO SIGNATURE REQUESTS FROM A RELYING PARY TO A DIGITAL SIGNATURE - A system, method and computer-readable storage medium with instructions for operating a digital signature server and a portable security device to cooperate to provide digital signature services using a private key stored on the portable security device by delegating to a user's smart card the actual task of digitally signing documents. Other systems and methods are disclosed.02-21-2013
20080301450Modular signature verification architecture - It is difficult to provide a mechanism that is able to verify electronic signatures of different types in a simple and cost-effective manner. This is achieved by using a signature verification engine with an interface enabling signature modules to be removably plugged in. Each signature module has information about a particular signature type and functionality for verifying signatures of that type. The signature verification engine receives requests to verify signatures. It identifies a suitable signature module and works with that module to verify the signature. An enterprise who acquires equipment incorporating the signature verification engine is able to plug in its own signature module giving versatility whilst retaining security.12-04-2008
20090193259ELECTRONIC DOCUMENT AUTHENTICITY ASSURANCE METHOD AND ELECTRONIC DOCUMENT DISCLOSURE SYSTEM - An electronic document authenticity assurance technique and an information disclosure system both of which can compatibly realize the assurance of the authenticity of disclosure documents and the deletion of information inappropriate for disclosure. An electronic document is divided into constituent elements and an electronic signature is affixed to an arbitrary subset of a set including all the constituent elements. Otherwise, an electronic signature is affixed to data obtained by binding each of the constituent elements to information specifying the relationship between a respective one of the constituent elements and the structure of the electronic document. Otherwise, the hash values of the respective constituent elements are calculated and an electronic signature is affixed to data obtained by binding the calculated hash values together. Otherwise, random numbers generated for the respective constituent elements are bound together, then the hash values of the respective random-numbered constituent elements are calculated, and then an electronic signature is affixed to data obtained by binding the calculated hash values together.07-30-2009
20090193258CONTROLLING THE DOWNLOADING AND RECORDING OF DIGITAL DATA - A method and apparatus for enabling a licensed end user to record digital data as described is particularly useful to the music industry as it enables them to make audio data available over the internet but to retain control of the uses to which that audio data can be put. Thus, upon completing a financial transaction to pay for the required audio tracks, the end user is enabled to download and decrypt encrypted music tracks and to play them on the end user's personal computer. The end user can also be allowed to burn a CD including the downloaded music tracks. However, the end user is only enabled to decrypt and record the music tracks onto the CD if the music tracks are recorded together with copy protection.07-30-2009
20090193257RIGHTS OBJECT AUTHENTICATION IN ANCHOR POINT-BASED DIGITAL RIGHTS MANAGEMENT - Digital lights management (DRM) can be effectively implemented through use of an anchor point and binding records in a user domain. Furthermore, authentication of a rights object defining the scope of access allowed for a digital property instance may be achieved through use of a signing key in the anchor point. The signing key may be used to assure no tampering has occurred with the rights object since acquisition of a digital property instance. A digital property owner may gain additional functionality and control through implementation of a play counter, rental duration limit, etc., using a signing key.07-30-2009
20090193255Method and apparatus for determining and using the sampling frequency for decoding watermark information embedded in a received signal sampled with an original sampling frequency at encoder side - Many watermarking systems make use of correlation for calculating a detection metric, which means that reference patterns are generated at encoder side and are embedded inside the audio or video signal, dependent on the message to be embedded. The same reference patterns are generated at decoder side. The embedded message is decoded by correlating the reference patterns with the watermarked signal. The watermark detector decides, depending on the size of the correlation result values, whether or not a given reference pattern was embedded. However, decoding watermarked audio or video signals is difficult if the link between the watermark encoder and the watermark decoder is not a digital one, for example an acoustic path. According to the invention, a re-sampler control unit controls the sampling frequency of a re-sampler, in connection with a watermark decoder that outputs, in addition to the watermark information bits, a corresponding confidence value that is derived from the correlation result and that is used for synchronizing the re-sampler sampling frequency with the original sampling frequency of the watermarked signal. The synchronization processing includes a search mode and a synchronized mode.07-30-2009
20130031370ELECTRONIC SIGNATURE AUTHENTICATION - Method of authenticating a signature on a work document in which a remote server generates a digital work fingerprint and a representation file of the work document. The representation file and the digital work fingerprint are transmitted to a client station from the remote server via a wide area communication network, and at least one digital representation fingerprint of the representation file is generated. A file to be signed is generated containing at least the digital work and representation fingerprints. The client station generates only one client signature from the file to be signed, and a client signature file is generated containing at least the file to be signed and the client signature.01-31-2013
20130031369MANAGING ACCESS TO A SECURE CONTENT-PART OF A PPCD USING A KEY RESET POINT - In a method for managing access to a secure content-part of a PPCD, a key reset point of the secure content-part during a workflow among workflow participants is determined. In addition, key-map files comprising subsets of access keys that provide access to the secure content-part during respective content access sessions are generated, in which at least one of the key-map files corresponds to the key reset point and comprises a first decryption key, a first verification key, a second encryption key, and a second signature key, in which the first decryption key does not correspond to the second encryption key, and in which the first verification key does not correspond to the second signature key. In addition, the plurality of key-map files are supplied to at least one of the participants.01-31-2013
20110202772NETWORKED COMPUTER IDENTITY ENCRYPTION AND VERIFICATION - A method for communication includes initiating a communication session over a network between a remote computer (08-18-2011
20120179914Digital Watermark Key Generation - This disclosure relates to message encoding. One claim recites a digital watermark key generation method in which the key providing security for a plural-bit message. The method comprises: providing a plural-bit seed; randomizing the plural-bit seed; using a programmed electronic processor for encoding the randomized plural-bit seed with convolutional encoding, the encoded seed comprising a key; and transforming an independent message with the key, the independent message to be used in a digital watermark encoding process. Of course, other claims and combinations are provided too.07-12-2012
20120179913METHOD AND SYSTEM FOR PROPAGATING A CLIENT IDENTITY - A method and system for securely propagating client identities in a service call from a first system to a target service system are provided. The system includes a memory device for storing data and a service provider (SP) computer system. The SP computer system is programmed to determine identities to transmit to the target system in association with a request, construct a data structure to represent each identity and additional information related to the identity, digitally sign the identity information, pair the identity information and the corresponding digital signature in a header of a request message from the first system to the target service system, receive the request message and extract the identity information and corresponding digital signatures from the header, validate the corresponding digital signatures, and construct using the corresponding identity information a data structure that represents each of the original identities established in the first system.07-12-2012
20120246481VIRTUAL SUBSCRIBER IDENTITY MODULE - A mobile trusted platform (MTP) configured to provide virtual subscriber identify module (vSIM) services is disclosed. In one embodiment, the MTP includes: a device manufacturer-trusted subsystem (TSS-DM) configured to store and provide credentials related to a manufacturer of the MTP; a mobile network operator—trusted subsystem (MNO-TSS) configured to store and provide credentials related to a mobile network operator (MNO); and a device user/owner—trusted subsystem (TSS-DO/TSS-U) configured to store and provide credentials related to user of the MTP. The TSS-MNO includes a vSIM core services unit, configured to store, provide and process credential information relating to the MNO. The TSS-DO/TSS-U includes a vSIM management unit, configured to store, provide and process credential information relating to the user/owner of the MTP. The TSS-DO/TSS-U and the TSS-MNO communicate through a trusted vSIM service.09-27-2012
20100077220Optimization methods for the insertion, protection, and detection of digital watermarks in digital data - Disclosed herein are methods and systems for encoding digital watermarks into content signals. Also disclosed are systems and methods for detecting and/or verifying digital watermarks in content signals. According to one embodiment, a system for encoding of digital watermark information includes: a window identifier for identifying a sample window in the signal; an interval calculator for determining a quantization interval of the sample window; and a sampler for normalizing the sample window to provide normalized samples. According to another embodiment, a system for pre-analyzing a digital signal for encoding at least one digital watermark using a digital filter is disclosed. According to another embodiment, a method for pre-analyzing a digital signal for encoding digital watermarks comprises: (1) providing a digital signal; (2) providing a digital filter to be applied to the digital signal; and (3) identifying an area of the digital signal that will be affected by the digital filter based on at least one measurable difference between the digital signal and a counterpart of the digital signal selected from the group consisting of the digital signal as transmitted, the digital signal as stored in a medium, and the digital signal as played backed. According to another embodiment, a method for encoding a watermark in a content signal includes the steps of (1) splitting a watermark bit stream; and (2) encoding at least half of the watermark bit stream in the content signal using inverted instances of the watermark bit stream. Other methods and systems for encoding/decoding digital watermarks are also disclosed.03-25-2010
20100077219Optimization methods for the insertion, protection, and detection of digital watermarks in digital data - Disclosed herein are methods and systems for encoding digital watermarks into content signals. Also disclosed are systems and methods for detecting and/or verifying digital watermarks in content signals. According to one embodiment, a system for encoding of digital watermark information includes: a window identifier for identifying a sample window in the signal; an interval calculator for determining a quantization interval of the sample window; and a sampler for normalizing the sample window to provide normalized samples. According to another embodiment, a system for pre-analyzing a digital signal for encoding at least one digital watermark using a digital filter is disclosed. According to another embodiment, a method for pre-analyzing a digital signal for encoding digital watermarks comprises: (1) providing a digital signal; (2) providing a digital filter to be applied to the digital signal; and (3) identifying an area of the digital signal that will be affected by the digital filter based on at least one measurable difference between the digital signal and a counterpart of the digital signal selected from the group consisting of the digital signal as transmitted, the digital signal as stored in a medium, and the digital signal as played backed. According to another embodiment, a method for encoding a watermark in a content signal includes the steps of (1) splitting a watermark bit stream; and (2) encoding at least half of the watermark bit stream in the content signal using inverted instances of the watermark bit stream. Other methods and systems for encoding/decoding digital watermarks are also disclosed.03-25-2010
20100077218SYSTEM AND METHOD FOR ELECTRONIC DOCUMENT MANAGEMENT, ORGANIZATION, COLLABORATION, AND SUBMISSION IN CLINICAL TRIALS - According to the present invention, there is provided a system and method for the management, organization, collaboration, and submission of electronic files and documents associated with a clinical trial. The system of the present invention enables users to create and easily access a central document repository. The system of the present invention includes various tools for the management, organization, collaboration, and editing of the documents and files stored within the system, as well as tools which enable automated regulatory submissions of required documents and files.03-25-2010
20100115283SYSTEMS AND METHODS FOR USING CRYPTOGRAPHY TO PROTECT SECURE AND INSECURE COMPUTING ENVIRONMENTS - Computation environments are protected from bogus or rogue load modules, executables, and other data elements through use of digital signatures, seals, and certificates issued by a verifying authority. A verifying authority—which may be a trusted independent third party—tests the load modules and/or other items to verify that their corresponding specifications are accurate and complete, and then digitally signs them based on a tamper resistance work factor classification. Secure computation environments with different tamper resistance work factors use different digital signature authentication techniques (e.g., different signature algorithms and/or signature verification keys), allowing one tamper resistance work factor environment to protect itself against load modules from another tamper resistance work factor environment. The verifying authority can provide an application intended for insecure environments with a credential having multiple elements covering different parts of the application. To verify the application, a trusted element can issue challenges based on different parts of the authenticated credential that the trusted element selects in an unpredictable (e.g., random) way, and deny service (or take other appropriate action) if the responses do not match the authenticated credential.05-06-2010
20130086386METHOD AND SYSTEM FOR RESTRICTING EXECUTION OF VIRTUAL APPLICATIONS TO A MANAGED PROCESS ENVIRONMENT - Methods and systems for restricting the launch of virtual application files. In one embodiment, a launching application is signed with a digital signature. When the launching application launches a runtime engine and instructs it to execute an application file, the runtime engine determines whether an entity identifier associated with the launching application identifies an authorized entity. If the entity identifier identifies an authorized entity and the digital signature is valid, the runtime engine executes the application file. In another embodiment, a ticket is transmitted to the launching application along with an instruction to launch the application file. The ticket includes a digital signature and an expiration date. The launching application communicates the ticket to the runtime engine, which will execute the application file only if the digital signature is valid and a current date is not later than the expiration date.04-04-2013
20130086385System and Method for Providing Hardware-Based Security - In some implementations, a method for managing resources of a device includes receiving, by a system-on-chip (SoC) in the device, from a customer, a request to access one or more resources of the SoC. The SoC includes a non-volatile memory (NVM), a feature register, programming history, and a plurality of resources including the one or more resources. A customer identifier (CID) is identified based on the received request. The customer is authenticated using a certificate including the CID. Whether the SoC grants, to the customer, access to the one or more resources is determine using the feature register and the CID.04-04-2013
20130086387Method for Certifying and Verifying Digital Web Content Using Public Cryptography - There is provided a method of, computer programs for and apparatus for providing and accessing digital content such as a news item. A news provider generates a news item, creates a digitally signed version of the news item and packages them together with a digital certificate issued by a certificate authority containing the public key required to decrypt the digitally signed version. The package is posted to a server and is transmitted, or made available or transmission, over a public data network together with a computer program for verifying the news item. A receiving party receives, over the public data network, the package at a client device and is provided with means for launching, and if necessary first downloading, the verifying program. The verifying program uses the public key contained in the certificate to verify the digitally signed news item. Before being first used to verify a news item, the verifying program receives a shared secret from the receiving party which is stored locally to the client device and is used by the verifying program to confirm that it performed the verification process.04-04-2013
20130080786Signature Specification for Encrypted Packet Streams - Methods, systems, and products are disclosed for specifying a signature for an encrypted packet stream. One method receives the encrypted stream of packets, and encryption obscures the contents of a packet. A signature for insertion into the stream of packets is specified, and the signature identifies a type of data encrypted within the stream of packets. The signature identifies the contents of the packet despite the encryption obscuring the contents.03-28-2013
20130080785Host Agnostic Integration and Interoperation System - A host agnostic integration and interoperation system. The host agnostic integration and interoperation system includes an open platform interface and the associated conventions that define the roles of and direct operations between a host and a service application running on an external application server and allow the host to discover and integrate the functionality provided by the service application. The open platform interface employs a limited number of easily implemented semantic methods allowing a host to expose and integrate the ability to view, edit, or otherwise manipulate a document using the host supported functionality of the service application from a standard user agent. The host agnostic integration and interoperation system handles user authentication at the host using an access token and establishes a trust relationship between the host and the external application server using a lightweight but secure proof key system.03-28-2013
20100037061SYSTEM FOR CONTROLLING THE DISTRIBUTION AND USE OF RENDERED DIGITAL WORKS THROUGH WATERMARKING - A trusted rendering system for use in a system for controlling the distribution and use of digital works. A trusted rendering system facilitates the protection of rendered digital works which have been rendered on a system which controls the distribution and use of digital works through the use of dynamically generated watermark information that is embedded in the rendered output. The watermark data typically provides information relating to the owner of the digital work, the rights associated with the rendered copy of the digital work and when and where the digital work was rendered. This information will typically aid in deterring or preventing unauthorized copying of the rendered work to be made. The system for controlling distribution and use of digital works provides for attaching persistent usage rights to a digital work. Digital works are transferred between repositories which are used to request and grant access to digital works. Such repositories are also coupled to credit servers which provide for payment of any fees incurred as a result of accessing a digital work.02-11-2010
20100037058COLLABORATIVE SECURITY AND DECISION MAKING IN A SERVICE-ORIENTED ENVIRONMENT - A method of providing collaborative security and collaborative decision making in a service-oriented environment. The method includes validating request(s) by application(s) for service(s) in the environment, and providing each service for which an application request is validated. The method also includes monitoring a situational state exposed by services being provided in the environment. Based on the monitored state, the validating of one or more service requests is influenced.02-11-2010
20120265992METHOD FOR PROCESSING A SOAP MESSAGE WITHIN A NETWORK AND A NETWORK - For allowing a one-pass streaming processing of XML (Extended Markup Language) based SOAP (Simple Object Access Protocol) messages with signed and/or encrypted MTOM attachments in a simple way, a method for processing a SOAP message within a network is provided. The SOAP message includes a fragment with binary content that will be moved into an MTOM (Message Transmission Optimization Mechanism) attachment of the SOAP message with a remaining reference to the binary content within the SOAP message and wherein the attachment will be signed and/or encrypted by a signing and encryption process, respectively. During signing process in addition to the hash of the signed fragment itself the same fragment excluding the binary content will be hashed and/or during encryption process in addition to the encryption of the fragment itself the fragment including only the reference to the binary content instead of the binary content will be encrypted.10-18-2012
20130212398METHOD AND SYSTEM FOR VALIDATING A DEVICE THAT USES A DYNAMIC IDENTIFIER - A method that comprises obtaining a currently received signature from a device; obtaining a candidate identifier associated with the device; consulting a database to obtain a set of previously received signatures associated with the candidate identifier; and validating the currently received signature based on a comparison of the currently received signature to the set of previously received signatures associated with the candidate identifier. Also, a method that comprises obtaining a currently received signature from a device; decrypting the currently received signature to obtain a candidate identifier; and a candidate scrambling code; consulting a database to obtain a set of previously received scrambling codes associated with the candidate identifier; and validating the currently received signature based on a comparison of the candidate scrambling code to the set of previously received scrambling codes associated with the candidate identifier.08-15-2013
20090187766System and Method for Digital Signatures and Authentication - A system and method for authentication and digital signatures on memory-only supports, comprising a read-once memory unit storing secret arrays, whose contents are destroyed upon reading, a standard memory unit storing encrypted arrays, tree data authenticating the encrypted arrays to one single public key, and a certificate of the public key issued by a certificate authority. The memory support sends its public key and certificate to a verifier, receives a challenge which is signed by elements from secret arrays in the read-once memory. The verifier system checks the authenticity of the data revealed from the read-once memory by encrypting it and comparing the result to one of the encrypted arrays, and verifies that the encrypted array authenticates to the public key using tree data. Finally, the verifier checks the authenticity of the public key using the certificate.07-23-2009
20130042116INFORMATION PROCESSING APPARATUS AND INFORMATION PROCESSING METHOD - An information processing apparatus including a message generator generating a message based on a set F=(f02-14-2013
20130042115SYSTEMS AND METHODS FOR IMPLEMENTING SECURITY IN A CLOUD COMPUTING ENVIRONMENT - Computer systems and methods are provided in which an agent executive, when initially executed in a virtual machine, obtains an agent API key from a user. This key is communicated to a grid computer system. An agent identity token, generated by a cryptographic token generation protocol when the key is valid, is received from the grid and stored in a secure data store associated with the agent executive. Information that evaluates the integrity of the agent executive is collected using agent self-verification factors. The information, encrypted and signed with a cryptographic signature, is communicated to the grid. Commands are sent from the grid to the agent executive to check the security, compliance, and integrity of the virtual machine processes and data structures. Based on these check results, additional commands are sent by the grid to the agent executive to correct security, compliance or integrity problems and/or to prevent security compromises.02-14-2013
20100100745METHOD OF COMMUNICATING A DIGITAL SIGNATURE TO CERTIFY A TRANSMISSION, ASSOCIATED SYSTEM AND AIRCRAFT - This invention relates to a communication method intended to ensure the receipt of digital data by at least one remote entity, and an associated system, in particular in the context of data transfer with an aircraft.04-22-2010
20100100744VIRTUAL IMAGE MANAGEMENT - Apparatus, systems, and methods may operate to create a virtual image, define usage privileges associated with the virtual image in a description file, and associate a coded summary of an encrypted version of the description file with the virtual image. Other activities may include receiving a request to access the virtual image, authenticating a transmitted version of the coded summary to determine validity of the encrypted version, and processing the encrypted version to determine whether the request to access will be granted. Additional apparatus, systems, and methods are disclosed.04-22-2010
20100100742Transport Stream Watermarking - Methods and apparatuses for processing and watermarking a transport stream with a message. A processed transport stream that includes processed content packets, associated carrier packets, and a watermark descriptor for a group of the associated carrier packets is created from the transport stream. The processed content data represent a first watermark value and are bounded by transport sector boundaries. The associated carrier packets include replacement watermark data that represent a second watermark value and are bounded by transport sector boundaries. These associated carrier packets are paired with processed content packets. The watermark descriptor includes synchronization data. A watermarked transport stream is created by interleaving selected processed content packets and associated carrier packets according to a watermark message.04-22-2010
20130138965CONTROL METHOD, PROGRAM AND SYSTEM FOR LINK ACCESS - A plurality of users is assumed in which user A is the owner of content providing the source of a link, user B is the owner of the content providing the destination of the link, and user C is a viewer. Each user has a private key and a public key, and the public keys are shared by the users. User B selects user C in advance as a viewer. User B creates data including a value in which an encryption key with a proxy signature generated on the basis of the public key of user C and its own private key is encrypted using the public key of user A, and distributes the data to user A, which is the owner of the content providing the source of the link. User A decrypts the received data including the value using its own private key. This makes a function available based on encryption with the proxy signature. User A converts the link information using this function, signs the information using its own private key, and sends it to user C. User C verifies the signature by checking the received information using the public key of user A and the public key of user B, extracts the link information generated by user A using the function, decrypts it using its own private key, and obtains the link information.05-30-2013
20100042844METHOD, BASE STATION, RELAY STATION AND RELAY COMMUNICATION SYSTEM FOR IMPLEMENTING MESSAGE AUTHENTICATION - A method for implementing message authentication is provided. The method includes the following steps. A path by which a destination address of a message to be sent can be reached is determined. A signature processing is performed on the message to be sent according to a private key corresponding to the path, so as to obtain an authentication code. The message to be sent and the authentication code are sent through the path.02-18-2010
20100042843Benchmarks for Digital Watermarking - The presently claimed invention relates generally to digital watermarking of data, e.g., representing video or audio. One claim recites a method including: obtaining data representing video or audio; using a multi-purpose electronic processor programmed for: transforming the data into a transform domain, analyzing the transformed data to identify a plurality of transform coefficients according to predetermined criteria, and altering the identified plurality of transform coefficients to carry a digital watermark; and analyzing the data to determine a baseline state for the digital watermark. Of course, other combinations and claims are provided too.02-18-2010
20090158043SECURE DIGITAL SIGNATURE SYSTEM - The illustrative embodiments provide a computer implemented method, apparatus, and computer program product for receiving a request from a client to instantiate an electronic document. After successful completion of mutual authentication between a web application server and the client, the web application server provides the electronic document to the client. The web application server may then receive a set of changes associated with the electronic document to form a modified document. After receiving a request from the client for a digital signature to be generated for the modified document, the web application server generates a digital signature using a private key of the web application server and an identity of an end-user associated with the client. The web application server then signs the modified document with the digital signature.06-18-2009
20100106973Method and Device for Safeguarding of a Document with Inserted Signature image and Biometric Data in a Computer System - A method for safeguarding an electronic document includes inserting at least one digital signature image into the electronic document and generating a first check sum for the electronic document, with or without optionally-inserted biometric signature data, using a first hash function. A second check sum is then generated using a second hash function. The first check sum and the biometric data, if provided, are then symmetrically encrypted using a key that is the sum of the second check sum and a generated random value. The symmetrically-encrypted first check sum is attached to the document. The random value is then asymmetrically encrypted using a first public key of a first key pair and the asymmetrically-encrypted random value is added to the document.04-29-2010
20090125724OBJECT AUTHENTICATION - An apparatus for authenticating an object is disclosed. The apparatus receives from a sensing device indicating data. The indicating data is formed by the sensing device in response to sensing a plurality of coded data portions on a surface of the object. Each coded data portion encodes a position of coded data portion on the surface, an identity associated with the object and a signature fragment, the signature fragment being a fragment of a digital signature of at least part of the identity associated with the object. A processor then determines from the indicating data the identity associated with the object, a plurality of signature fragments encoded in respective coded data portions, and the position of respective coded data portions, determines a signature fragment identifier for respective signature fragments from the respective positions, determines a determined signature by arranging the plurality of signature fragments according to their respective signature fragment identifiers, decrypts the determined signature to obtain a determined identity, compares the identity to the determined identity, and then authenticates the object using the result of the comparison.05-14-2009
20090125723AUTHENTICATION OF AN OBJECT - A method of authenticating an object is disclosed. Coded data portions are provided on a surface of the object. Each coded data portion encodes a position of coded data portion on the surface, an identity associated with the object and a signature fragment. The signature fragment is a fragment of a digital signature of at least part of the identity associated with the object. Next, indicating data is received from a sensing device in response to the sensing device sensing coded data portions. The indicating data is representative of the data encoded in the coded data portions sensed by the sensing device. From the indicating data the identity associate with the object, a plurality of signature fragments encoded in respective coded data portions, and the position of respective coded data portions are determined. A signature fragment identifier for respective signature fragments is determined from the respective positions. Also, a determined signature is determined by arranging the signature fragments according to their respective signature fragment identifiers. The determined signature is decrypted to obtain a determined identity. The object is authenticated by comparing the identity to the determined identity.05-14-2009
20090125722CROSS-PLATFORM DIGITAL RIGHTS MANAGEMENT PROVIDING MULTI-LEVEL SECURITY INFORMATION FLOW TRACKING - A method and system for generating and controlling access to copy-protected digital media files. Digital media content is obtained and encoded in electronic file using a media codec. The encoded media content is encrypted in the electronic file and a multi-format renderer configured to render the encoded, encrypted electronic file is embedded in the electronic file. When the digital file is accessed, the multi-format renderer generates an invocation code identifying an operation-type in response to a requested operation. A transaction ID storing a user-access policy and associated with the electronic file is retrieved and compared to the invocation code. Based on a result of the comparison of the invocation code and the user-access policy, the multi-format renderer selectively allows the invocation code.05-14-2009
20130046992STORAGE AND RETRIEVAL OF DISPERSED STORAGE NETWORK ACCESS INFORMATION - A method begins by a dispersed storage (DS) processing module receiving a certificate signing request (CSR) from a user device. The method continues with the DS processing module generating a set of hidden passwords based on the CSR and accessing a set of authenticating units to obtain a set of passkeys. The method continues with the DS processing module retrieving a set of encrypted shares and decrypting the set of encrypted shares to produce a set of encoded shares. The method continues with the DS processing module decoding the set of encoded shares to recapture a private key and generating a user signed certificate based on the private key. The method continues with the DS processing module discarding the private key to substantially protect the private key from the user device and outputting the user signed certificate to the user device.02-21-2013
20130046990AUTHENTICATION AND BINDING OF MULTIPLE DEVICES - Systems and methods are described that relate to authentication and/or binding of multiple devices with varying security profiles. In one aspect, a first device with a higher security profile may vouch for the authenticity of a second device with a lower security profile when the second device requests access for content from a content provider. The vouching process may be implemented by allowing the first device to overlay its digital signature on a registration request that has been signed and transmitted by the second device. The second device with the lower security profile may access content from the content provider or source for a predetermined time period, even when the second device does not access content through the first device.02-21-2013
20130046989DIGITAL SIGNATURE MANAGEMENT AND VERIFICATION SYSTEMS AND METHODS FOR DISTRIBUTED SOFTWARE - A digital signature management system for distributed software applications includes a communication network and a digital signature module coupled to the communication network. The system also includes one or more software applications coupled to the communication network that each include an identification code and a signature application that intercepts a digitally signed message received from a sending application and provides it to the digital signature module. The digital signature module can be configured to verify the digital signature of messages it receives from the one more software applications.02-21-2013
20090044017SIGNATURE AND VERIFYING METHOD, AND SIGNATURE AND VERIFYING DEVICE - An RSA signature method is provided in which the length of a signature does not depend on the number of signature devices when multiple signature devices are related to the creation of the signature. A signature device i_{m} includes first conversion means SS02-12-2009
20090089587Methods, Apparatus and Programs for Generating and Utilizing Content Signatures - The presently claimed invention generally relates to deriving and/or utilizing content signatures (e.g., so-called “fingerprints”). One claim recites a method comprising: obtaining a sequence of content identifiers, the sequence of content identifiers corresponding to one or more segments of a media signal; and utilizing at least a processor or electronic processing circuitry, carrying out a convolution operation based on the sequence of content identifiers and content signatures housed or stored in a database to identify the media signal. Of course, other claims and combination are provided as well.04-02-2009
20110004766IP ADDRESS DELEGATION - A method of verifying a request made in respect of an IPv6 address comprising a network routing prefix and a cryptographically generated Interface Identifier. The request includes a delegation certificate containing a public key of the host, one or more further parameters or a formula or formulae for generating one or more further parameters, a specification of a range or set of IPv6 network routing prefixes, an identity of a delegated host, and a digital signature taken over at least the identity and the specification of a range or set of IPv6 network routing prefixes using a private key associated with the public key. The method verifies that the network routing prefix of said IPv6 address is contained within the specification, verifying that the public key and the further parameter(s) can be used to generate the cryptographically generated Interface Identifier, and verifying said signature using the public key.01-06-2011
20100005308Optimization methods for the insertion, protection, and detection of digital watermarks in digital data - Disclosed herein are methods and systems for encoding digital watermarks into content signals. Also disclosed are systems and methods for detecting and/or verifying digital watermarks in content signals. According to one embodiment, a system for encoding of digital watermark information includes: a window identifier for identifying a sample window in the signal; an interval calculator for determining a quantization interval of the sample window; and a sampler for normalizing the sample window to provide normalized samples. According to another embodiment, a system for pre-analyzing a digital signal for encoding at least one digital watermark using a digital filter is disclosed. According to another embodiment, a method for pre-analyzing a digital signal for encoding digital watermarks comprises: (1) providing a digital signal; (2) providing a digital filter to be applied to the digital signal; and (3) identifying an area of the digital signal that will be affected by the digital filter based on at least one measurable difference between the digital signal and a counterpart of the digital signal selected from the group consisting of the digital signal as transmitted, the digital signal as stored in a medium, and the digital signal as played backed. According to another embodiment, a method for encoding a watermark in a content signal includes the steps of (1) splitting a watermark bit stream; and (2) encoding at least half of the watermark bit stream in the content signal using inverted instances of the watermark bit stream. Other methods and systems for encoding/decoding digital watermarks are also disclosed.01-07-2010
20120191978SYSTEM AND METHOD FOR SECURING DATA FOR REDIRECTING AND TRANSPORTING OVER A WIRELESS NETWORK - A system and method for securing data for redirecting and transporting over a wireless network are generally described herein. In accordance with some embodiments, when it is determined that an electronic message that is protected with a first encryption algorithm is to be transported over a wireless network to a wireless device, the electronic message is converted to a data structure that is recognizable by the wireless device and the data structure is encrypted with a second encryption algorithm using a random session key. The second encryption algorithm has a stronger security than the first encryption algorithm. The random session key is encrypted with a public key and packets that comprise the encrypted data structure and the encrypted random session key are transmitted to the wireless device over the wireless network.07-26-2012
20130073856ASSISTED CERTIFICATE ENROLLMENT - A certificate enrollment assistant module may be provided to inject a challenge password into a certificate signing request to be sent, to a Certificate Authority, from a computing device. The certificate enrollment assistant module, thereby, acts as a trusted proxy to assist the computing device in building a valid certificate signing request without the computing device having access to the challenge password.03-21-2013
20130073859SYSTEMS AND METHODS TO SECURE USER IDENTIFICATION - In one aspect, a computing apparatus is configured to verify a digital signature applied on a set of data received from a user device, including an user ID assigned by a partner system to uniquely identify a user of the user device among customers of the partner system, and a user device identifier identifying the user device. The digital signature is generated via applying a cryptographic one-way hash function on a combination of the set of data and a secret, shared between the computing apparatus and the partner system via a secure communication channel separate from a channel used to receive the set of data.03-21-2013
20130073857ONE WAY AUTHENTICATION - A cryptosystem prevents replay attacks within existing authentication protocols, susceptible to such attacks but containing a random component, without requiring modification to said protocols. The entity charged with authentication maintains a list of previously used bit patterns, extracted from a portion of the authentication message connected to the random component. If the bit pattern has been seen before, the message is rejected; if the bit pattern has not been seen before, the bit pattern is added to the stored list and the message is accepted.03-21-2013
20130073858METHOD AND A SYSTEM FOR A SECURE EXECUTION OF WORKFLOW TASKS OF A WORKFLOW IN A DECENTRALIZED WORKFLOW SYSTEM - Secure execution of workflow tasks are executed according to a given execution pattern in a decentralized workflow system with a central workflow engine and multiple task execution agents. The method starts at an i'th execution agent which is selected by at least one preceding execution agent in accord with the execution pattern to perform an i'th task of the workflow. The method includes receiving, from the at least one preceding execution agent via a secure channel, a task-based private key generated by the at least one preceding execution agent, signing workflow information of the workflow for at least one subsequent execution agent with a workflow signature, selecting at least one appropriate subsequent execution agent, computing a task-based private key for the at least one subsequent execution agent, and forwarding to the at least one subsequent execution agent the workflow information with its associated workflow signature.03-21-2013
20130073860ATTRIBUTE-BASED DIGITAL SIGNATURE SYSTEM - An attribute-based digital signature system comprises a signature generation unit (03-21-2013
20130061056EXTENDING AN INTEGRITY MEASUREMENT - A method of extending an integrity measurement in a trusted device operating in an embedded trusted platform by using a set of policy commands to extend a list of Platform Configuration Registers (PCRs) for the device and the current values of the listed PCRs and an integrity value identifying the integrity measurement into a policy register, verify a signature over the integrity value extended into the policy register, and, if verification succeeds, extend a verification key of the trusted platform, plus an indication that it is a verification key, into the policy register, compare the integrity value extended into the policy register with a value stored in the trusted platform, and, if they are the same: extend the stored value, plus an indication that it is a stored value, into the policy register, and extend the integrity measurement in the trusted device if the value in the policy register matches a value stored with the integrity measurement.03-07-2013
20120311340WIRELESS COMMUNICATIONS DEVICE AND AUTHENTICATION PROCESSING METHOD - An authentication method is provided which is capable of performing message authentication within an allowable time regardless of the magnitude of the number of messages and performing message authentication high in accuracy within a range for which the allowable time allows. Upon transmission by wireless communications with another mobile or a fixed station, a message authentication code of communication data and a digital signature are generated (S12-06-2012
20120311336PERFORMING ZERO-COPY SENDS IN A NETWORKED FILE SYSTEM WITH CRYPTOGRAPHIC SIGNING - A method and system for sending data in a file system that uses cryptographic signatures to protect data integrity. A computer system calculates a signature based on the content of a page of a memory. The memory is shared by processes that run on the computer system. The computer system write-protects the page while the page is used for calculation of the signature. When a first process attempts to modify the page, a page fault is triggered. In response to the page fault, the content of the page in memory is copied to a new page in the memory. The new page is accessible by the processes. Access to the page by the first process is redirected to the new page. Subsequent to the page fault, access to the page by the second process is also redirected to the new page.12-06-2012
20090113207SECURE OVERLAY MANAGER PROTECTION - A method for protection of data includes maintaining a control parameter indicative of a current version of the data. The data is partitioned into multiple segments. Respective signatures of the segments are computed, responsively to the control parameter, the segments and respective signatures forming respective signed input segments, which are stored in a memory. After the signed input segments are stored, a signed output segment is fetched from the memory. The signature of the signed output segment is verified responsively to the control parameter, and the data in the signed output segment is processed responsively to verifying the signature.04-30-2009
20090271631ELECTRONIC SIGNATURE SYSTEM AND ELECTRONIC SIGNATURE VERIFYING METHOD - A key creating device creates a first public key and a first secret key of the electronic signature method satisfying the noncounterfeitability and a second public key and the first secret key of the chameleon commitment method. The signature device generates a commitment, a first random number according to the Com algorithm, and a first signature by using the first secret key. The signature device further generates a second random number according to the Cam algorithm by using the message written by adding a first signature to an object message, and creates an electronic signature by combining the first signature and the second random number. A verifying device receives the signed message written by adding the first signature included in the electronic signature to the object message, creates a commitment according to the ComVer algorithm, and performs verification by using the commitment and the first signature.10-29-2009
20090271630AUTHENTICATION SYSTEM, AUTHENTICATION METHOD AND TERMINAL DEVICE - Provided are an authentication method, authentication system and a terminal device in which the authentication of a non-participating third node is can be simplified and can be executed in the case of multicast by using an authentication ticket in a distributed processing network system, the non-participating third node being intended to access each of the nodes, including a first and a second node, constituting a workgroup. The first node that has already participated in the workgroup authenticates the third node intended to participate in the workgroup and issues the authentication ticket including the signatures of both nodes, and when the authentication ticket is submitted to the second node, the second node permits the third node to access, without password-based-authentication, by authenticating the first node and the second node which have signed the authentication ticket.10-29-2009
20090089584SYSTEMS, DEVICES, AND METHODS FOR OUTPUTTING ALERTS TO INDICATE THE USE OF A WEAK HASH FUNCTION - Systems, devices, and methods for outputting an alert on a mobile device to indicate the use of a weak hash function are disclosed herein. In one example embodiment, the method comprises receiving data (e.g. from a server) that identifies at least one first hash function, identifying a hash digest generated using a second hash function, determining if the second hash function is weak using the received data, and outputting an alert indicating that the second hash function is weak if it is determined that the second hash function is weak.04-02-2009
20090070587Advanced Watermarking System and Method - A method, computer program product, and computing device for obtaining an uncompressed digital media data file. One or more default watermarks is inserted into the uncompressed digital media data file to form a watermarked uncompressed digital media data file. The watermarked uncompressed digital media data file is compressed to form a first watermarked compressed digital media data file. The first watermarked compressed media data file is stored on a storage device. The first watermarked compressed media data file is retrieved from the storage device. The first watermarked compressed digital media data file is modified to associate the first watermarked compressed digital media data file with a transaction identifier to form a second watermarked compressed digital media data file.03-12-2009
20090031134Digital watermarking with variable orientation and protocols - A method of digital watermarking selects a mapping of a digital watermark to audio or video content and an embedding gain to produce uniquely watermarked copies for distribution. The embedding method is implemented at points of distribution, including content servers or receivers. By applying varying mapping protocols and random gain, the digital watermark uniquely serializes copies. It also has a structure and embedding configuration that minimizes the effectiveness of collusion, averaging and over-embedding attacks.01-29-2009
20130067233DATA CARD VERIFICATION SYSTEM - To verify a pair of correspondents in an. electronic transaction, each of the correspondents utilises respective parts of first and second signature schemes. The first signature scheme is computationally more difficult in signing than verifying and the second signature scheme is computationally more difficult in verifying than signing. The first correspondent signs information according to the first signature scheme, the second correspondent verifies the first signature received from the first correspondent, using the first signature scheme. The second correspondent then signs information according to the second signature scheme and the first correspondent verifies the second signature received from the second correspondent, according to the second signature algorithm. The method thereby allows one of the correspondents in participate with relatively little computing power while maintaining security of the transaction.03-14-2013
20130067232METHOD AND SYSTEM FOR CREDENTIAL MANAGEMENT AND DATA ENCRYPTION FOR iOS BASED DEVICES - A mechanism and method for managing credentials on an electronic device and providing encryption and decryption services for the electronic device comprising a mobile communication device, smart phone or other computing device. According to an embodiment the device is configured with an iOS based operating system. The device is configured with a data encryption service application and an associated secure data repository. According to an embodiment, the electronic device is configured to download and/or cache credentials from a credential management system operatively coupled to the device, comprising public-private key pairs in a PKI system. According to an embodiment, the electronic device is configured with or stores a digital verification signature. The data encryption service application is configured to encrypt/decrypt data (e.g. files, documents) and optionally digitally sign the encrypted file. The encrypted (and digitally signed data) is contained in the sandbox associated with the data encryption service application.03-14-2013
20120117386Methods for Identifying the Guarantor of an Application - Third-party applications for platforms are linked to identified individuals that guarantee the security of the applications. The linkage is achieved by acquiring one or more biometric records of the individual guarantor, storing those records as a signature in a database, assigning a unique identifier to the signature, and embedding that unique identifier in the executable file of the application. The signature of the guarantor can be compared to other stored signatures of other guarantors to check for individuals posing under multiple aliases. The signature of a guarantor linked to a malicious application can be flagged so that a subsequent application guaranteed by the same individual can be disapproved.05-10-2012
20110022846Systems and Methods for Secure Transaction Management and Electronic Rights Protection - The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node. These techniques may be used to support an all-electronic information distribution, for example, utilizing the “electronic highway.”01-27-2011
20120198240METHOD AND SYSTEM FOR ENTITY PUBLIC KEY ACQUIRING, CERTIFICATE VALIDATION AND AUTHENTICATION BY INTRODUCING AN ONLINE CREDIBLE THIRD PARTY - A method and system for entity public key acquiring, certificate validation and authentication by introducing an online credible third party is disclosed. The method includes the following steps: 1) an entity B transmits a message 1 to an entity A; 2) the entity A transmits a message 2 to a credible third party TP after receiving the message 1; 3) the credible third party TP determines the response RepTA after receiving the message 2; 4) the credible third party TP returns a message 3 to the entity A; 5) the entity A returns a message 4 to the entity B after receiving the message 3; 6) the entity B receives the message 4; 7) the entity B transmits a message 5 to the entity A; 8) the entity A receives the message 5. The present invention can achieve public key acquisition, certificate validation and authentication of the entity by integrating them in one protocol, thereby facilitate the execution efficiency and the effect of the protocol and facilitate the combination with various public key acquisition and public key certificate state enquiry protocols. The present invention suits with a “user-access point-server” access network structure to meet the authentication requirement of the access network.08-02-2012
20090044016PROTECTING A DSP ALGORITHM - A software implementation of a digital signal processing function is protected by selecting a subset of parameters (02-12-2009
20120233469HYBRID SIGNATURE SCHEME - A signature scheme is provided in which a message is divided in to a first portion which is hidden and is recovered during verification, and a second portion which is visible and is required as input to the verification algorithm. A first signature component is generated by encrypting the first portion alone. An intermediate component is formed by combining the first component and the visible portion and cryptographically hashing them. A second signature component is then formed using the intermediate component and the signature comprises the first and second components with the visible portion. A verification of the signature combines a first component derived only from the hidden portion of the message with the visible portion and produces a hash of the combination.09-13-2012
20090013189Method and devices for video processing rights enforcement - A system for protection against unauthorized modifications of digital content, in particular image content, in which a content processing system retrieves content, a fingerprint for the content and at least one modification limit expressing authorized modifications to the content. The content may then be modified, but before saving or exportation is allowed, a second fingerprint is calculated, and the difference between the fingerprints is compared with the at least one modification limit. If the difference is within the allowed bounds, then saving or exportation is allowed; if not, it is prevented. Also provided are a method and a content consumer device performing essentially the same steps before allowing rendering of the content.01-08-2009
20090006853Security protocols for hybrid peer-to-peer file sharing networks - In a hybrid peer-to-peer file sharing network including a receiver peer and a provider peer, the receiver sends the provider a ticket [01-01-2009
20090006852Method and Apparatus for Securing Unlock Password Generation and Distribution - A process may be utilized for securing unlock password generation and distribution. A first set of exclusive responsibilities, assigned to a trusted authority, includes random generation and encryption of an unlock password to compose a randomly generated encrypted unlock password. Further, a second set of exclusive responsibilities, assigned to a security agent, includes sending information associated with the unlock password and a digital signature of information associated with the unlock password to a communication device configured for a network in order to mate the unlock password to the communication device, and sending the randomly generated and encrypted unlock password along with mating data to a password processing center. In addition, a third set of exclusive responsibilities, assigned to a password processing center, includes decrypting the randomly generated and encrypted unlock password.01-01-2009
20090177890Method and Device for Forming a Signature - A device and a method are for forming a signature for use in a transmitter unit or a receiver unit of a communication system. To speed up the formation of a signature and thus the data transfer between a computer unit (e.g., a microcontroller) and a communication controller of the transmitter unit or the receiver unit, the device is arranged as hardware and the device forms the signature for data which are to be transferred from a computer unit of the transmitter unit to a communication controller of the transmitter unit for the purpose of data transmission via a communication medium of the communication system or which are to be transferred from a communication controller of the receiver unit to a computer unit of the receiver unit for further processing.07-09-2009
20130166914METHODS AND SYSTEMS FOR AUTHENTICATING ELECTRONIC MESSAGES USING CLIENT-GENERATED ENCRYPTION KEYS - Systems and methods for authenticating electronic messages using client-generated encryption keys provide for a sender transmitting an original message to a recipient device that includes a digital signature of the original message content and the key used to generate the digital signature. The sender may store an association between the digital signature, the key, and the recipient's address. The recipient may verify the integrity of the original message using the received digital signature and may further verify the authenticity of the message by transmitting a confirmation request message back to the sender that includes the original digital signature and a second digital signature of the confirmation request message using the received key. The sender may either confirm or deny that it sent the original message by determining whether a record exists that associates the digital signature and the key received from the recipient as well as the recipient's address.06-27-2013
20130166915SECURE TEXT-TO-SPEECH SYNTHESIS IN PORTABLE ELECTRONIC DEVICES - A method for secure text-to-speech conversion of text using speech or voice synthesis that prevents the originator's voice from being used or distributed inappropriately or in an unauthorized manner is described. Security controls authenticate the sender of the message, and optionally the recipient, and ensure that the message is read in the originator's voice, not the voice of another person. Such controls permit an originator's voiceprint file to be publicly accessible, but limit its use for voice synthesis to text-based content created by the sender, or sent to a trusted recipient. In this way a person can be assured that their voice cannot be used for content they did not write.06-27-2013
20080294903AUTHENTICITY ASSURANCE SYSTEM FOR SPREADSHEET DATA - A method is provided for applying a redactable signature method capable of verification even after deletion (blacking-out) of a part of a signed electronic document to spreadsheet data.11-27-2008
20080294902METHOD AND SYSTEM FOR IMPROVING SECURITY OF THE KEY DEVICE - The present invention provides a method and a system for improving security of a key device in the information security filed. In order to solve the problem that the security performance of the key device is lower due to the possible tamper of the data needed for encryption and signature in prior art, the present invention provides the method, including steps in which the key device is connected to a computer, then is used to receive the data input by the user through a computer and display the same after a user makes a successful authentication; and to make digital signature or encryption of the data input after the user confirms the content displayed. The above-mentioned system comprises an authentication module, a data receiving module, a display module, a confirmation information receiving module, and a key module. The present invention makes relative display on the key device according to the data input by the user, and provides an input device or generates a random authentication code for confirmation and therefore prevents invalid digital signature or encryption, and improves the security of the key device greatly.11-27-2008
20080294901Media Storage Structures for Storing Content, Devices for Using Such Structures, Systems for Distributing Such Structures - Some embodiments of the invention provide a content-distribution system for distributing content under a variety of different basis. For instance, in some embodiments, the content-distribution system distributes device-restricted content and device-unrestricted content. Device-restricted content is content that can only be played on devices that the system associates with the particular user. Device-unrestricted content is content that can be played on any device without any restrictions. However, for at least one operation or service other than playback, device-unrestricted content has to be authenticated before this operation or service can be performed on the content. In some embodiments, the system facilitates this authentication by specifying a verification parameter for a piece of device-unrestricted content. The content-distribution system of some embodiments has a set of servers that supply (1) media storage structures that store content, (2) cryptographic keys that are needed to decrypt device-restricted content, and (3) verification parameters that are needed to verify device-unrestricted content. In some embodiments, the device that receives the media storage structure inserts the received cryptographic key or verification parameter in the received media storage structure. In some embodiments, the set of servers also supply cryptographic content keys for the device-unrestricted content. These keys are used to decrypt the content upon arrival, upon first playback, or at some other time. However, some embodiments do not store these cryptographic keys in the media storage structures for the device-unrestricted content.11-27-2008
20080294900Authenticity Verification of Articles Using a Database - A digital signature is obtained by digitising a set of data points obtained by scanning a coherent beam over a paper, cardboard or other article, and measuring the scatter. A thumbnail digital signature is also determined by digitising an amplitude spectrum of a Fourier transform of the set of data points. A database of digital signatures and their thumbnails can thus be built up. The authenticity of an article can later be verified by re-scanning the article to determine its digital signature and thumbnail, and then searching the database for a match. Searching is done on the basis of the Fourier transform thumbnail to improve search speed. Speed is improved, since, in a pseudo-random bit sequence, any bit shift only affects the phase spectrum, and not the amplitude spectrum of a Fourier transform represented in polar coordinates. The amplitude spectrum stored in the thumbnail can therefore be matched without any knowledge of the unknown bit shift caused by registry errors between the original scan and the re-scan.11-27-2008
20100146285Digital Watermarks - The present invention relates generally to digital watermarking and steganographic data hiding. In one embodiment a method of rendering content to a user is provided. The rendered content includes a digital watermark embedded therein. In another embodiment, digital watermarking is utilized to facilitate purchase or lease of audio or video content over a network or with a remote computer. In still another embodiment, a compression characteristic is determined, and subsequent steganographic embedding is influenced based on the characteristic. Other embodiments are provided as well.06-10-2010
20110283109SYSTEM AND METHOD FOR SELECTING MESSAGING SETTINGS ON A MESSAGING CLIENT - A system and method of selecting messaging settings on a messaging client are provided. A data store configured to operate in conjunction with the messaging client stores records comprising messaging settings or characteristics for previously received and/or sent messages. The messaging client is configured to send outgoing messages, each of the messages having message characteristics, to determine whether a record for an addressed recipient of an outgoing message exists in the data store, and to select messaging settings to control the message characteristics of the outgoing message based on the record where a record exists.11-17-2011
20120131344IDENTIFYING AND LOCATING AUTHENTICATED SERVICES USING BROADCAST ENCRYPTION - Provided are techniques to enable, using broadcast encryption, a device to locate a service offered by a server with the knowledge that the service offered by the server is a trusted service. A signed enhanced Management Key Block (eMKB) includes a trusted service locator (TSL) that includes one or more records, or “trusted service data records” (TSDRs), each identifying a particular service and a corresponding location of the service is generated and transmitted over a network. Devices authorized to access a particular service parse the eMKB for the end point of the service, connect to the appropriate server and transmit a request.05-24-2012
20090049298System for remote electronic notarization and signatory verification and authentication/ interface/ interlinked with an advanced steganographic cryptographic protocol - A method for remote electronic verification and authentication and screening of potential signatories for remote electronic notary transactions via remote pc encrypted platform to a broadband digitally or WIFI cellular/PDA device or portable pc device. The system implements the following electronic components, but not limited to, electronic signature device, digital certificates, electronic document, electronic biometric devices, electronic audio/visual software/hardware, and electronic payment systems and devices, all electronically synchronized to afford capable notary publics in executing remote electronic notary transactions via a satellite kiosk network or on-line virtual kiosk application.02-19-2009
20100268959Verifying Captured Objects Before Presentation - Objects can be extracted from data flows captured by a capture device. Each captured object can then be classified according to content. Meta-data about captured objects can be stored in a tag. In one embodiment, the present invention includes receiving a request to present a previously captured object to a user, accessing a tag associated with the requested object, the tag containing metadata related to the object, the metadata including an object signature, and verifying that the object has not been altered since capture using the object signature before presenting the object to the user.10-21-2010
20120290846UNAUTHORIZED CONTENTS DETECTION SYSTEM - A data processing device for playing back a digital work reduces the processing load involved in verification by using only a predetermined number of encrypted units selected randomly from multiple encrypted units constituting encrypted contents recorded on a DVD. In addition, the data processing device improves the accuracy of detecting unauthorized contents by randomly selecting a predetermined number of encrypted units every time the verification is performed.11-15-2012
20110276804SERVER AUTHENTICATION METHOD AND CLIENT TERMINAL - A server authentication method is provided. In the method, a client receives a public key of an evaluated server during establishment of a secure communication path with the evaluated server. The client terminal transmits a first ID to the evaluated server. The client terminal receives a second ID and a first random number from the evaluated server. The client terminal determines that the evaluated server is valid when the received first random number corresponds to the transmitted first ID and a public key stored in a public key management unit configured to manage the public key in advance is identical to the received public key. The client terminal transmits a second random number corresponding to the second ID to the evaluated server when the evaluated server is determined to be valid.11-10-2011
20110289318System and Method for Online Digital Signature and Verification - A method to sign online documents may include the steps of loading a signing component from a remote server, automatically launching signing component at user local machine(PC, PDA or smart phone . . .), displaying signing component user interface in web page , entering a password and loading/applying a first key file in cooperation with the signing component, verifying the password and verifying first key, applying the first key to a document digest to generate a digital signature based on the document digest and first key.11-24-2011
20110289320NETWORK WATERMARK - A network communications method utilizing a network watermark for providing security in the communications includes creating a verifiable network communications path of nodes through a network for the transfer of information from a first end node to a second end node; verifying the network communications path of nodes, by the first end node, before communicating by the first end node information intended for receipt by the second end node; and once the network communications path of nodes is verified by the first end node, communicating by the first end node, via the verified communications path of nodes, the information intended for receipt by the second end node; wherein the network watermark represents the verifiable network communications path of nodes.11-24-2011
20110289319METHOD FOR AUTHENTICATING KEY INFORMATION BETWEEN TERMINALS OF A COMMUNICATION LINK - With the help of a key management protocol, the transmitted key information (si) is authenticated by at least one certificate signed by the terminals (A, B), and at least one fingerprint (fp) of the public keys or certificate, which were used for authenticating the key information (si), is added to the useful part of an SIP message (INVITE). The identity information (idi) present in the header (SIPH) of an SIP message is additionally copied into a region of the header (SIPH) or the useful part (B), and a signature (S) is produced by way of the fingerprint (fp), the datum information (di) presented in the header (SIPH) of an SIP message, the copied identity information (idi′), and optionally the certificate reference information (hz), and is inserted into a further region of the header (SIPH) of the SIP message (INVITE). Advantageously, the additional signature that is produced and inserted according to the invention also remains uninfluenced during a transmission across several networks of different network operators, thereby achieving unique authentication of the transmitted key information. With the method according to the invention, accordingly attacks on the security of the authentication in the networks of the different network operators can be avoided.11-24-2011
20120017090SYSTEM AND METHOD FOR ZONE SIGNING AND KEY MANAGEMENT IN A DNS SYSTEM - Methods and systems for signing a DNS zone file and managing zone file signing are provided. An indication of a first DNS zone to be signed is received from one of several remote users, where each such remote user has control over a separate DNS zone. Unsigned zone data is retrieved for the first DNS zone to be signed and is cryptographically signed. The signed zone data is provided to a signed zone master for propagation to one or more DNS servers.01-19-2012
20110296187CLAIM BASED CONTENT REPUTATION SERVICE - In some embodiments, a system may comprise a database and one or more servers. The database may, for example, store a plurality of content claims for previously evaluated data items, with each of the plurality of content claims being associated in the database with a corresponding stored digital fingerprint of a previously evaluated data item. The server(s) may, for example, be configured to receive a determined digital fingerprint of a data item from a client device on another network node, to submit a query to the database using the determined digital fingerprint as a primary key, and to transmit one or more content claims returned by the query to the client device. In some embodiments, the server(s) may be further configured to receive the content claim(s) and the digital fingerprint associated therewith from one or more computers on another network node, and to cause the received content claim(s) and digital fingerprint associated therewith to be stored in the database.12-01-2011
20110296188AUTHENTICATION DEVICE, AUTHENTICATION METHOD, PROGRAM, AND SIGNATURE GENERATION DEVICE - Provided is an authentication device including a key setting unit for setting sεK12-01-2011
20110296191METHOD FOR SECURELY DRAWING UP A VIRTUAL MULTIPARTY CONTRACT CAPABLE OF BEING PHYSICALLY REPRESENTED - The invention relates to a method for securely drawing up a multiparty contract using digital certificates and electronic devices. Said method includes at least three steps: signing, countersigning, and formatting. The formatted document has the specific feature of being capable of being physically represented.12-01-2011
20110296190MOTOR VEHICLE DISPLAY APPARATUS, MOTOR VEHICLE ELECTRONIC SYSTEM, MOTOR VEHICLE, METHOD FOR DISPLAYING DATA, AND COMPUTER PROGRAM PRODUCT - The invention relates to a motor vehicle display apparatus with an electronic device, comprising: 12-01-2011
20110296189AUTHENTICATION DEVICE, AUTHENTICATION METHOD, PROGRAM, AND SIGNATURE GENERATION DEVICE - Provided is an authentication device including a key setting unit for setting a multi-order polynomial u12-01-2011
20080301447SECURE OFFLINE ACTIVATION PROCESS FOR LICENSED SOFTWARE APPLICATION PROGRAMS - A computer readable medium for activating a software application for execution on a designated computer, where the computer readable medium has stored thereon computer executable instructions for performing the following steps: computing an installation identifier reflective of the software application and the designated computer; receiving an activation code generated in accordance with the installation identifier and a blinding factor value; computing a first verification code as a function of the installation identifier; computing a trial blinding factor value; computing a decryption key as a function of the trial blinding factor value and the activation code; using the decryption key to decrypt a second verification code; verifying that the first verification code matches the second verification code; and, activating the software application for execution on the designated computer.12-04-2008
20080301451Verifying authenticity of an attribute value signature - A method and apparatus for verifying authenticity of a digital signature for an attribute value. In one embodiment, the method includes receiving a message including an attribute value of an attribute from a Lightweight Directory Access Protocol (LDAP) repository entry and a digital signature, and verifying that the digital signature authenticates the attribute value.12-04-2008
20080276094COMMUNICATION TERMINAL DEVICE, SERVER APPARATUS, DATA MANAGEMENT METHOD AND RECORDING MEDIUM - A response is made to delivery data received by a communication terminal (cellular phone or the like) through a network (public network), the delivery data and the response action are traced and the delivery data during a predetermined time including the time at which the response action occurs and the data representing the response action are extracted, which is recorded as the traced data (TD). The traced data is transferred to a server device (signature server) through the network, and the data with the signature is transferred to the communication terminal and stored as the signed data.11-06-2008
20130219182SCALABLE WATERMARK INSERTION FOR FRAGMENTED MEDIA STREAM DELIVERY - A media stream is delineated into multiple fragments. Different watermark variants of individual fragments are generated. Particular sequences of watermark variants are selected for particular clients and maintained in a user access database. Analyzing media streams allows determination of the sequences of watermark variants and identification of particular clients intended to receive the media streams. Fragments can continue to be cached efficiently and unique watermarks need not be generated for each individual client.08-22-2013
20100005307SECURE APPROACH TO SEND DATA FROM ONE SYSTEM TO ANOTHER - A secure approach for sending a original message from a sender to a receiver. The sender may encrypt the original message by performing an XOR (or XNOR) operation of the original message and a first random message (same size as original message) on a bit by basis to generate a second message. The receiver may also perform an XOR of the second message with a locally generated second random message. The resulting message is sent to the sender system. The sender system may again perform XOR operation of the received message and the first random message, and send the resulting message to receiver. The receiver may perform XOR operation on the received output to generate the original message sent by the sender. Other technologies such as digital signatures and key pairs (public key infrastructure) may be used in each communication between the sender and receiver to further enhance security.01-07-2010
20090183006METHOD AND APPARATUS FOR APPLYING DIGITAL SIGNATURES TO TRANSLATED CONTENT07-16-2009
20100037062SIGNED DIGITAL DOCUMENTS - In one embodiment, a method includes adding data associated with a description of an attribute of a data set to a digital document and generating a digital signature based on the digital document. The data associated with description of the attribute is included in the generating. The data set is not included in the generating. The data set is capable of being included in the digital document. In some embodiments, a data set is a textual string. In some embodiments, an attribute is a pattern such as, for example, a pattern of characters in a textual string.02-11-2010
20090138720METHOD AND APPARATUS FOR DETECTING MOVEMENT OF DOWNLOADABLE CONDITIONAL ACCESS SYSTEM HOST IN DCAS NETWORK - A method of operating a Secure Micro (SM) of a host in a Conditional Access (CA) system is provided. The method includes: receiving, by the SM, a SecurityAnnounce message including a certificate of an AP server connected with a host; determining, by the SM, whether a public key stored in a memory in advance exists, and setting a flag as a first state when the public key stored in advance exists; verifying, by the SM, a digital signature with respect to the SecurityAnnounce message using the public key stored in advance; and acquiring, by the SM, another public key of the AP server by parsing the certificate and setting the flag as a second state based on whether the flag corresponds to the first state when the SM is unable to verify the digital signature.05-28-2009
20100031048DATA AUTHENTICATOR - A user encoded result is operable to be used to authenticate target data. The user encoded result is determined from a signature for the target data. The signature is formatted and encoded to create the user encoded result. The user encoded result is stored and is operable to be retrieved to authenticate the target data in response to the target data being accessed.02-04-2010
20100042842LIGHT WEIGHT AUTHENTICATION AND SECRET RETRIEVAL - A method for authenticating a message in a network is provided. The method includes a step of generating, in a sink device, a private key and a public key. The private key includes a plurality of sub-private keys. The method further includes a step of generating, in the sink device, a signature for the message. The signature includes a sub-private key and an authentication path associated with the sub-private key in a hash tree. The hash tree is constructed during the generation of the sub-public keys.02-18-2010
20100169655BLOCKING OF UNLICENSED AUDIO CONTENT IN VIDEO FILES ON A VIDEO HOSTING WEBSITE - A system, method and various software tools enable a video hosting website to automatically identified unlicensed audio content in video files uploaded by users, and initiate a process by which the user can replace the unlicensed content with licensed audio content. An audio replacement tool is provided that enables the user to permanently mute the original, unlicensed audio content of a video file, or select a licensed audio file from a collection of licensed audio, and insert the selected in place of the original audio. Where a video file includes unlicensed audio, the video hosting website provides access to video files to a client device, along with an indication to the client device to mute the audio during playback of the video.07-01-2010
20100169654METHOD FOR AUTHOR VERIFICATION AND SOFTWARE AUTHORIZATION - Embodiments of the present invention are directed to a computer-implemented method for author verification and authorization of object code. In one embodiment, program object code is linked with a plurality of data blocks to create linked object code and a MAP file. Thereafter, author verification is performed by executing a plurality of comparisons between the linked object code and the MAP file. In another embodiment, a digital signing procedure is performed on linked object code by creating a signature data block. The signature data block is then encrypted and written to the linked object code to create digitally-signed object code. In another embodiment, an application program embodied in linked object code generates a data packet. The data packet is then compared to a previously-generated signature data packet from the linked object code to determine if the linked object code is authorized.07-01-2010
20100169653APPARATUS, METHOD, AND PROGRAM FOR DIGITAL SIGNATURE - A digital signature method to generate a signature for an electronic document, the method including: initializing a signature t of each of the document segments of electronic document and twice raising the signature t to the power of a hash value of each of the document segments and digitally signing the raised signature to produce a signature s serving as the signature of the electronic document; and revising a document segment; wherein, in the revising, to delete a document segment, the signature t is raised twice to the power of the hash value of the document segment unless the document segment is sanitization prohibited, or the signature t is raised to the power of the hash value of the document if the document segment is sanitization prohibited, and the document segment is deleted; to sanitize a document segment, the document segment is replaced with the hash value thereof.07-01-2010
20100169652DIGITAL WATERMARKING SYSTEMS AND METHODS - Systems and methods for protecting digital content using digital watermarks and for distributing that protected digital content are described. The digital watermark contains watermark information, fingerprint information, and any other information desired by the provider of the digital content. To insert the digital watermark in the digital content, a section of the digital content is selected, whether it is a random section or a desired section (such as the first or last section), and then that section is broken into a given number of individual slides. The digital watermark is created as an additional slide or frame and then placed between the slides of that section. These individual slides, which now contain the watermark, are re-combined and then re-attached to the remainder of the digital content when desired, such as on the fly or at the time of the user's purchase of the digital content. The user (or other viewer) receives only a single packet of information for the digital content, rather than numerous packets of information, preventing compression and decompression processes from avoiding the watermark since any such compression would not only diminish the slide with the watermark on it, but also the content and render the digital content unusable. Other embodiments are described.07-01-2010
20100169651Electronically Signing a Document - An electronic signature device includes a processor, a memory, a user input device including a first biometric input device, and a device interface, all communicatively connected by at least one bus. A method of personalizing the electronic signature device to a user includes receiving a digitized biometric signature of the user via the first biometric input device. A cryptographic key is generated. A biometric electronic template is generated based on the digitized biometric signature. The cryptographic key and the biometric electronic template are stored in the memory.07-01-2010
20100169650STORAGE MINIMIZATION TECHNIQUE FOR DIRECT ANONYMOUS ATTESTATION KEYS - A storage minimization technique for direct anonymous attestation (DAA) keys is presented. In one embodiment, the method includes deriving a random portion of a (DAA) private key from a device's fuse key, computing a point on an elliptical curve from the derived random portion and a master private key, and storing only one coordinate of the point in fuses within the device. Other embodiments are described and claimed.07-01-2010
20100169649Image encryption for print-and-scan channels using pixel position permutation - An image encryption method that includes receiving image data based on an image, wherein the image data comprises a plurality of pixel values, and permuting a plurality of, and preferably all of, the pixel values using at least a secret key to create permuted image data. Also, an image decryption method that includes scanning a printed image to create scanned image data. The printed image is generated from permuted image data that is generated by permuting a plurality of first pixel values of first image data using at least a secret key, obtaining a plurality of second pixel values from the scanned image data, and reverse-permuting a plurality of the second pixel values using at least the secret key to create reverse-permuted scanned image data.07-01-2010
20090210716Direct anonymous attestation using bilinear maps - Direct Anonymous Attestation, DAA, involves a Signer entity using a credential supplied by an Issuer to attest its possession of a particular characteristic to a Verifier without the identity of the Signer being revealed. Security and performance improvements are disclosed where DAA is performed using a non-degenerate, computable, bilinear map with the credential being a CL-LRSW signature on a secret known only to the Signer.08-20-2009
20100185866METHOD AND SYSTEM FOR CATEGORIZING CONTENTS - The present invention discloses a method and system for categorizing contents and relates to network and communication technologies. The content categorizing method includes: categorizing a content for which a category is requested and determining the content category; generating a digital signature according to the content and the content category; and returning the content category and the digital signature. The content screening method includes: receiving a pre-categorized content that carries a content, a content category and a digital signature; performing trust verification on the pre-categorized content according to the digital signature and when the trust verification is successful, screening the content according to the content category carried in the pre-categorized content. The present invention also discloses a content categorizing apparatus, a content screening apparatus, and a system for implementing a trust model. With the present invention, when a pre-categorized content is consumed, the correct mapping between the content and content category carried in the pre-categorized content is verified and the identity of the content categorizer is authenticated to guarantee the legal source of data.07-22-2010
20100268957SIGNATURE GENERATING APPARATUS, SIGNATURE VERIFYING APPARATUS, AND METHODS AND PROGRAMS THEREFOR - A signature is generated by a scheme in which x denotes a secret key of a signature generating apparatus, m10-21-2010
20100268958Systems and Methods for Watermarking Software and Other Media - Systems and methods are disclosed for embedding information in software and/or other electronic content such that the information is difficult for an unauthorized party to detect, remove, insert, forge, and/or corrupt. The embedded information can be used to protect electronic content by identifying the content's source, thus enabling unauthorized copies or derivatives to be reliably traced, and thus facilitating effective legal recourse by the content owner. Systems and methods are also disclosed for protecting, detecting, removing, and decoding information embedded in electronic content, and for using the embedded information to protect software or other media from unauthorized analysis, attack, and/or modification.10-21-2010
20100268956Efficient and secure data currentness systems - Indicating data currentness includes, on any date of a sequence of dates, issuing a proof indicating the currentness status of the data during a particular time interval. The proof may be a digital signature. The time interval may be in the form of a current date and an amount of time. The proof may include a digital signature of the time interval. The proof may include a digital signature of the time interval and the data. The proof may include a digital signature of the time interval and a compact form of the data, such as a hash. Indicating data currentness may also include distributing the proofs to a plurality of unsecure units that respond to requests by users for the proofs. Indicating data currentness may also include gathering a plurality of separate pieces of data and providing a single proof for the separate pieces of data. The data may be electronic documents.10-21-2010
20090049301Method of Providing Assured Transactions by Watermarked File Display Verification - Electronic transactions employing prior art approaches of digital certificates and authentification are subject to attacks resulting in fraudulent transactions and abuse of identity information. Disclosed is a method of improving electronic security by establishing a secure trusted path between a user and an institution seeking an electronic signature to verify a transaction before any request for signature and completing electronic transaction activities occurs. The secure trusted path providing the user with a predetermined portion of the request from the institution for a signature upon a personalized device that cannot be intercepted or manipulated by malware to verify that the request as displayed upon the user's primary computing device is valid.02-19-2009
20120110333SOFTWARE SECURITY - An apparatus with at least one secure memory area comprising a plurality of pre-installed public keys for verifying software authenticity. The apparatus is caused to receive an indication that a software package signed with a private key according to public key infrastructure has been received; check from the secure memory area, whether a public key associated with the private key with which the software package has been signed, is disabled; and if the public key associated with the private key is disabled, prevent execution of the received software package, and otherwise, proceed to verify authenticity of the received software package using the public key associated with the private key.05-03-2012
20120036367Systems and Methods for Transparent Configuration Authentication of Networked Devices - Methods and systems are disclosed for providing secure transmissions across a network comprising a transmitting device and a receiving device. At the transmitting device, a stream of watermark bits is generated. Next, a plurality of watermarks is generated, each of the plurality of watermarks comprising an index number and a portion of the stream of watermark bits. The watermarks are inserted into each header of a plurality of outgoing packets. At the receiving device, the plurality of outgoing packets are received and it is determined if a received packet is valid based on the watermark in the header of the received packet. The stream of watermark bits may be generated using a stream cipher such as RC4, a block cipher such as 3DES in CBC mode, or other equivalent pseudo-random stream generating techniques.02-09-2012
20110197072METHOD AND APPARATUS FOR VERIFYING CGA SIGNATURE - A method and apparatuses for verifying Cryptographically Generated Address (CGA) signature are provided. The method includes: receiving a message sent by a CGA address owner, wherein a RSA public key, a first RSA public key signature, a second public key, and a second public key signature are carried in the message, the first RSA public key binds one or more second public keys, and a part protected by the first public key signature includes the one or more second public keys; verifying the first RSA public key signature according to the message; extracting the second public key, and verifying the second public key signature. According to the method and apparatuses of the embodiment, the effect of supporting other public key can be achieved, the change of the IP address can be omitted, and public key deployment and computing resources are saved.08-11-2011
20120239935SYSTEM FOR ENABLING DIGITAL SIGNATURE AUDITING - A computer method, computer system, and article for enabling digital signature auditing. The method includes the steps of: receiving at least one signature request issued by at least one application, forwarding a first data corresponding to the received at least one signature request to at least one signing entity for subsequent signature of the first data, storing an updated system state that is computed using a function of: i) a reference system state and ii) a second data corresponding to the received at least one signature request, where the reference system state and the updated system state attest to the at least one signature request, and repeating the above steps, using the updated system state as a new reference system state, where the steps of the method are executed at a server of a computerized system.09-20-2012
20100125737PAYMENT TRANSACTION PROCESSING USING OUT OF BAND AUTHENTICATION - Systems, apparatuses, and methods for increasing the security of electronic payment transactions, such as eCommerce transactions conducted over the Internet. A transaction approval or authorization mechanism uses an out of band process to provide authentication or identification data that has previously been registered by a user and associated with the user's payment device or account. The out of band authentication data may be provided in response to a message sent to a user's mobile phone, where the message is generated in response to entering the user's phone number into a form that is provided when the user engages in an electronic payment transaction using a desktop computer. The data may include a digital signature and associated digital certificate that is used to authenticate the user.05-20-2010
20090083543Broadband certified mail - The present invention provides a system and method for providing certified voice and/or multimedia mail messages in a broadband signed communication system which uses packetized digital information. Cryptography is used to authenticate a message that has been compiled from streaming voice or multimedia packets. A certificate of the originator's identity and electronic signature authenticates the message. A broadband communication system user may be provisioned for certified voice and/or multimedia mail by registering with a certified mail service provider and thereby receiving certification. The called system user's CPE electronically signs the bits in received communication packets and returns the message with an electronic signature of the called system user to the calling party, along with the system user's certificate obtained from the service provider/ certifying authority during registration. The electronic signature is a cryptographic key of the called party.03-26-2009
20090249074WIRELESS COMMUNICATION USING COMPACT CERTIFICATES - A method and communications system for generating and using compact digital certificates for secure wireless communication. Each compact certificate includes a digital signature and only a portion of the data used in generating the signature. The remaining certificate data is pre-stored on one or more wireless devices for which secure communication is desired. Upon receiving a compact certificate, the wireless device authenticates the certificate using its digital signature along with both the data contained in the certificate and the data pre-stored on the wireless device. This approach permits secure connections to be established between wireless devices using relatively small digital certificates.10-01-2009
20100293385HTTP-BASED AUTHENTICATION - A system and method for authenticating an HTTP message. A relying party may respond to a request from a requester by sending an HTTP message with authentication specifications to the requester. The requester responds with a new request that adheres to a scheme specified by the relying party. A framework allows for a security token to be located in an HTTP header or a message body, with various options such as fragmenting the token available. An option allows for cryptographically binding the security token to the body of a message. An authentication framework provides for an implementation by an HTTP stack or by an application.11-18-2010
20100082992Cryptographic Applications of Efficiently Evaluating Large Degree Isogenies - Techniques are disclosed for representing and evaluating large prime degree isogenies for use in cryptographic signature and encryption schemes. An isogeny of prime degree 1 may be represented as an ideal in the form (1, A*alpha+B), where 1 comprises the degree of a prime number, the prime number is split into integers a and b, and alpha is a known endomorphism. For a given degree 1, integers a and b define a unique isogeny, allowing the isogeny to be stored with 3 log(1) bits of information. Techniques are also disclosed to evaluate the isogeny at a given point by decomposing the isogeny into an integer and a plurality of smaller degree isogenies, evaluating the smaller degree isogenies at the point with traditional means, and multiplying the results of the evaluations together and with the integer.04-01-2010
20090287934INFORMATION PROCESSING APPARATUS, INFORMATION RECORDING MEDIUM, INFORMATION PROCESSING METHOD, AND INFORMATION PROCESSING PROGRAM - An information processing apparatus includes: a reproducing unit that reads, from a disc, a content and a content code file storing a content code that includes at least any one of a program or conversion data applied to a content reproducing process, to execute the content reproducing process; and a signature verification unit that verifies a digital signature set for the content code file. The signature verification unit verifies the signature using different pieces of set signature target data between a signature verification process executed in reproducing the content recorded in a ROM disc and a signature verification process executed in reproducing the content recorded in a non-ROM disc other than the ROM disc. The reproducing unit, when signature verification is successfully executed by the signature verification unit, applies the content code stored in the content code file, for which signature verification is successful, to reproduce the content.11-19-2009
20100082993COMPUTER-IMPLEMENTED METHODS, SYSTEMS AND COMPUTER PROGRAM PRODUCTS FOR GENERATING AND VERIFYING SIGNATURES - The present description refers in particular to a computer-implemented method, a computer program product, and a computer system for automatically generating a digital signature for a message, the message being representable in a hierarchical tree structure and to a computer-implemented method, a computer program product, and a computer system for automatically verifying a digital signature of a message, the message being representable in a hierarchical tree structure. The computer-implemented method for automatically generating a digital signature for a message, the message being representable in a hierarchical tree structure may comprise: 04-01-2010
20100082990ESTABLISHMENT OF A RELATIONSHIP BETWEEN WIRELESS DEVICES - Embodiments related to the establishment of a relationship between wireless devices are disclosed. In one disclosed embodiment, a wireless device includes an image capture device, a wireless transmitter and receiver, a logic subsystem, and memory comprising instructions executable by the logic subsystem to capture a first image via the image capture device, identify authentication features of the first image, and receive authentication data from a remote media device via the wireless receiver that comprises authentication features of a second image. The instruction further cause the logic subsystem to compare the authentication features of the second image to the authentication features of the first image to establish a trusted relationship with the remote media device if the authentication features of the second image exhibit a pre-determined relationship to the authentication features of the first image.04-01-2010
20100082994Method and apparatus for implementing electronic seal - A method for implementing electronic seal is disclosed. The method includes: storing seal data of an electronic seal, a digital certificate, electronic signature program and a private key of a sealer in an external portable apparatus; performing a Hash conversion to a file to be sealed and the seal data of the electronic seal to generate a data digest, wherein the file to be sealed is a layout file; sealing, in the portable apparatus, the data digest using the private key of the sealer and the electronic signature program to generate an electronic signature result; and combining the file to be sealed, the seal data of the electronic seal, the digital certificate and the electronic signature result to generate a seal combination file.04-01-2010
20090210715Document verification apparatus, document verification method, and computer product - In verifying a digital document, an input of a digital document is received and the digital document is divided into arbitrary constituent parts. A normal random number or a pseudo random number is assigned to each of the constituent parts according to the order in which the constituent parts appear in the digital document. Thus, verification of the authenticity of a digital document is enabled even when an alteration, such as a change of the order of the partial documents or a copy thereof, has been made to the digital document.08-20-2009
20090164790METHOD AND SYSTEM FOR STORAGE OF UNSTRUCTURED DATA FOR ELECTRONIC DISCOVERY IN EXTERNAL DATA STORES - A method and system for storage of unstructured data in external data storage uses low-cost, minimally-functional external data stores (EDS) to store immutable, unstructured content. An external storage layer (ESL) interposed between an e-discovery management application (EMA), and the EDS constitutes an intermediary allowing access to external storage from the EMA and adding functionality unavailable on EDSs, offsetting the functional sacrifice incurred by using the EDS and preserving cost advantage. Caching content on the ESL during propagation to the EDS eliminates latency during file propagation. The ESL creates metadata and maintains an index of the data, allowing the data owner to search and retrieve from the EDS. The ESL compresses, decompresses, encrypts and decrypts data. An ESL vendor can service a number of clients on a fee or subscription basis. The ESL can distribute client data across EDSs and mirror data stored on a first ESL on another ESL.06-25-2009
20100100743Natural Visualization And Routing Of Digital Signatures - Embodiments are provided for securely visualizing and routing digital signatures in an electronic document generated by an application program executing on a computer system. The application program may generate an electronic document for receiving a signature graphic, and calculate a hash value from the electronic document and the signature graphic, and create a cryptographic signature from the hash value using a cryptographic encryption method. The electronic document is digitally signed by embedding the cryptographic signature therein. The application program may further collect and route digital signatures by automatically collecting signatures from individual signers, one-by-one, and identify the appropriate signature line for each signer to sign. The application program may further generate a user interface for creating and collecting digital signatures.04-22-2010
20090276634CONTENT DISTRIBUTION SYSTEM, CONTENT DISTRIBUTION METHOD, AND CLIENT TERMINAL - The user of any one portable terminal sends a content information request including a user ID to a distribution server. In response, the distribution server distributes a stream data of content that can be used on the user's terminal. If the user of a first portable terminal intends to let a second portable terminal try out a certain content, the user sends to the distribution server the trial permission information including the user's own user ID, a content ID of the content of interest, and a digital signature. The distribution server authenticates the received information before distributing a streaming data of a trial-oriented content with the content ID and user ID attached to it as search keys. This allows the content that can be used on a given user terminal to be tried out on another user terminal without the latter user having recourse to the steps of searching for the content in question.11-05-2009
20090287933SYSTEM AND METHOD THAT USES CRYPTOGRAPHIC CERTIFICATES TO DEFINE GROUPS OF ENTITIES - A system and method for issuing a cryptographic certificate comprises describing one or more prerequisite condition on the cryptographic certificate. The one or more prerequisite conditions comprise membership in one or more prerequisite group of entities. An entity may be a participant, a resource or a privilege, etc. The present invention also requires naming one or more target groups of entities on the cryptographic certificate. One or more prerequisite group stakeholder that authorizes an entity in the one or more prerequisite group of entities to be added as members in another group of entities sign the cryptographic certificate. The cryptographic certificate is also signed by one or more target group stakeholders that authorizes an entity to be added as a member of the one or more target groups. Exemplary prerequisite conditions relate to one or more of a membership in another group of entities, a physical characteristic, a temporal characteristic, a location characteristic or a position characteristic, among others.11-19-2009
20110197071Determining Response Signature Commonalities - An analyzer can obtain data regarding signal characteristics in each of multiple communication channels within an access network. The analyzer can use that data to create signatures corresponding to each of the multiple channels. Based on similarities between signatures, the analyzer may then identify clusters of signatures associated with devices that share channels or portions of channels.08-11-2011
20110197070SYSTEM AND METHOD FOR IN- AND OUT-OF-BAND MULTI-FACTOR SERVER-TO-USER AUTHENTICATION - A method to authenticate a server to a client is provided, including in-band and out-of-band techniques. At least a first shared secret identifies a server path, including a plurality of pre-defined locations on a frame of reference (e.g. a grid). An authentication session is initiated upon receiving a client identifier at the server-side resources. A current session instance of the grid is presented to the client, populated with characters. The process includes sharing between the client and the server a challenge identifying a random subset of the plurality of predefined locations in the server path, and a response including characters that match the characters in the locations on the server path identified by the challenge. As a result, client is capable of verifying that the server has access to the first shared secret. Then a protocol is executed to authenticate the client to the server.08-11-2011
20110197069METHOD AND SYSTEM FOR PREVENTING REVOCATION DENIAL OF SERVICE ATTACKS - Methods and systems for preventing revocation denial of service attacks are disclosed and may include receiving and decrypting a command for revoking a secure key utilizing a hidden key, and revoking the secure key upon successful verification of a signature. The command may comprise a key ID that is unique to a specific set-top box. A key corresponding to the command for revoking the secure key may be stored in a one-time programmable memory, compared to a reference, and the security key may be revoked based on the comparison. The command for revoking the secure key may be parsed from a transport stream utilizing a hardware parser. The method and system may also comprise generating a command for revoking a secure key. The command may be encrypted and signed utilizing a hidden key and may comprise a key ID that is unique to a specific set-top box.08-11-2011
20090138719Method, Apparatus, Computer Program, Data Storage Medium and Computer Program Product For Preventing Reception of Media Data From a Multicast Service by an Unauthorized Apparatus - The method for the transmission of media data from a multicast service by a first apparatus to a plurality of second apparatuses is suitable for preventing reception of the media data by an unauthorized second apparatus using a security process. A first apparatus is provided which can be used to provide the media data protected by a security process. A third apparatus is provided which can be used to perform the security process with the first apparatus, performance of the security process between the first apparatus and the third apparatus and, on the basis of this, interchange of at least security data between the first apparatus and the third apparatus in order to provide the media data. A second apparatus is selected which can be used to perform at least one reception process for receiving the media data. A first data transmission link is selected which can be used to couple the first apparatus and the second apparatus at least for the purpose of transmitting the media data. The provided media data is received using the second apparatus via the first data transmission link.05-28-2009
20080209219Method Of Embedding A Digital Watermark In A Useful Signal - Method of embedding a digital watermark in a useful signal, wherein a watermark bit sequence is embedded into the frequency domain of the useful signal using adaptive frequency modulation of two given frequencies by tracking amplitudes of the chosen frequencies of the original signal and modifying them according to the current bit of watermark bit sequence.08-28-2008
20080209218METHODS AND SYSTEMS FOR PROVIDING INDEPENDENT VERIFICATION OF INFORMATION IN A PUBLIC FORUM - A social networking site host includes, in a user's profile, information that has been attested to and verified by both the user and an independent verifier. The independent verifier is an accepted authority with direct knowledge of the information. Both the user and verifier attest to the information by digitally signing the information and including the digital signature with the information. The host or visitors to the social networking site can authenticate the information by using both digital signatures. By authenticating the information, visitors and users viewing information on the social networking site can assume that the information is trusted and accurate.08-28-2008
20090276633Retrieving Content Via A Coded Surface - A method of retrieving a content using a print medium is disclosed. The method starts by determining a print media identifier from the print medium using a sensor module of a mobile telecommunications device. The print media identifier is linked to the content. The method then retrieves, using the mobile telecommunications device, the content.11-05-2009
20090282256SECURE PUSH MESSAGES - A device may receive a secure push message from an administrator device. In addition, the device may generate a first key by combining an administrator code, a client device identifier that identifies a client device, and subscriber information that is associated with a service to which a user subscribes. In addition, the device may hash the first key to generate a second key, and use the second key to sign a data block within the secure push message to produce an electronic signature. Further, the device may validate the secure push message based on the electronic signature.11-12-2009
20100281263RECORDING DEVICE, SERVER DEVICE, RECORDING METHOD, RECORDING MEDIUM WITH COMPUTER PROGRAM RECORDED THEREIN AND INTEGRATED CIRCUIT - A recording device for recording one or more of a plurality of subcontents recorded on a first recording medium, onto a second recording medium, the first recording medium having further recorded thereon digest values of the subcontents, and a medium signature generated based on the digest values of the subcontents, the plurality of subcontents constituting one content, the recording device comprising: a subcontent acquisition unit operable to select and acquire one or more of subcontents permitted to be copied; an excluded digest value acquisition unit operable to acquire excluded digest values from the first recording medium, the excluded digest values being digest values of nonselected subcontents; a signature acquisition unit operable to acquire the medium signature from the first recording medium; and a write unit operable to write, onto the second recording medium, (i) the one or more selected subcontents, (ii) the excluded digest values, and (iii) the medium signature.11-04-2010
20090158044OPTICAL DNA BASED ON NON-DETERMINISTIC ERRORS - The claimed subject matter relates to architectures and/or mechanisms that can facilitate issuing, embedding and verification of an optical DNA (o-DNA) signature. A first mechanism is provided for obtaining a set of manufacturing errors inherent in an optical media instance. These errors can be non-deterministic and can be encoded into the o-DNA that can be cryptographically signed with a private key, and then embedded into the source optical media instance. A second mechanism is provided that can decrypt the o-DNA with a public key and compare the authenticated errors to the observed errors to ascertain whether the optical media instance is authentic as opposed to a forgery or counterfeit.06-18-2009
20120297196MAINTAINING PRIVACY FOR TRANSACTIONS PERFORMABLE BY A USER DEVICE HAVING A SECURITY MODULE - A method and system for maintaining privacy for transactions performable by a user device having a security module with a privacy certification authority and a verifier are disclosed. The system includes an issuer providing an issuer public key; a user device having a security module for generating a first set of attestation-signature values; a privacy certification authority computer for providing an authority public key and issuing second attestation values; and a verification computer for checking the validity of the first set of attestation signature values with the issuer public key and the validity of a second set of attestation-signature values with the authority public key, the second set of attestation-signature values being derivable by the user device from the second attestation values, where it is verifiable that the two sets of attestation-signature values relate to the user device.11-22-2012
20100131768Method and apparatus for digital watermarking - A method for embedding digital watermark data in digital data contents includes the steps of obtaining a frequency coefficient of block data of digital data contents, obtaining a complexity of the block data, obtaining an amount of transformation of the frequency coefficient from the complexity and the digital watermark data, and embedding the digital watermark data by transforming the frequency coefficient. In addition, a method for reading digital watermark data includes the steps of calculating a probability of reading ‘1’ or ‘0’ in a read bit sequence by using a test method on the basis of binary distribution, determining the presence or absence of digital watermark data according to the probability, and reconstituting digital watermark data. Another method includes the steps of performing soft decision in code theory by assigning weights to the digital watermark sequence with a weighting function, and reconstituting digital watermark data.05-27-2010
20100281264INFORMATION PROCESSING APPARATUS, KEY UPDATE METHOD, AND PROGRAM - An information processing apparatus includes: a signature generating section that generates an electronic signature σ by using a signature key KS associated with a verification key KV; and a substitute-key generating section that generates, with respect an electronic document m to which the electronic signature σ is attached by the signature generating section, a substitute verification key KV′ (KV′≠KV) that is capable of verifying a validity of the electronic signature σ and a substitute signature key KS′ (KS′≠KS) associated with the substitute verification key KV′. In a predetermined case, the verification key KV and the signature key KS are updated to the substitute verification key KV′ and the substitute signature key KS′.11-04-2010
20100005311Electronic-data authentication method, Elctronic-data authentication program, and electronic-data, authentication system - An electronic-data authentication method is for authenticating electronic data provided by a virtual person anonymously used on a network, performed by a virtual-person management system including a user terminal, a user management device, and a virtual-person management device. The method includes receiving, by the virtual-person management device, the electronic data, a first electronic signature generated by encrypting the electronic data with a first signature-creation key, and an virtual person ID for uniquely identifying the virtual person from the user terminal; authenticating, by the user management device, the first electronic signature received at the receiving by using a first signature-authentication key corresponding to the first signature-creation key; generating, by the virtual-person management device, a second electronic signature by encrypting the electronic data received at the receiving with a second signature-creation key issued for the virtual person; and transmitting, by the virtual-person management device, the second electronic signature to the user terminal.01-07-2010
20100005310METHOD AND APPARATUS FOR AUTHENICATION OF DATA STREAMS WITH ADAPTIVELY CONTROLLED LOSSES - Methods, components, and systems for efficient authentication, either through a digital signature or message authentication codes, and verification of a digital stream sent from a source to a receiver via zero or more intermediaries, such that the source or intermediary (or both) can remove certain portions of the data stream without inhibiting the ability of the ultimate receiver to verify the authenticity and integrity of the data received. According to the invention, a source may sign an entire data stream once, but may permit either itself or an intermediary to efficiently remove certain portions of the stream before transmitting the stream to the ultimate recipient, without having to re-sign the entire stream. Applications may include the signing of media streams which often need to be further processed to accommodate the resource requirements of a particular environment. Another application allows an intermediary to choose an advertisement to include in a given slot.01-07-2010
20100005309METHOD AND APPARATUS FOR AUTHENTICATION OF DATA STREAMS WITH ADAPTIVELY CONTROLLED LOSSES - Methods, components, and systems for efficient authentication, either through a digital signature or message authentication codes, and verification of a digital stream sent from a source to a receiver via zero or more intermediaries, such that the source or intermediary (or both) can remove certain portions of the data stream without inhibiting the ability of the ultimate receiver to verify the authenticity and integrity of the data received. According to the invention, a source may sign an entire data stream once, but may permit either itself or an intermediary to efficiently remove certain portions of the stream before transmitting the stream to the ultimate recipient, without having to re-sign the entire stream. Applications may include the signing of media streams which often need to be further processed to accommodate the resource requirements of a particular environment. Another application allows an intermediary to choose an advertisement to include in a given slot.01-07-2010
20090265558DOCUMENT VERIFYING APPARATUS, DOCUMENT VERIFYING METHOD, AND COMPUTER PRODUCT - A computer-readable recording medium stores therein a document verifying program. The document verifying program causes a computer to execute receiving input of an electronic document; dividing the electronic document received into arbitrary components; calculating a hash value for each of the components; correlating, for each component, the hash value calculated for the component and a random number allocated to the component according to an appearance position of the component in the electronic document; creating for each component and based on the hash value and the random number correlated for the component at the correlating, a first digital signature and a second digital signature that are different from each other; and appending to each component, the first digital signature and the second digital signature created for the component at the creating.10-22-2009
20090055650CONTENT PLAYBACK DEVICE, CONTENT PLAYBACK METHOD, CONTENT PLAYBACK PROGRAM, AND INTEGRATED CIRCUIT - When a plurality of types of copyright information are detected on a disk or the like, a content playback device and method can appropriately control playback of content in accordance with the copyright information. As the content playback device, a digital watermark detection device attempts to detect watermark information in blocks that make up the content, and a result storage subunit (02-26-2009
20090265557PREVENTING UNAUTHORIZED DISTRIBUTION OF MEDIA CONTENT WITHIN A GLOBAL NETWORK - One embodiment of the invention is a method for providing media content while preventing its unauthorized distribution. The method includes transmitting from a client to an administrative node a request for delivery of an instance of media content (IMC); determining which content source (CS) of a plurality of CSs to provide delivery of the IMC, provided the client is authorized to receive the IMC; transmitting to the client an access key and a location of the IMC; transmitting from the client to the CS a second request and the access key; in response to receiving the second request and the access key, transferring the IMC from the CS to the client; transmitting from the client to the administrative node an indicator indicating a successful transfer of the IMC; and generating a transaction applicable to the client and associated with the transfer of the IMC to the client.10-22-2009
20080313465SIGNATURE SCHEMES USING BILINEAR MAPPINGS - Methods and systems are provided for generating and verifying signatures of digital messages communicated between signers and verifiers. Using bilinear mappings, such as Weil or Tate pairings, these methods and systems enable generation and verification of efficient multisignatures, identity-based ring signatures, hierarchical proxy signatures, and hierarchical online/offline signatures.12-18-2008
20080215889Efficient Watermark Detection - A system and a method of effectively detecting watermarks in a significant amount of data signals. The method, in overview, consists in pre-filtering the significant amount of data signals in order to eliminate from the final watermark detection the segments of the data signals which have no significant relevance to the owner of the copyrights of the watermark under investigation, and then performing the actual watermark detection over the remaining segments of data signals relevant to the investigation. The pre-filtering feature being implemented by a definition of one or more goal descriptors, extraction of one or more descriptors from the data signals and its content and a comparison between goal descriptors and extracted descriptors.09-04-2008
20080229110FAST AUTHENTICATION OVER SLOW CHANNELS - A method of providing secure communications over a network includes receiving, at a receiving computer, a public key of a sending computer, and a hash of a sending random number over a first communication channel, transmitting, from the receiving computer, a public key of the receiving computer and a receiving random number provided by the receiving computer over the first communication channel, and receiving, at the receiving computer, the sending random number provided by the sending computer over the first communication channel.09-18-2008
20080209220Method of Quantization-Watermarking - There is provided a method of detecting a watermark included in a signal by way of quantization index modulation (QIM). The signal with the embedded watermark may have been geometrically transformed (e.g. spatially or temporally scaled) prior to detection. In order to detect the watermark even in such case, the embedder imposes an autocorrelation structure onto the embedded watermark data, for example by tiling. Initially, the detector applies conventional QIM detection. This step yields a first symbol vector, which corresponds to the embedded data when the signal was not tampered with, but does not correspond to the embedded data when the signal was subject to scaling. For example, when one data bit is embedded in each pixel of an image, 50% upsampling of the image causes a QIM detector to retrieve 08-28-2008
20080229109HUMAN-RECOGNIZABLE CRYPTOGRAPHIC KEYS - A visual authentication scheme for websites is provided that binds an image to a website so that a user can by visually authenticate whether he/she is viewing an intended/trusted website. An authentication or cryptographic key (associated with a web page) is rendered as a unique key-identifying image or unique sequence of images. This key-identifying image(s) is then displayed to the user. The user associates this key-identifying image with the originator or source of the web page so that the user can easily recognize the originator by glancing at the key-identifying image. The association between the key-identifying image and the cryptographic/authentication key (and thereby the source of the web page) can be achieved similarly to brand awareness.09-18-2008
20080263359Water mark embedding and extraction - A watermarking key consisting of a sequence of elements is embedded into a data sequence. Each element may take on two or more values. In order to embed a watermarking key, first a reference sequence is divided into blocks. Each element of the watermarking key is associated with a respective block of the reference sequence. A watermarked sequence is then generated by shifting the associated blocks by a degree determined by the value of the respective associated element of the watermarking key.10-23-2008
20100146286Pre-Processed Information Embedding System - Methods are provided for embedding auxiliary information in a host content signal which reduce the memory, bandwidth and computational complexity of the embedding and transmission systems. In one embodiment, a first reduced-scale signal is produced which corresponds to the host content embedded with a first logical value and producing a second reduced-scale signal corresponding to the host content embedded with a second logical value. A first set of segments from the first reduced-scale signal may be combined with a second set of segments from the second reduced-scale signal in a pre-defined manner to produce a composite embedded host content. Thus the storage and transmission requirements of the watermarking system are reduced to having to deal with only the original content plus two reduced-scale signals.06-10-2010
20100146282DYNAMIC IMAGE CONTENT TAMPER DETECTING DEVICE AND SYSTEM - Regularity information such as time codes embedded preliminarily through an electronic watermark is detected from a predetermined number of pieces of continuous frame data of video content through the electronic watermark. In the case where the electronic watermark is not detected from the predetermined number of pieces of continuous frame data, a non-detection count is calculated, and falsification of the predetermined number of pieces of frame data is determined on the basis of the detected regularity information and the non-detection count. Accordingly, falsification such as deletion, addition, and replacement of video content is detected with high accuracy using the electronic watermark.06-10-2010
20090044018Section Inclusion and Section Order Authentication Method for Computer Electronic Documents - This invention creates an electronic “document authentication chain” providing authentication capability of certain document characteristics. Certain operational scenarios require that a primary or third party can prove the section inclusion and section “inclusion order” of document entries. A minimally intrusive and chained watermarking technique is invented facilitating the authentication of these document characteristics using asymmetric or symmetric key digital signatures.02-12-2009
20090049302System And Method For Processing Conent For Later Insertion Of Digital Watermark And Other Data - A method and system for processing content are described including generating a dummy value, inserting the dummy value into encoded content, selecting a position in the encoded content where the dummy value in the encoded content is to be replaced by a real value, generating the real value and replacing the dummy value with the real value in the encoded content.02-19-2009
20090049300Method and system for user attestation-signatures with attributes - The present invention discloses a method for generating and verifying a user attestation-signature value (DAA′) and issuing an attestation value (cert) for the generation of the user attestation-signature value (DAA′). Further, the invention is related to a system for using a user attestation-signature value (DAA′) that corresponds to at least one attribute (A, B, C, D), each with an attribute value (w, x, y, z), none, one or more of the attribute values (x, y) remaining anonymous for transactions, the system comprising: a user device (02-19-2009
20090183007Method, Computer Program Product and Apparatus for Authenticating Electronic Documents - An apparatus for enabling secure control over electronic seals and signatures may include a processing element. The processing element may be configured to select a design drawing file for generation of a corresponding design drawing document, apply a digitized signature and seal and a uniform resource locator (URL) to the design drawing file to generate the design drawing document including the digitized signature and seal and the URL, and store the generated design drawing document at an access-restricted location accessible via the URL, the location being associated with a signer of the digitized signature.07-16-2009
20110208970DIGITAL SIGNATURE AND KEY AGREEMENT SCHEMES - A method is disclosed for performing key agreement to establish a shared key between correspondents and for generating a digital signature. The method comprises performing one of key agreement or signature generation, and using information generated in said one of key agreement or signature generation in the other of said key agreement or said signature generation. By doing this, computations and/or bandwidth can be saved.08-25-2011
20110208969METHOD AND APPARATUS FOR PROVIDING AUTHENTICITY AND INTEGRITY TO STORED DATA - A method and apparatus for storing data is provided herein. During operation, a server will sign only the signatures of the data portions that were generated during the live local capture. The signature of the local signatures generated during the live local capture will then be used to verify the integrity and authenticity of the local signatures. When the integrity and authenticity of the local signatures is verified, an entity can be assured that server is trusted. When a portion of data is to be removed from the server, the data is removed, without removal of its live-local signature. Because data blocks can be deleted as long as the signature remains stored, the overall incident signature, generated at check-in to the trusted server, will still be verifiable as protecting the authenticity and integrity of all remaining data.08-25-2011
20090089585DIGITAL WATERMARK EMBEDDING APPARATUS AND DIGITAL WATERMARK DETECTING APPARATUS - A digital watermark embedding apparatus includes: an extractor configured to extract a specific frequency component from each of N kinds of scaled images about an input image signal to generate N kinds of extracted signals; a generator configured to compress the amplitude of the respective extracted signals on the basis of N kinds of to-be-embedded information corresponding to the N kinds of extracted signals to generate watermark image signals by shifting the predetermined phases; and a superimposer configured to add the N kinds of watermark image signals to the input image signal to generate an output image signal.04-02-2009
20110219235DIGITAL SIGNATURE DEVICE, DIGITAL SIGNATURE METHOD, AND NON-TRANSITORY STORAGE MEDIUM STORING DIGITAL SIGNATURE PROGRAM - A digital signature device includes an operation unit configured to accept key information that specifies target information of digital signature from a user and to accept the digital signature from the user, a control unit configured to extract one or more values that correspond to the key information that is accepted, from a database that stores a plurality of pieces of key information that includes the key information in association with each value, to calculate a characteristic value that is uniquely defined for the value based on the one or more values that are extracted, and to generate signature data that includes the key information, the characteristic value, and information for the digital signature for each of the one or more values, and a storage unit configured to store the signature data.09-08-2011
20090164789AUTHENTICATED MEMORY AND CONTROLLER SLAVE - Systems and methods that can facilitate the utilization of a memory as a slave to a host are presented. The host and memory can provide authentication information to each other and respective rights can be granted based in part on the respective authentication information. The host can determine the available functionality of the memory. The host can activate the desired functionality in the memory and can request memory to perform the desired function(s) with regard to data stored in the memory. An optimized controller component in the memory can facilitate performing the desired function(s) associated with the data to generate a result. The result can be provided to the host, while the data and associated information utilized to generate the result can remain in the memory and are cannot be accessed by the host.06-25-2009
20090164792DATA CARD VERIFICATION SYSTEM - A method of verifying a pair of correspondents in electronic transaction, the correspondents each including first and second signature schemes and wherein the first signature scheme is computationally more difficult in signing than verifying and the second signature scheme is computationally more difficult in verifying than signing. The method comprises the step of the first correspondent signing information according to the first signature scheme and transmitting the first signature to the second correspondent, the second correspondent verifying the first signature received from the first correspondent, wherein the verification is performed according to the first signature scheme. The second correspondent then signs information according to the second signature scheme and transmits the second signature to the first correspondent, the first correspondent verifies the second signature received from the second correspondent, wherein the verification is performed according to the second signature algorithm; the transaction is rejected if either verification fails. The method thereby allows one of the correspondents to participate with relatively little computing power while maintaining security of the transaction.06-25-2009
20090164791SYSTEM AND METHOD FOR DIGITALLY SIGNING AN ELECTRONIC DOCUMENT - A method for digitally signing an electronic document is disclosed. The method includes generating an electronic document to be signed and notifying an authorized signer to sign the electronic document. The method includes validating if the user is the authorized signer for the electronic document by comparing the received identification and the password with a digital certificate of the authorized signer stored in a database. Additionally, the method includes obtaining an image including a digital signature of the authorized signer from a database and resizing the image and inserting the resized image into the signature area of the electronic document if the user is the authorized signer.06-25-2009
20120084567GROUP SIGNATURE SYSTEM AND METHOD PROVIDING CONTROLLABLE LINKABILITY - A group signature system includes: a key issuer server for generating a first parameter of a group public key, generating a corresponding master issuing key, and issuing a signature key to a user when a user device joins; an opener server for generating a second parameter of the group public key, and a corresponding master opening key and master linking key; and a linker server for checking whether two valid signatures have been linked by using the master linking key when the two signatures corresponding to a group public key are given. The group signature system further includes: a signature verifying unit for confirming a validity of the given signatures and a signer information confirming unit for confirming a validity of singer confirming information generated by the opener server.04-05-2012
20090187767DATA-PROCESSING SYSTEM AND METHOD FOR CONTROLLING SAME, COMPUTER PROGRAM, AND COMPUTER-READABLE RECORDING MEDIUM - A data-processing system and method for controlling synthesizing digital-signature information. The system and method include holding first private-key information, inputting second private-key information, generating third private-key information based on the first private-key information and the second private-key information, holding the third private-key information, generating signature information based on information to be verified and the third private-key information, and outputting the information to be verified and the signature information.07-23-2009
20090187765Method and apparatus for determining whether or not a reference pattern is present in a received and possibly watermarked signal - Many watermarking systems make use of correlation for calculating a detection metric, which means that several reference patterns are generated at encoder side and one or more of them are embedded inside the content signal, dependent on the message to be embedded. To decode the embedded message, it is necessary to discover which reference pattern was embedded at encoder side. This is determined by correlating the known reference patterns with the content signal. A watermark detector decides, depending on the size of the correlation result values, whether or not a given pseudo-random sequence was embedded. However, this does not provide correct decisions if watermarked audio is emitted by a loudspeaker and then captured with a microphone. According to the invention, it is taken advantage of the received signal echoes instead of treating them as noise. The watermark detection result is improved by integrating the correlation values resulting from echoes into the main correlation peak, thereby using correlation result amplitude values located within a predetermined neighborhood of a correlation result peak amplitude value and exceeding a predetermined threshold.07-23-2009
20100005306STORAGE MEDIA STORING ELECTRONIC DOCUMENT MANAGEMENT PROGRAM, ELECTRONIC DOCUMENT MANAGEMENT APPARATUS, AND METHOD TO MANAGE ELECTRONIC DOCUMENT - An electronic document management apparatus acquires an electronic document comprised of a plurality of components for each of which a first digital signature and a second digital signature are uniquely specified. The electronic document is linked to an aggregate digital signature which aggregates the first digital signatures. After that the apparatus accepts designation of a component to be “hiding prohibited” within the electronic document. Whether or not the component designated to be “hiding prohibited” is at that time in a state of “hiding allowed and deletion allowed” is judged. When the judgment reveals that the state is “hiding allowed and deletion allowed”, the second digital signature specified for the component designated to be “hiding prohibited” is deleted. Then the state of the component subject to be “hiding prohibited” is changed from “hiding allowed and deletion allowed” to “hiding prohibited and deletion allowed”.01-07-2010
20120198239METHOD AND APPARATUS FOR INPUT OF CODED IMAGE DATA - An image input device which includes a means for inputting image data, a memory for storing secret information and an operator for carrying out an operation by using the image data and the secret information.08-02-2012
20090019287CONTENTS SERVER, CONTENTS RECEIVING APPARATUS AND NETWORK SYSTEM FOR ADDING INFORMATION TO DIGITAL CONTENTS - Method and system for embedding a unique and different digital watermark in digital contents for each access without increasing the overhear or load at the contents server. The contents server has a digital watermark-embedded contents storage unit for storing a plurality of digital contents where a different digital watermark is embedded, and a fingerprint performing unit for, adding to the digital contents the information specified using a bit row that is formed by a digital watermark being embedded for each part of the digital contents.01-15-2009
20090259853DYNAMIC MULTIMEDIA FINGERPRINTING SYSTEM - A dynamic multimedia fingerprinting system is provided. A user requests multimedia content from a Web cache server that verifies that the user is authorized to download the content. A custom fingerprint specific to the user is generated and dynamically inserted into the content as the content is delivered to the user. The custom fingerprint can be generated on the Web cache server or at the content provider's server. The system allows a content provider to specify where the custom fingerprint is inserted into the content or where the fingerprint is to replace a placeholder within the content.10-15-2009
20090024851SYSTEMS AND METHODS FOR MUTUALLY AUTHENTICATED TRANSACTION COORDINATION MESSAGES OVER INSECURE CONNECTIONS - Systems and methods are provided that enable authentication of transaction coordination messages sent via insecure connections. Also provided are systems and methods for controlling transaction coordination and recovery. In many embodiments, there is an exchange between a coordinator and a sub-coordinator, such that the coordinator provides the sub-coordinator with a coordinator token, and the sub-coordinator provides the coordinator with a sub-coordinator token. The coordinator and sub-coordinator tokens are used to authenticate transaction coordination messages sent over one or more insecure connections between the coordinator and the sub-coordinator.01-22-2009
20090210714Method for electronically signing electronic documents and method for verifying an electronic signature - A medical professional registers himself with the trust centre (TC) or trusted registry (TR) acting on behalf of and/or operated by the mobile communication service provider. According to an embodiment of the present invention, the trust centre or trusted registry generates a pair of keys (“private key, public key”) and associates the private key with the mobile-phone identity (IMEI, SIM-chip-number or phone number) in a secret table stored at the TC or TR. The TC or TR also associates the public key with the medical author's name (plus office address) as an entry into a directory.08-20-2009
20090210713METHOD AND A SYSTEM FOR SECURING AND AUTHENTICATING A MESSAGE - There is provided a method for securing and authenticating a message transmitted by a sending party to a receiving party, the method comprising: before transmission, inserting, in the message, security information comprising a secure message identifier allowing for uniquely identifying the message with respect to the communicating parties; storing, in a secure message database, secure message identification information comprising the secure message identifier, where the information asserts that a message having the secure message identifier is sent to the receiving party; providing the receiving party access to the secure message database for authenticating a suspect secure message identifier received in association with a suspect message, where the authenticating comprises accessing and inquiring the secure message database for comparing the suspect secure message identifier with secure message identifiers stored in connection with authentic messages transmitted from the sending party to the receiving party, and notifying the receiving party of a successful authentication if a match is found. There is also provided a system for securing a message to transmit by a transmitting party to a destination party and a system for authenticating a message transmitted by a transmitting party to a receiving party.08-20-2009
20090199010SIGNATURE DEVICE, VERIFICATION DEVICE, PROGRAM, SIGNATURE METHOD, VERIFICATION METHOD, AND SYSTEM - An efficient signature technology is provided, which is capable of arbitrary extraction and storage from a plurality of pieces of data and which can make a signature length relatively short. In a signature device (08-06-2009
20090199013AUTHENTICATION OF CONTENT DOWNLOAD - According to the invention, a method for authenticating download of a number of digital content files ordered from a web site is disclosed. In one step, a selection of the digital content files is received with the web site. Download manager software, media information, the digital content files, and first codes for each of the digital content files are sent to the client computer. The media information indicates a location of each of the number of digital content files. A first code is calculated for each of the digital content files. If the client computer determines that the first code doesn't match a second code for a particular digital content file, it is resent.08-06-2009
20090199012CONTENTS TRANSMISSION METHOD AND CONTENTS TRANSMISSION SYSTEM - Mobile unit 08-06-2009
20090199011INFORMATION PROCESSING APPARATUS AND METHOD - An information processing apparatus includes a classifying unit configured to classify structural elements under predetermined attributes; a storage unit configured to store data, which describes which attribute among the attributes of the structural elements is a target of electronic signature verification, in association with the output destination of a structured document; an attaching unit configured to attach electronic signatures to the structural elements; and an inserting unit configured to refer to the stored data and data of the structured document, generate tree data which corresponds to the output destination of the structured document and indicates which structural element is a target of electronic signature verification among the structural elements to which electronic signatures have been attached, and insert the tree data in the data of the structured document.08-06-2009
20090199008Watermarking digital representations that have undergone lossy compression - Techniques for watermarking digital representations such as MPEG audio frames that spread the watermark information across the entire audio frame. The techniques work in conjunction with lossy compression techniques and are compatible with the perception models that are often used with lossy compression techniques. The watermark information is spread by means of transformations between the space/time domain and the frequency domain. When a MPEG audio frame is being watermarked, the compressed audio frame as it is produced by the quantizer is transformed from the frequency domain to the time domain; the time domain transformation is then randomized using a key and the randomized time domain transformation is transformed into the frequency domain. The watermark information is added at a predetermined frequency in the frequency domain transformation and the sequence of transformations is done in reverse order, with the randomization and derandomization serving to distribute the watermark information across the frequency domain representation of the watermarked audio frame.08-06-2009
20090049299Data Integrity and Non-Repudiation System - A system is disclosed for establishing data integrity and non-repudiation without hashing and without performing a bit to bit comparison of the message. The system includes necessary hardware and/or software to generate a random symmetric key for use with a symmetric encryption algorithm; generate a random sequence having a plurality of elements; separate a message into a plurality of blocks, wherein each block has a size less than or equal to the block size of the symmetric algorithm less the size of a digital signature of one of the plurality of elements; generate a signature for each of the plurality of elements; encrypt a concatenation of each of the plurality of blocks of the message with a corresponding signature, the encryption being performed using the symmetric encryption algorithm and the random symmetric key; and communicating the encrypted concatenation from the gaming server to a gaming device.02-19-2009
20090259852RELIABLE STORAGE MEDIUM ACCESS CONTROL METHOD AND DEVICE - A method of and device for granting access to content on a storage medium, including obtaining cryptographic data from a property, such as a wobble, of the storage medium, reading helper data from the storage medium, and granting the access based on an application of a delta-contracting function to the cryptographic data and the helper data. The delta-contracting function allows the choice of an appropriate value of the helper data, such that any value of the cryptographic data which sufficiently resembles the original primary input value leads to the same output value. Substantially different values of the cryptographic data lead to different values of the output.10-15-2009
20110145586INTEGRATED CIRCUIT AND SYSTEM FOR INSTALLING COMPUTER CODE THEREON - An integrated circuit 06-16-2011
20110145585SYSTEM AND METHOD FOR PROVIDING CREDENTIALS - A method and system is operable to provide credentials by generating a first credential that conforms to a first specified format. A second credential conforming to a second specified format is included in the first credential so that the second credential may be distributed through the cryptosystem using the first specified format. The credential may be a digital certificate.06-16-2011
20110145584Translating Information between Computing Devices Having Different Security Management - A system and method for communicating a document between multiple locations is disclosed. A computing device receives, via a network, multiple portions of a document signed and/or encrypted at a first location in accordance with a first signing and encryption methodology along with a trailer manifest specifying an order the portions need to be assembled to reconstruct the document. Each of the portions and the manifest is individually decrypted and validated using the first signing and/or encrypting methodology. The portions and manifest are re-signed and/or re-encrypted with a second signing and encryption methodology such that the information can be decrypted, the signatures can be validated and the document can be reassembled at a second location.06-16-2011
20090063864CRYPTOGRAPHIC AUTHENTICATION WITH EPHEMERAL MODULES - A method enabling a personal computer to be authenticated by a server is provided. The method comprises the step, which includes for the user in launching the execution of a log-on procedure software, introducing personal identifiers providing access to a signature private key for long-term use relative to the duration of the session. The log-on procedure software produces: identification data of the session Id, a public ephemeral module, a public exponent and at least a pair of ephemeral pubic numbers and ephemeral private numbers related by a generic equation of the type: G=Q03-05-2009
20090055651AUTHENTICATED MEDIA COMMUNICATION SYSTEM AND APPROACH - Media authentication is facilitated. In connection with an example embodiment, media is authenticated using an encoded projection of the media that is decoded using the media as an input. A condition of authenticity of the media is determined based upon an indication of distortion of the media characterized by a decoding of the encoded projection.02-26-2009
20090055652SYSTEM AND METHOD FOR SECURING ONLINE CHAT CONVERSATIONS - A system, method and program product for securing online chat conversations. The disclosed method includes the steps of capturing a chat conversation into an image file; adding a watermark to the image file; extracting the watermark from the watermarked image file; and validating the watermark.02-26-2009
20080263358SYSTEM AND METHOD FOR LIMITING SPYWARE ACTIVITY - A system and method of detecting and limiting unsolicited data uploads. Downloaded content such as web pages and emails are scanned for web forms and/or links. A watermark is added where appropriate and the modified downloaded content is forwarded to the person who requested the content. A check is made to determine whether information received from a user includes appropriate watermarks. If so, the watermark is removed and the information is forwarded to its destination.10-23-2008
20090049304DIGITAL WATERMARK EMBEDDING APPARATUS AND METHOD, AND DIGITAL WATERMARK ANALYSIS APPARATUS, METHOD AND PROGRAM - A digital watermark embedding apparatus comprises below units. A first generation unit generates a plurality of symbol sequences each of which includes a plurality of symbols including ranks, each of the ranks being uniquely numbered among each of the symbol sequences, each of the symbol sequences uniquely corresponding to each of a plurality of identification information items to be embedded as digital watermark information into each of copies of digital contents. A second generation generates a plurality of to-be-embedded codes corresponding to each of the symbols in each of the symbol sequences. An embedding unit embeds the to-be-embedded codes in each of the copies.02-19-2009
20110231664ACCELERATED SIGNATURE VERIFICATION ON AN ELLIPTIC CURVE - A public key encryption system exchanges information between a pair of correspondents. The recipient performs computations on the received data to recover the transmitted data or verify the identity of the sender. The data transferred includes supplementary information that relates to intermediate steps in the computations performed by the recipient.09-22-2011
20110231663Systems and methods to generate, preserve, collect, search, and certify authentic original documents - The data-content authentication center includes a data-content receiver comprises a transceiver for receiving data/content directly from a data/content generation/capturing device by first checking and confirming a registered device identification (ID) of the data/content generation/capturing device before receiving the data/content transmitted from the data/content generation/capturing device into the data-content receiver.09-22-2011
20110231662CERTIFICATE VALIDATION METHOD AND VALIDATION SERVER - The validation server obtains information related to a first cryptographic method from a certificate which is contained in a certificate validation request from a terminal device. When the information related to the first cryptographic method is not stored in a storage unit of the validation server as valid information, the validation server determines that the information related to the first cryptographic method is invalid. When the information related to the first cryptographic method is stored in the storage unit as valid information and also the information related to a second cryptographic method listed in the certificate in the certification path is not stored in the storage unit during the certification path validation, the validation server determines that the information related to the second cryptographic method is invalid.09-22-2011
20090199009Systems, methods and computer program products for authorising ad-hoc access - Methods, systems and computer program products for authorizing ad-hoc access are disclosed. A method for ad-hoc authorization comprising the steps of sending a pre-token via an unsecured communication channel to a device requesting ad-hoc authorization, sending a token associated with the pre-token via a secure communications channel to a proxy for the device, receiving evidence of access by the device to the token and determining the ad-hoc authorization based on the evidence. The systems and computer program products disclosed provide means for practicing the methods disclosed.08-06-2009
20090100267Signatures with confidential message recovery - A portion of the signed message in an ECPVS is kept truly confidential by dividing the message being signed into at least three parts, wherein one portion is visible, another portion is recoverable by any entity and carries the necessary redundancy for verification, and at least one additional portion is kept confidential. The additional portion is kept confidential by encrypting such portion using a key generated from information specific to that verifying entity. In this way, any entity with access to the signer's public key can verify the signature by checking for a specific characteristic, such as a certain amount of redundancy in the one recovered portion, but cannot recover the confidential portion, only the specific entity can do so. Message recovery is also provided in an elliptic curve signature using a modification of the well analyzed ECDSA signing equation instead of, e.g. the Schnorr equation used in traditional PV signature schemes.04-16-2009
20090210717IMAGE PROCESSING APPARATUS, AUTHENTICATION PACKAGE INSTALLATION METHOD, AND COMPUTER-READABLE RECORDING MEDIUM - An image processing apparatus is disclosed that includes an installation unit that installs an authentication package providing a function related to authentication; a signature confirmation unit that confirms whether an issuance source of the authentication package is an authenticated issuance source based on an electronic signature attached to the authentication package; and an authentication package confirmation unit that confirms the authentication package based on attribute information of the authentication package confirmed to be the authenticated issuance source by the signature confirmation unit. In the image processing apparatus, the installation unit installs the authentication package confirmed by the authentication package confirmation unit.08-20-2009
20110225427USE OF CERTIFICATE AUTHORITY TO CONTROL A DEVICE'S ACCESS TO SERVICES - A mobile communications device having a digital certificate authenticating the device itself is proposed. A server for authenticating the device and a method of authenticating the device are also disclosed. The device comprises a transmitter, a processor, a memory and a computer readable medium. The memory includes a certificate certifying the authenticity of the mobile communications device, the certificate comprising device-specific data and a digital signature signed by an authority having control of the authenticity of the mobile communications device. The computer readable medium has computer readable instructions stored thereon that when executed configure the processor to instruct the transmitter to transmit a copy of the certificate to a service provider in response to a request to authenticate the mobile communications device with the service provider.09-15-2011
20090249075SYSTEM AND METHOD OF AUTHORIZING EXECUTION OF SOFTWARE CODE IN A DEVICE BASED ON ENTITLEMENTS GRANTED TO A CARRIER - Embodiments include systems and methods for authorizing software code to be executed or access capabilities in secure operating environments based on at least one carrier profile. Carrier profiles may be issued by trusted entities to extend trust to other entities to allow those other entities to provide or control execution of applications in a secure operating environment such as on particular computing devices. The carrier profiles allow entities to add software code to a device without reauthorizing each distribution by the trusted authority, or to limited groups of devices controlled or authorized by the other entities.10-01-2009
20090210718SYSTEM AND METHOD FOR UPDATING MESSAGE TRUST STATUS - Systems and methods for processing encoded messages within a wireless communications system are disclosed. A server within the wireless communications system performs signature verification of an encoded message and provides, together with the message, an indication to the mobile device that the message has been verified. In addition, the server provides supplemental information, such as, for example, a hash of the certificate or certificate chain used to verify the message, to the device, to enable the device to perform additional checks on the certificate, such as, for example, validity checks, trust checks, strength checks, or the like.08-20-2009
20090217048WIRELESS DEVICE AUTHENTICATION BETWEEN DIFFERENT NETWORKS - A method and system for roaming between heterogeneous networks. The method involves authenticating a mobile communication device on a first network, providing the device with a single-use token that can be used to sign-on to a second network without requiring conventional re-authentication over the second network. The method and system allows a token or set of tokens to be sent to a mobile device over a secure and trusted channel. The token can then be sent over another network, operating over a different protocol to an authentication system where its contents are verified and authorization to access the new network is generated such that the token does not need to be processed by the new network. Hence the mobile device does not need to re-authenticate to the new network.08-27-2009
20090254753SYSTEM AND METHOD OF AUTHORIZING EXECUTION OF SOFTWARE CODE BASED ON ACCESSIBLE ENTITLEMENTS - Embodiments include systems and methods for authorizing software code to be executed or access capabilities in secure operating environments. Profiles may be issued by trusted entities to extend trust to other entities to allow those other entities to provide or control execution of applications in a secure operating environment such as on particular computing devices. A request in a first program may be received from a second program. A profile is then identified. The profile includes at least one entitlement associated with the second program. The profile is authenticated based on a first digest indicative of the profile and the second program is authenticated based on a second digest indicative of the second program. The request is then executed based on the entitlement.10-08-2009
20120131346SECURING PRIVATE KEY ACCESS FOR CROSS-COMPONENT MESSAGE PROCESSING - Often, for reasons of wireless bandwidth conservation, incomplete messages are provided to wireless messaging devices. Employing cryptography, for secrecy or authentication purposes, when including a received message that has been incompletely received can lead to lack of context on the receiver's end. By automatically obtaining the entirety of the message to be included, an outgoing message that includes the received message can be processed in a manner that securely and accurately represents the intended outgoing message. Alternatively, a server can assemble a composite message from a new message and an original message and, in cooperation with a wireless messaging device, sign the composite message. Since signing the composite message involves access to a private key, access to that private key is secured such that such access to the private key can only be arranged responsive to an explicit request for a hash that is to be signed using the private key.05-24-2012
20100275029SYSTEM AND METHOD OF INSTALLING SOFTWARE APPLICATIONS ON ELECTRONIC DEVICES - In at least one embodiment, there is provided a mobile wireless device comprising: a microprocessor and memory, the memory comprising a set of control settings used to control a plurality of device operations; wherein the microprocessor is configured to: receive a first digital signature key for verifying digital signatures on software applications to be installed on the device; determine if any digital signature keys for verifying digital signatures on software applications to be installed on the device exist on the device, and if not, store the received first digital signature key in the memory; receive a software application for installation on the device; verify a digital signature on the received software application using the first digital signature key; and install the software application on the device if the digital signature on the received software application is successfully verified.10-28-2010
20100275025METHOD AND APPARATUS FOR SECURE COMMUNICATION - In a device, method and/or computer-readable medium for secure communication between a client device and a server, the client device includes a browser for accessing a website provided by the server, the client device generates a key according to a key generating cryptographic routine; tags the key with a marker associating the key with the website; and stores the tagged key in a memory associated with the browser.10-28-2010
20100275026METHOD AND APPARATUS FOR IMPROVING CODE AND DATA SIGNING - Methods and computing devices enable code and/or data software on computer devices to be verified using methods and signatures which can be updated by a signing server after distribution. Updated verification methods and signatures may be provided in a second signature file. When a computing device unpacks an application for execution it may check whether a second signature file is associated with the application file. If not it may connect to a signing server to request a second signature file for the software. The signing server then may request information related to the software sufficient to determine if the software is trustworthy. If determined to be trustworthy, the signing server can send a second signature file to the computer device for use in verifying the software henceforth. The second signature file may include new or modified verification methods and a new signature.10-28-2010
20090240947SYSTEM AND METHOD FOR SECURELY ACCESSING MOBILE DATA - The present invention provides a system and method for maintaining secure information on mobile devices and that balances security and convenience in the provision of mobile data access. Security is maintained by extending the use of industry-accepted two-factor authentication methods, and convenience is enhanced by utilizing a user's existing mobile device accessories as an authentication factor. As a result, the present invention provides a strong authentication system and method without the cost or burden of requiring the user to acquire additional hardware for security purposes.09-24-2009
20090254755Object Authentication From A Signature Part - A method of authenticating an object in which a computer system receives indicating data from a sensing device. The indicating data is generated in response to sensing of coded data provided on or in a surface associated with the object and is indicative of an identity of the object and at least part of a signature. The signature is in turn a digital signature of at least part of the identity. The computer system uses the indicating to determine a received identity and a received signature part, before using the using the received identity to determine at least a determined signature part. The determined signature part is then compared to the received signature part to authenticate the object.10-08-2009
20090254754LIGHTWEIGHT GEOGRAPHIC TRAJECTORY AUTHENTICATION VIA ONE-TIME SIGNATURES - A system and method for a vehicle-to-vehicle communications system that provide active safety applications employing lightweight geographic authentication using one-time signatures. The system and method require each vehicle to construct a discretized representation of its trajectory, which captures its kinematical history to a tunable degree of accuracy and to a tunable extent in the past. This trajectory information is then signed using a one-time signature. Thus, with every periodic message, the sending vehicle transmits the usual application payload, a signed version of the trajectory as described, and the digital signature over all of the fields.10-08-2009
20100161992Device and method for protecting data, computer program, computer program product - A device and method for protecting data in which preset data (m) are stored in a first memory in a control unit; the data (m) are signed with a signature (σ_i) by a subscriber (i) belonging to a group of subscribers (06-24-2010
20130219185AUTHENTICATION DEVICE, AUTHENTICATION METHOD, PROGRAM, AND SIGNATURE GENERATION DEVICE - Provided is an authentication device including a key setting unit for setting a multi-order polynomial u08-22-2013
20130219184METHOD AND SYSTEM FOR SECURE ELECTRONIC SIGNING - Disclosed is a method for secure electronically signing a document, which comprises: reading the document to be signed by an application; presenting a graphical representation of said document to a user; and accepting the document to be signed by the user. The method also comprises: at a server, computing a hash function, an extended validation function for the hash and a readable summary function of the to-be-signed document; from the server, sending the hash function and the extended validation function for the hash to the application and to a signing device; from said the server, sending said hash function and the readable summary function of the to-be-signed document to a secondary device.08-22-2013
20130219183VALlDATING A SYSTEM WITH MULTIPLE SUBSYSTEMS USING TRUSTED PLATFORM MODULES AND VIRTUAL PLATFORM MODULES - Software validation is provided for a breakout system having multiple subsystems at the edge of a mobile data network. The software validation utilizes one or more trusted platform modules (TPM) to secure multiple subsystems including virtual machines in the breakout system. Hash values for the software in the various subsystems are placed in Platform Configuration Registers (PCRs) of the TPM. The TPM cryptographically signs quotes, which are a collection of hash values from the PCRs. The breakout system produces an extensible markup language (XML) file with the signed quotes related to the subsystems and sends them to a network management system for verification. The network management system validates the software configured on the breakout system using a public key to access the quotes and compares the values to known good values stored in an inventory record associated with the specific breakout system being validated.08-22-2013
20080307231Secure Handling of Stored-Value Data Objects - An approach to managing stored-value data objects, such as electronic tickets, comprises secure systems and procedures for ticket issuing, storage, and redemption. With these systems and procedures in place, stored-value data objects may be securely transferred to remote systems, such as a user's personal electronic device, for subsequent secure redemption, thus allowing the user to gain access to the desired goods or service upon redeeming the data object. Techniques provide secure delivery of the requested data object to the requesting device, and provide secure redemption and disposal of the data object. Ticket issuing systems may be Internet-accessible systems, and users may purchase and redeem tickets using mobile terminals or other devices adapted for wireless communication. Standardized WPKI and Internet access procedures may be employed in ticket issuance and redemption. Techniques further provide temporary and rapid verification data objects useful where rapid ticket verification is essential, such as mass transit systems.12-11-2008
20090276632Systems, Methods, and Media for Providing Secure Content Information - Systems, methods, and media for providing secure content information are provided. In some embodiments, systems for providing secure content information are provided, the systems comprising: a processor that creates a payload, creates a validation value, securely stores the validation value in association with a content distribution, and stores the payload in association with the content distribution. In some embodiments, systems for providing secure content information are provided, the systems comprising: a processor that receives a payload associated with a content distribution, creates a first validation value for the payload, recovers a second validation value associated with the content distribution, compares the first validation value and the second validation value, and determines if the payload has been tampered with.11-05-2009
20090276630Group Signature System And Information Processing Method - In a group signature system of the present invention, user device 11-05-2009
20100153733METHOD AND SYSTEM FOR AUTHENTICATING INTERNET USER IDENTITY - A method and system for authenticating an Internet user identity by cross-referencing and comparing at least two independent sources of information. A first geographical location of computer signature of an internet user is identified and the geographical location of a communication voice device of said internet user is identified to determine a second location. The first and second locations are compared for geographical proximity to confirm the identity of the internet user. Based upon geographical proximity of said locations, a score is assigned to the internet user, and access to a website is allowed or limited based upon said score. Alternatively, additional authentication information can be required or access can be terminated.06-17-2010
20100153732 CACHE-BASED METHOD OF HASH-TREE MANAGEMENT FOR PROTECTING DATA INTEGRITY - The present disclosure relates to accessing data stored in a secure manner in an unsecure memory, based on signatures forming an integrity check tree comprising a root signature stored in a secure storage space, and lower-level signatures stored in the unsecure memory. One embodiment calculates a first-level signature from the data in a group comprising a changed datum, and temporarily stores the signature calculated in a secure memory. The embodiment calculates a signature to check the integrity of a lower-level signature by using the signature to be checked and a second signature belonging to a same group as the signature to be checked, read as a priority in the secure memory and in the unsecure memory if it has different values in the secure and unsecure memories.06-17-2010
20100180124VERIFICATION APPARATUS AND PROGRAM - According to one embodiment of the present invention, the first authentication context includes the template certificate indicative of the validity of a template and the first apparatus evaluation certificate indicative of the validity of the first apparatus evaluating information whilst the second authentication context includes the second apparatus evaluating certificate indicative of the validity of the second apparatus evaluating information. And the template certificate and the first and second evaluation certificates are verified when verifying the first and second authentication contexts. Thus, the validity of the template used for authentication or the apparatus evaluating information included in the authentication context can be verified.07-15-2010
20100180123PROCEDURE AND ARCHITECTURE FOR THE PROTECTION OF REAL TIME DATA - The object of the present invention is to safeguard the authenticity and integrity of real-time data in a distributed real-time computer system. The present invention considers other requirements of real-time data processing, such as the timeliness of real-time data transmission and limited resource availability. Frequent modification of an asymmetric key pair hinders intruders from cracking a key before its validity has expired. The present method can also be extended to safeguard the confidentiality of real-time data. It can be implemented efficiently on a multiprocessor system-on-chip (MPSoC).07-15-2010
20100262831Method and Apparatus for Providing Secure Linking to a User Identity in a Digital Rights Management System - Disclosed is a DRM device and method for providing secure linking to a user identity. A first request is sent to a subscriber identity module. A message is received from the subscriber identity module via a secure authenticated channel. The message comprises at least a a master key identifier, a random number, and a derived key. In response to the message, a second request is sent to a DRM server. The second request comprises at least a master key identifier, the device identifier, and a random number. Also disclosed is a DRM server and method for providing secure linking to a user identity. A first request is received from a DRM device. The first request comprises at least master key identifier, a device identifier, and a random number. The DRM device is authenticated. A second request for an application specific key is sent to a trusted key management server. The second request comprises at least a master key identifier. At least a key is received from the trusted key management server. A derived key is determined from the key received from the trusted key management server based at least on the device identifier and the random number. A challenge/response scheme is used to determine whether the derived key of the DRM server matches a derived key of the DRM device.10-14-2010
20100191973SYSTEM AND METHOD FOR ESTABLISHING A SECURE CONNECTION WITH A MOBILE DEVICE - Methods and apparatus are provided for establishing a secure connection with a mobile device that is configured to store a first private key that mathematically corresponds to a first public key. The method comprises receiving a quasi-public key from a trusted entity, wherein the quasi-public key mathematically corresponds to a quasi-private key that is stored on the mobile device, receiving a first digital certificate from the mobile device, the first digital certificate comprising the first public key and a first digital signature generated with the quasi-private key, and authenticating the first digital certificate using the first digital signature and the quasi-public key.07-29-2010
20120198238METHOD FOR ESTABLISHING AN ELECTRONIC AUTHORIZATION FOR A USER BEARING AN ELECTRONIC IDENTITY DOCUMENT, AND METHOD FOR SUPERVISING SAID AUTHORIZATION - The invention relates to a method for generating and validating a digital authorization request, as well as to the method for supervising said authorization. The method of invention enables the guarantee, due to a combination of a series of signatures, at any time, of the identity of the bearer of the document and of the validating body.08-02-2012
20100185868PERSONILIZED DIGITAL MEDIA ACCESS SYSTEM - The invention is an apparatus that facilitates access to encrypted digital media to accept verification and authentication from an excelsior enabler using at least one token and at least one electronic identification. The at least one electronic identification could be a device serial number, a networking MAC address, or a membership ID reference from a web service. Access to the product is also managed with a plurality of secondary enablers using the at least one electronic identification reference.07-22-2010
20100217992COMPOUNDING SECURITY WITH A SECURITY DONGLE - Exposure of a security mechanism, over time and/or in particular markets, increases the likelihood that the security mechanism will be compromised. A security dongle, however, can resist/delay being comprised by compounding one or more security techniques with the security dongle security mechanism (e.g., a unique identifier of the dongle stored in a secure area of the dongle, a cryptographic token with a private key that cannot be retrieved from the memory of the security dongle, etc.). A dynamic element (e.g., a changing key) and/or an unexposed element (e.g., a private key secured by an owner) can be used in conjunction with a security dongle to buttress against being compromised. Using the dynamic element and/or the unexposed element, the security dongle can be cryptographically bound to at least an identifier of a piece of software enabled by the security dongle.08-26-2010
20100262832ENTITY BIDIRECTIONAL AUTHENTICATION METHOD AND SYSTEM - An entity bidirectional authentication method and system, the method involves: the first entity sends the first message; the second entity sends the second message to the credible third party after receiving the said first message; the said credible third party returns the third message after receiving the second message; the said second entity sends the fourth message after receiving the third message and verifying it; the said first entity receives the said fourth message and verifies it, completes the authentication. Compared with the conventional authentication mechanism, the invention defines an on-line retrieval and authentication mechanism of a public key, realizes the centralized management for it, simplifies the operating condition of the protocol, and facilitates the application and implement.10-14-2010
20100180122Method and Device for Detecting an Attempt to Substitute an Original Casing Portion of an Electronic System with a Replacement Casing Portion - The invention relates to an electronic system comprising a casing consisting of at least first and second casing portions and containing a device for detecting the substitution of the first casing portion. The device comprises a first integrated circuit intended to be fixed to the first casing portion and a second integrated circuit intended to be fixed to the second casing portion. The second circuit is adapted to transmit to the first integrated circuit successive random or pseudo-random digital signals (R). The first integrated circuit is adapted to return to the second integrated circuit, for each digital signal, the first encrypted signature (S) from said digital signal. The second integrated circuit is adapted to determine a second encrypted signature (S′) from said digital signal and to detect a substitution of the first casing portion if the first and second encrypted signatures are different.07-15-2010
20100191977DATA CERTIFICATION METHOD AND APPARATUS - Apparatus for certifying electronic data supplied by a user receives data to be signed, supplied by the user from a source device, at a certifying apparatus including at least a signature server providing a signing function. An encrypted password is received at that server from the source device via a first communication path, the password being generated by an authentication system providing an authentication function separate from the signing function and the password being transmitted to the source device via a second communication path, the signature server and the authentication system have different communication paths with the source device. A version of the encrypted password is communicated between the signature server and the authentication system via a third communication path, different to the first and second paths, for authenticating the user. A result of the authenticating of the user is determined at the signature server by the communication between the authentication system and the signature server, that result being determined by verification of the version of the encrypted password, that verification being performed without the signature server verifying the actual plaintext password. The data to be signed is signed using elements of information secure to the signature server if the result of the authentication indicates that the user is authenticated. The signed data from the certifying apparatus is then passed to a recipient device so that the elements of secure information certify that the data supplier is the user. A method of certifying the data is also disclosed.07-29-2010
20100191975PRIVACY-PRESERVING COMMUNICATION - Anonymous information sharing systems and methods enable communication of information to parties in a privacy-preserving manner such that no one other than the designated parties can know the source, recipient, and content of the information. Furthermore, the communication can be accomplished without requiring trial decryption, and protection can be provided against of sharing of privileges.07-29-2010
20120124383SYSTEM AND METHOD FOR PROTECTING NETWORK RESOURCES FROM DENIAL OF SERVICE ATTACKS - The present disclosure generally pertains to systems and methods for protecting network resources from denial of service attacks. In one exemplary embodiment, a responder stores an access filter value used to determine whether an incoming message frame has been transmitted from an authorized user. In this regard, a user communication device includes logic for determining the access filter value stored at the responder and, includes the access filter value in a message frame transmitted from the computer to the responder. The responder compares the received access filter value to the stored access filter value. If such values match or otherwise correspond, the responder authenticates the message frame. However, if such values do not match or otherwise correspond, the responder discards the message frame. Thus, the responder processes authenticated message frames and discards unauthenticated message frames thereby preventing denial of service attacks from malicious users.05-17-2012
20100191976METHOD FOR INSTALLING RIGHTS OBJECT FOR CONTENT IN MEMORY CARD - A method, device and system for stably issuing a rights object (RO) to a memory, namely, an SRM, via a terminal. When RO has been issued to the memory card, namely, to the SRM, by using the stable procedure, the RO can be compatible with a different terminal that does not support the stable procedure, whereby the RO can be completely used by the different terminal.07-29-2010
20100191974SOFTWARE APPLICATION VERIFICATION - Various embodiments for software application verification are disclosed. Software application verification applies digital rights management to applications that run protected content on a playback device. In this way, protected content may be provided to approved applications and withheld from applications that have not been approved to run the protected content.07-29-2010
20100228985CONTENT MANAGEMENT METHOD AND APPARATUS IN INTELLIGENT ROBOT SERVICE SYSTEM - A content management method in an intelligent robot service system includes: generating a key to distribute the key to a content generation node and a content execution node; generating a signature for a content using the distributed key in the content generation node; providing the content and the signature to the content execution node; and verifying a validity of the content in the content execution node to execute the verified content.09-09-2010
20090077385Authenticating An Object - A method of authenticating an object is disclosed. The method starts by receiving indicating data. The indicating data was generated in response to sensing of a coded data portion provided on or in a surface associated with the object. The indicating data is indicative of an identity, a position of the coded data portion, and a fragment of a signature. The signature is a digital signature of at least the identity, and comprises a plurality of signature fragments. The method then proceeds by determining from the indicating data, a received identity, a received signature fragment and the position of the coded data portion. Using the position, a received signature fragment identifier is then determined. Next, using the received identity, a determined signature is determined. A determined signature fragment is also determined using the determined signature and the received signature fragment identifier. Finally, the determined signature fragment is compared to the received signature fragment, and the object is authenticated using the result of the comparison.03-19-2009
20100228983Third-party watermarking - A “third-party watermark” is inserted into a file or files uploaded by a client to a “storing party” such as a file backup server. The third-party watermark may contain information about the upload itself, such as time and date of the upload and the identity of the client. The third-party watermark may also contain authentication information received from the client or elsewhere that establishes that the client is in proper possession of the file, e.g., it is not a “bootlegged” copy.09-09-2010
20100228984FULL-RIGHTS LOCAL PLAYBACK OF DIGITAL CONTENT - A method of playing a digital content item includes downloading the digital content item from a removable data-holding medium to a local data-holding medium of a media playing system, and sending a licensing request to a network-accessible, digital-content service. The method further includes receiving a full-rights license for the digital content item from the digital-content service, where the full-rights license grants a right to play the digital content item from the local data-holding medium of the media playing system without the removable data-holding medium being present. The method further includes receiving a request to play the digital content item, and verifying the full-rights license for the digital content item. The method further includes playing the digital content item from the local data-holding medium if the full-rights license verifies, without the removable data-holding medium being present.09-09-2010
20100217991SURGERY ROBOT SYSTEM OF SERVER AND CLIENT TYPE - A server-client type surgical robot system is disclosed. One aspect of the present invention provides a surgical robot system that includes a plurality of control clients, which generate control signals, and a surgical server, which is manipulated in correspondence with the control signals received from authenticated control clients. The server-client type surgical robot system can include a plurality of control clients for manipulating one surgical server, and incorporates security technology in server-client based robot surgery, to allow greater safety in performing surgery.08-26-2010
20100217990COMMUNICATION METHOD, RELAY SERVER DEVICE, PROGRAM, AND RECORDING MEDIUM - A first connection between a first terminal 08-26-2010
20120036365COMBINING REQUEST-DEPENDENT METADATA WITH MEDIA CONTENT - An edge component receives a request for media content from a user device. The request includes both an indication of the media content and an indication of request-dependent metadata for the media content. The edge component obtains the request-dependent metadata for the media content from a content delivery service, and obtains the media content from a content delivery network. The edge component combines the request-dependent metadata and the media component, returning both the request-dependent metadata and the media content to the user device.02-09-2012
20090044019SYSTEM AND METHOD FOR DIGITALLY SIGNING ELECTRONIC DOCUMENTS - A system for digitally signing electronic documents is disclosed. The system includes a mobile device, an application server and a database, the mobile device includes a requesting module and a digest encrypting module, the application server includes an obtaining module, a digest generating module and a merging module. The requesting module is configured for sending a request for a digital signature of an electronic document to the application server; the obtaining module is configured for obtaining the electronic document from the database; the digest generating module is configured for generating a digest of the electronic document, and sending the digest to the mobile device; the digest encrypting module is configured for encrypting the digest, generating an encrypted value, and sending the encrypted value to the application server; the merging module is configured for merging the encrypted value and the electronic document. A related computer-based method is also disclosed.02-12-2009
20100146284SYSTEM FOR EMBEDDING DATA - A method and system for embedding data in video frames is described, the method comprising receiving marking information, representing the marking information as a 2-coordinate vector, denoted 06-10-2010
20100235643AUTHENTICATION OF AN OBJECT - A system for authenticating an object is disclosed. The system includes an optical sensing device and a processor. The optical sensing device senses coded data provided on a surface associated with the object. The coded data is indicative of a position on the surface, an identity associated with the object, and a part of a signature. The signature is a digital signature of the identity. The processor determines, using the sensed coded data, a sensed identity and a sensed signature part, determines, using the position, a sensed signature part identity, determines, using the sensed identity, at least a determined signature, determines, using the determined signature and the sensed signature part identity, a determined signature part, compares the determined signature part to the sensed signature part, and authenticates the object using the result of the comparison.09-16-2010
20100211794Extraction of Video Fingerprints and Identification of Multimedia Using Video Fingerprinting - A video fingerprinting algorithm extracts characteristic features from regions of interest in a media object, such as a video signal. The regions of interest contain the perceptually important parts of the video signal. A fingerprint may be extracted from a target media object, and the fingerprint the target media content may then be matched against multiple regions of interest of known reference fingerprints. This matching may allow identification of complex scenes, inserts, and different versions of the same content presented in, for example, different formats of the media object.08-19-2010
20100223472METHOD AND SYSTEM FOR LEGALLY SHARING FILES - The invention relates to a method and a system for distributing a content item, which has been divided into a plurality of blocks of data. A control unit creates at least one watermark block. This watermark block is unique for the client and the content item to be distributed and is stored in a watermark unit. Before the content item is distributed to the client the client will need a ticket in order to verify himself when connecting to other clients. The clients can, if they have valid tickets, connect to each other and transfer the blocks of data to and from each other. In order for a client to receive a complete content item it also needs to connect to the watermark unit in order to obtain the at least one watermark block that makes the content item complete.09-02-2010
20100211795SYSTEM AND METHOD FOR VERIFYING DIGITAL SIGNATURES ON CERTIFICATES - A system and method for verifying a digital signature on a certificate, which may be used in the processing of encoded messages. In one embodiment, when a digital signature is successfully verified in a signature verification operation, the public key used to verify that digital signature is cached. When a subsequent attempt to verify the digital signature is made, the public key to be used to verify the digital signature is compared to the cached key. If the keys match, the digital signature can be successfully verified without requiring that a signature verification operation in which some data is decoded using the public key be performed.08-19-2010
20100211793SECURE SIGNING METHOD, SECURE AUTHENTICATION METHOD AND IPTV SYSTEM - A secure signing method, a secure authentication method, and an IPTV system are disclosed. The secure signing method includes preparing digital signature header fields and setting an attribute, calculating a hash digest of content using a hashing algorithm, storing the calculated hash value in a message digest field of the digital signature header, encrypting the message digest using a secret key and inserting the encrypted message digest in a signature field of the digital signature header, and associating the digital signature header with the content by prefixing the digital signature header to the content. The secure authentication method includes checking whether a format and value of a digital signature header of content are appropriate, calculating a hash digest of the content using a hashing algorithm, comparing the calculated hash value with a message digest field of the digital signature header, decrypting the hash value of the signature field of the digital signature header using a public key extracted from a certificate field, and comparing the decrypted hash value with the message digest.08-19-2010
20100211792COMMUNICATION CHANNEL ACCESS BASED ON CHANNEL IDENTIFIER AND USE POLICY - A communication channel has an associated channel authenticator that includes a channel identifier, a use policy identifying how an owner of the communication channel indicates the communication channel is used, and a digital signature over the channel identifier and use policy. The identifier of the communication channel and the use policy can be verified by a computing device, and a check made as to whether a current security policy of the computing device is satisfied by the use policy. An access that the computing device is allowed to have to the communication channel is determined based at least in part on both whether the current security policy is satisfied by the use policy and whether the identifier of the communication channel and the use policy are verified.08-19-2010
20100250952 TWO-WAY ACCESS AUTHENTICATION METHOD - A two-way access authentication method comprises: According to the system parameters pre-established by the third entity, the first entity sends the access authentication request packet to the second entity, then the second entity validates whether the signature of first entity is correct, and if yes, the share master key of second entity is calculated; the second entity generates the access authentication response packet and sends it to the first entity, then the first entity validates whether the signature of access authentication response packet and the message integrity check code are correct; if yes, the share master key of first entity is calculated; the first entity sends the access authentication acknowledge packet to the second entity, then the second entity validates the integrity of the access authentication acknowledge packet, if passing the validation, the share master key of first entity is consistent with that of the second entity, and the access authentication is achieved. For improving the security, after received the access authentication request packet sent by the first entity, the second entity may perform the identity validity validation and generates the access authentication response packet after passing the validation.09-30-2010
20100250951COMMON KEY SETTING METHOD, RELAY APPARATUS, AND PROGRAM - A secret key of a second apparatus is stored in a relay apparatus. A first apparatus specifies secret information used to identify a common key, generates encrypted secret information by encrypting the secret information by using a public key of the second apparatus, and transmits the encrypted secret information to the relay apparatus. Then, the relay apparatus decrypts the encrypted secret information by using the secret key of the second apparatus to extract the secret information. The relay apparatus transmits the encrypted secret information to the second apparatus. The second apparatus decrypts the encrypted secret information by using the secret key of the second apparatus to extract the secret information. Finished messages corresponding to communication log information and the secret information are exchanged between the first apparatus and the relay apparatus and between the second apparatus and the relay apparatus.09-30-2010
20100250950COMMUNICATION APPARATUS - A communication apparatus includes: a first storage unit storing a received electronic mail; a verification unit executing a first verification about an electronic signature attached to the received electronic mail; a printing unit printing the received electronic mail if a verification result of the first verification is positive; a deletion unit deleting the printed electronic mail from the first storage unit; and a storage control unit controlling a second storage unit to store the mail information about the received electronic mail in the second storage unit if the verification result of the first verification is negative. The verification unit again executes the first verification about a specific electronic signature attached to a specific electronic mail which mail information is stored in the second storage unit. The printing unit prints the specific electronic mail if a verification result by again executing the first verification about the specific electronic signature is positive.09-30-2010
20100250949GENERATION, REQUESTING, AND/OR RECEPTION, AT LEAST IN PART, OF TOKEN - An embodiment may include circuitry to at least one of generate at least in part, receive at least in part, and request at least in part, a token. The token may identify, at least in part, a device to an entity. The token, as received by the entity, may be encrypted, at least in part, based at least in part upon the entity's public key. The token may be generated by an authorized provider of the token based at least in part upon an identifier of the device and a signature. The signature may be generated based at least in part upon the provider's private key and the identifier. The token, as received by the entity, may be capable of being decrypted at least in part, based at least in part upon the entity's private key. The entity's private key may be maintained in secrecy from the device and provider.09-30-2010
20120131348METHOD FOR SIGNING DOCUMENTS USING A PC AND A PERSONAL TERMINAL DEVICE - A method for obtaining a digital signature is disclosed. Upon receipt of request for a digital signature within a customer computer, a Mobile electronic transaction proxy within the customer PC notifies a web browser of the request for the digital signature and assists in obtaining a digital signature on a data string included within the request. After the digital signature is obtained, the data string along with an appended digital signature is transmitted back to a requesting party.05-24-2012
20120131345SECURE SOFTWARE LICENSING AND PROVISIONING USING HARDWARE BASED SECURITY ENGINE - Provisioning a license and an application program from a first server to a computing platform over a network. The host application derives a symmetric key at least in part from a user password, and sends the license to a license management firmware component of a security engine, in a message signed by the symmetric key. The license management firmware component derives the symmetric key at least in part from the user password stored in a secure storage of the security engine, verifies the signature on the message using the symmetric key, verifies the first server's signature on the license, decrypts the license using a first private key of the license management firmware component corresponding to the first public key to obtain the second key, and sends the second key to the host application, which decrypts the application program using the second key.05-24-2012
20120036366SECURE AND VERIFIABLE DATA HANDLING - The described implementations relate to secure and verifiable data handling. One implementation can receive a request to upload information, wherein the information includes a referencing element and at least one blob of referenced data. This implementation can also receive a chunk of an individual blob. The chunk can include multiple blocks. Individual blocks can be hashed. Upon receipt of an indication that all chunks have been uploaded, this implementation can create an overall hash of the information from the block hashes rather than from the information.02-09-2012
20100082991TRUSTED KEY MANAGEMENT FOR VIRTUALIZED PLATFORMS - To provide a secure service to an application virtual machine running in a first domain of a virtualized computing platform, a second domain is arranged to run a corresponding service driver exclusively for the application virtual machine. As part of the secure service, the service driver effects a key-based cryptographic operation; to do so, the service driver has to obtain the appropriate key from a key manager. The key manager is arranged to store the key and to release it to the service driver only upon receiving evidence of its identity and being satisfied of compliance with release policies associated with the key. These policies include receipt of valid integrity metrics, signed by trusted-device functionality of the virtualized computing platform, for the service driver and the code on which it depends.04-01-2010
20090282255Bundle Verification - Systems, devices, and methods for modifying a signed bundle and verifying the modified bundle are disclosed. A signed bundle may be modified by removing a file specified in a server file list from a plurality of files in the bundle. The signed bundle comprises a catalog of files in the signed bundle and their associated hashes. The modified bundle includes the remaining files of the signed bundle that are not specified in the server file list and the catalog file of the signed bundle, the catalog signature of the signed bundle. The modified bundle may be verified by verifying the catalog signature of the modified signed bundle, and checking that the files specified in the catalog are either in the modified signed bundle or specified in the server file list. The hashes of the files in the modified signed bundle may also be checked to verify the modified signed bundle.11-12-2009
20090276631Certificate revocation system - A method of managing certificates in a communication system having a certifying authority and a directory. Preferably, the method begins by having the certifying authority generate certificates by digitally signing a given piece of data. At a later point time, the certifying authority may produce a string that proves whether a particular certificate is currently valid without also proving the validity of at least some other certificates. The technique obviates use of certification revocation lists communicated between the certifying authority and the directory.11-05-2009
20090327732Long-term secure digital signatures - The present invention relates to digitally signing of electronic documents which are to be kept secure for a very long time, thereby taking into account future cryptographic developments which could render current cryptographic key-lengths insufficient. In accordance with the invention a double signature is issued for each document. A first digital signature (DTS) ensures the long time security, whilst a second digital signature (DUS) ensures the involvement of an individual user. Thereby, the second digital signature is less computationally intensive in its generation than the first digital signature.12-31-2009
20110066860Virtual World Embedded Security Watermarking - A method, apparatus, and program product are provided for using watermarks to embed security features on avatars in a virtual world. A watermark engine receives security information for an avatar in a virtual world. The watermark engine creates a watermark for the avatar using the security information and associates the watermark with the avatar. The watermark may comprise at least one of: security preferences for the avatar, contact information for an owner of the avatar, and graphical information to cause alteration of the avatar when the avatar is recorded.03-17-2011
20110066859FLEXIBLE BROADCAST AUTHENTICATION IN RESOURCE-CONSTRAINED SYSTEMS: PROVIDING A TRADEOFF BETWEEN COMMUNICATION AND COMPUTATIONAL OVERHEADS - A method for authenticating a message that is transmitted wirelessly. The method includes providing a set of private key values that define a private key and performing a key pair generation process that provides a key pair including the private key and a public key, where performing the key pair generation process includes applying one or more hash functions to the private key values, where a succeeding hash function provides a hash of a previous hash function. The scheme uses a signature generation process that generates a message digest by applying a hash function on the message to be signed and then separates the message digest into two parts including signing bits and selection bits and using the private key to sign the message. A receiver verifies the authenticity of the received message using the public key and a signature verification algorithm.03-17-2011
20090204818METHOD AND APPARATUS FOR GENERATING AND VERIFYING ELECTRONIC SIGNATURE OF SOFTWARE DATA, AND COMPUTER READABLE RECORDING MEDIUM THEREOF - Provided are methods of generating and verifying an electronic signature of software data, wherein software data is split into a plurality of blocks, electronic signatures corresponding to each of the blocks are generated, and some of the electronic signatures are randomly selected for verification. Accordingly, a time required for verifying an electronic signature can be reduced while maintaining the advantages of an electronic signature system.08-13-2009
20090254752WATERMARKING COMPUTER PROGRAM CODE - A method of embedding information in a computer program code, including a plurality of program statements. The method comprises: inserting a conditional program statement in the computer program code, the conditional program statement including a condition and a plurality of alternative program statements, the conditional program statement being adapted to cause a data processing system to evaluate said condition and, responsive to a result of said evaluating step, to selectively execute one of said plurality of alternative program statements; wherein said condition is indicative of at least a part of said information; and wherein the plurality of alternative program statements are adapted to cause the computer program code to produce the same program output irrespective of which of said alternative program statements is executed.10-08-2009
20090319797METHOD AND COMPUTER SYSTEM FOR ENSURING AUTHENTICITY OF AN ELECTRONIC TRANSACTION - At least one embodiment of the present invention relates to a method for ensuring authenticity of an electronic transaction performed during a transaction session. The method includes receiving, over a first network, a request from a user for the completion of an electronic transaction; receiving, over the first network, an authentication code from the user which has been provided to the user over a second network separated from the first network, thereby authenticating the user, completing the electronic transaction; and storing information associated with the electronic transaction and the transaction session. The method further includes generating a one-way hash value based on information comprised in the electronic transaction and information associated with the transaction session, and providing the one-way hash value to the user, wherein the one-way hash value is usable for ensuring the authenticity of the electronic transaction. The procedure enables authentication, integrity, non-repudiation, and time stamping in a cost efficient way. An enhanced security level can be achieved as the network used for providing the authentication code to the user is separate from the network where the user returns the authentication code. At least one embodiment of the present invention also relates to a corresponding computer system adapted for ensuring the authenticity of an electronic transaction.12-24-2009
20090150676METHOD AND SYSTEM FOR ROBUST WATERMARK INSERTION AND EXTRACTION FOR DIGITAL SET-TOP BOXES - Methods and systems for robust watermark insertion and extraction for digital set-top boxes are disclosed and may include descrambling, detecting watermarking messages in a received video signal utilizing a watermark message parser, and immediately watermarking the descrambled video signal utilizing an embedded CPU. The embedded CPU may utilize code that may be signed by an authorized key, encrypted externally to the chip, decrypted, and stored in memory in a region off-limits to other processors. The video signal may be watermarked in a decompressed domain. The enabling of the watermarking may be verified utilizing a watchdog timer. The descriptors corresponding to the watermarking may be stored in memory that may be inaccessible by the main CPU. The watermark may comprise unique identifier data specific to the chip and a time stamp, and may be encrypted utilizing an on-chip combinatorial function.06-11-2009
20090138718Method of generating a signature with "tight" security proof, associated verification method and signature scheme based on the diffie-hellman model - The invention relates to a method of electronically signing a message m, characterized in that it uses: p a prime integer, q a prime integer divider of (p−1), g, an element of order q of the set Z05-28-2009
20090319796Gaming machine certificate creation and management - Methods and systems for creating and managing certificates for gaming machines in a gaming network using a portable memory device are described. A gaming machine creates a certificate signing request which is stored on a portable memory device at the machine by an operator. The memory device is handed over to a certificate authority (CA) security officer at the casino and is coupled with an appropriate CA server. A certificate batch utility program on the server downloads and processes the CSRs. A certificate services program on the server issues gaming machine certificates according to the CSRs. In one embodiment, the certificates are uploaded onto the memory device, along with copies of certificate authority server certificates, including a root CA certificate. The CA security officer hands the memory device to the casino floor operator. At the machine, the operator inserts or couples the device and software on the machine identifies and downloads its certificate based on the certificate file name. The machine also downloads copies of the CA server certificates which it may use in a certificate chain validation procedure. In another embodiment, the certificates are placed in a shared file on the CA server and retrieved by the gaming machines over a gaming network.12-24-2009
20090319795DIGITALLY SIGNING DOCUMENTS USING IDENTITY CONTEXT INFORMATION - Creating a token for use by an entity when digitally signing documents. In a computing environment, a digital identity representation for an entity is accessed. The digital identity representation includes information identifying identity attributes about the entity and capabilities of an identity provider that provides tokens for use by the entity. Context information is accessed. The context information includes information about one or more of which, how or where the attributes for the entity identified in the digital identity representation will be used. A security token is created from the information in the digital identity representation and the context information. The security token makes assertions by the identity provider. The assertions are based on the information in the digital identity representation. The token further includes information related to at least a portion of the context information.12-24-2009
20090319794SEMANTIC DIGITAL SIGNATURES - A method is provided for adding intended meaning to digital signatures. A message, being base content, is received to be signed. Assertions, ontologies, and description of a reasoner are adjoined to the message. Ontologies are a formal specification of vocabulary and rules used to state the assertions. The reasoner validates the assertions against the corresponding ontologies. A compound message is formed including the message, the assertions, the ontologies, and the reasoner. The compound message is signed using a cryptographic digital signature, where the assertions indicate an intended meaning of the digital signature. During verification of semantic signatures, a digital signature is received for a compound message, where the compound message includes assertions, ontologies, and reasoner. The digital signature is verified, and the compound message structure is checked for semantic signature conformance. In response to proper verification, the reasoner is utilized to verify a conformance of the assertions to the ontologies.12-24-2009
20100223471Cookie Verification Methods And Apparatus For Use In Providing Application Services To Communication Devices - In one illustrative example, a method in a communication device adapted for communications using Hypertext Transport Protocol (HTTP) involves setting, at the communication device, an HTTP cookie which includes a user identification of a user of the communication device and a message portion which is signed with a digital signature of the user. The communication device sends, to an application server site via the communication network, a request message which includes the HTTP cookie. If verification of the digital signature at the application server site is successful, the communication device will receive access to an application service of the application server site. In one variation, the HTTP cookie is alternatively set with a group identification of a group with which the user is associated, and the message portion is signed with a digital signature of the group. The group may be a plurality of users associated with a service provider which provides the communication device access to a communication service in the communication network. In this case, the HTTP cookie may be set with a token retrieved from the service provider, where the token includes the digital signature of the service provider.09-02-2010
20120198237DOCUMENT MANAGEMENT SYSTEM AND METHOD - A document management system includes a number generator and/or a secure controller, and a document. The document includes a map-file for each participant in a workflow of the document. Corresponding, randomly generated nonces and/or complementary workflow assurance tokens are distributed within the respective map-files of neighboring participants by the number generator or the secure controller. The system includes a private key that recovers the respective corresponding, randomly generated nonce of a receiving one of the neighboring participants and/or the respective complementary workflow assurance token of the receiving one of the neighboring participants. A communication mechanism enables transmission of the recovered corresponding, randomly generated nonce of the receiving one of the neighboring participants or a signature generated by the receiving one of the neighboring participants to a sending one of the neighboring participants for verification.08-02-2012
20080307228WEDI: AN ENCRYPTION-BASED METHOD AND SYSTEM FOR THE IDENTIFICATION AND PROTECTION OF PRINTED DOCUMENTS OR THOSE BEING TRANSMITTED BY ELECTRONIC MEANS - WEDI it is both a method and a system that uses symmetric and asymmetric encryption algorithms which makes feasible the identification of printed documents or those being transmitted by electronic means, and allows to hold responsible any person who discloses the information they contain in an illegal way or without authorization. WEDI is the acronym for “Watermark Encryption Document Identification”. It is both a method and a system that makes feasible the identification of printed documents and the information they carry upon being distributed by electronic means through the generation and printing of a cryptographic key in a watermark format, which is generated by the use of symmetric and asymmetric encryption algorithms and Hashing's function based on various data related to documents, devices, and persons involved in the process. This makes possible the identification of the aforesaid documents concerning their origin, recipient, date and time of generation and dispatch, user's responsibility, and other information pertaining such documents through the analysis of just a portion of them that contains fragments of the cryptographic key in the form of a printed watermark, which is the ultimate goal of the invention now being presented.12-11-2008
20090106556Method of providing assured transactions using secure transaction appliance and watermark verification - Disclosed is a method of improving electronic security by establishing a path between a user and a secure transaction appliance. The secure transaction appliance receiving information destined for the user which includes a tagged portion, said tagged portion triggering the secure transaction appliance to forward the information to the computer from which the request was issued, and to seeking an electronic signature to verify the content or transaction by transmitting a watermark, tagged portion of the content, or similar electronic content. The secure trusted path providing the user with the tagged portion incorporating additional elements such as a watermark, or in some embodiments only the additional elements, upon a personalized security device associated with the user making interception or manipulation more complex and difficult.04-23-2009
20120144202SECURE AUTHENTICATION FOR CLIENT APPLICATION ACCESS TO PROTECTED RESOURCES - An authorization server receives a request for an access token, for accessing a protected resource, from a client application executing on a device, wherein the request includes a client identifier that uniquely identifies the client application and a device identifier that uniquely identifies the device. The authorization server performs authentication of the client identifier and the device identifier. The authorization server returns a valid access token to the client application, based on the authentication of the client identifier and the device identifier, to enable the client application access to the protected resource.06-07-2012
20090049303METHOD AND SYSTEM FOR DATA DELIVERY AND REPRODUCTION - Methods and apparatus for processing title data watermarked with a code. At least a portion of the title data may be watermarked at a plurality of locations within the title data with customer information data, so that the title data provided to a customer includes the watermark information. To obtain the code from the watermarked title data, watermarking information associated with the watermarked title data is first received. The watermarking information identifies a plurality of locations and a number to frequency modulation relationship at each of the locations. A different modulation scheme may be used at each location. The watermarked title data is demodulated at each of the plurality of placement locations based on the number to frequency modulation relationship. The code is then generated from the demodulated watermarked title data. A verification indication is output based in part on the generated code.02-19-2009
20090106555System and Method For Control Of Security Configurations - Systems and methods are disclosed for using cryptographic techniques to configure data processing systems. A configuration manager cryptographically controls the configuration of a system by ensuring that only authorized users or applications can change the configuration. For example, requests to change configuration information may include authenticated and/or encrypted data. These cryptographic techniques are employed to enable and/or disable functions, features and capabilities of a system. For example, a system may be reconfigured to provide strong or weak encryption based on parameters in the configuration information.04-23-2009
20090044020Method and System for Modular Authentication and Session Management - Modular authentication and session management involves the use of discrete modules to perform specific tasks in a networked computing environment. There may be a separate authentication server that verifies the identity of the user and an authorization client that grants various levels of access to users. There may also be an authentication client that receives an initial request from a requesting application and forwards the request to the authentication server to verify the identity of the use. The authorization client may then be invoked to provide the necessary level of access. The use of discrete modules allows multiple business applications to use the same modules to perform user authentication tasks, thus alleviating the unnecessary multiplication of code.02-12-2009
20090037739METHOD FOR IDENTIFYING A COUNTERFEIT SECURITY DOCUMENT - A method of determining a counterfeit security document which includes a number of coded data portions indicative of an identity of the security document; and at least part of a digital signature of at least part of the identity. The method includes using a sensing device to sense at least one coded data portion and generate indicating data. The indicating data is used by a processor to obtain a determined identity and at least one determined signature part, which are then used to determine if the security document is a counterfeit document.02-05-2009
20090070588RENEWABLE WATERMARK FOR THEATRICAL CONTENT - The present invention relates to a method for a content provider of renewing the watermarking of theatrical content and for updating consumer devices to detect said renewed watermark, wherein a watermark is embedded in said theatrical content using at least a first watermark noise pattern. Renewing is performed by said content provider distributing at least a second watermark noise pattern, which is used for embedding and detecting said watermark in said theatrical content, to said consumer devices using a broadcast encryption technology. The invention further relates to a content provider system adapted to be used for renewing the watermarking of theatrical content and for updating consumer devices to detect said renewed watermark.03-12-2009
20100318805PROTECTION AGAINST UNINTENTIONAL FILE CHANGING - Files are protected against intrusion. A first embodiment protects certain files against changes. A second embodiment encrypts the files that are stored using user's personal information.12-16-2010
20100318806MULTI-FACTOR AUTHENTICATION WITH RECOVERY MECHANISMS - A single sign on facility provides redundancy and recovery functions through the use of a plurality of identifiers. Users prove identity to relying parties by demonstrating control over each of the plurality of identifiers. A user can employ a subset of the identifiers recognized by an RP to change an identifier that has been lost or which the user has lost control over.12-16-2010
20130138963STATE-MAINTAINED MULTI-PARTY SIGNATURES - A hash module of a mail sender creates a hash data context structure. The hash module processes the headers and the body of an e-mail message in the order required, for example by the DKIM specification, until the data to be hashed has been input. The hash module converts the context structure into printable characters and the encoded structure is transmitted over the Internet or other network to the next participating system. The token authority's hash module decodes the context back into binary form. After ensuring business logic is satisfied, it generates additional headers required for signature, which are then added to the developing hash. The hash module finalizes the hash function and creates the hash value. The authorization module creates the signature and returns it to the e-mail module, which attaches the signature to the message and transmits it to the destination mailbox provider, which verifies the token.05-30-2013
20130138964VERIFICATION OF AUTHENTICITY AND RESPONSIVENESS OF BIOMETRIC EVIDENCE AND/OR OTHER EVIDENCE - Authenticity and responsiveness of evidence (e.g., biometric evidence) may be validated without regard for whether there is direct control over a sensor that acquired the evidence. In some implementations, only a data block containing evidence that is (1) appended with a server-generated challenge (e.g., a nonce) and (2) signed or encrypted by the sensor may validate that the evidence is responsive to a current request and belongs to a current session. In some implementations, trust may be established and/or enhanced due to one or more security features (e.g., anti-spoofing, anti-tampering, and/or other security features) being collocated with the sensor at the actual sampling site.05-30-2013
20100325439METHOD AND SYSTEM FOR THE SUPPLY OF DATA, TRANSACTIONS AND ELECTRONIC VOTING - A method and system for supply of data, including generating a first digital certificate referred (empowerment certificate) signed with a first signing entity's electronic signature. The empowerment certificate includes attributes of the described entity, information identifying the first signing entity, indication of data relating to the described entity, indication of a source of the data, and identification of a relying entity to which the data can be supplied. The relying entity forwards the empowerment certificate to a source supplying the data indicated in the empowerment certificate. The data may be supplied to the relying entity by a second digital certificate (custom certificate), signed with a second signing entity's electronic signature. Custom certificates may appear in custom certificate revocation lists. A system and method for transfer of ownership of electronic property from a first entity to a second entity, and a method and system for electronic voting are also provided.12-23-2010
20130145166SYSTEM AND METHOD FOR DATA AUTHENTICATION AMONG PROCESSORS - The invention discloses system and method for data authentication among processors. The method comprises: generating a first key, by a first processor, according to a first identification data and a first algorithm; generating a first digest, by the first processor, according to data to be transmitted, the first identification data and a second algorithm; generating a digital signature, by the first processor, according to the first key, the first digest and a third algorithm; and transmitting the data and the digital signature from the first processor to a second processor.06-06-2013
20130145167Optimized Integrity Verification Procedures - Some embodiments of the invention provide a method of verifying the integrity of digital content. At a source of the digital content, the method generates a signature for the digital content by applying a hashing function to a particular portion of the digital content, where the particular portion is less than the entire digital content. The method supplies the signature and the digital content to a device. At the device, the method applies the hashing function to the particular portion of the digital content in order to verify the supplied signature, and thereby verifies the integrity of the supplied digital content.06-06-2013
20090138721Small Memory Footprint Fast Elliptic Encryption - A method of generating a digital signature includes generating a first random number from a finite field of numbers, and generating field elements defining a first point on an elliptic curve defined over the finite field of numbers by performing elliptic curve arithmetic on the first random number and an initial public point on the elliptic curve. The method continues by generating a product from a field element, a private key, and a second random number received from a challenger seeking verification of a digital signature, and generating a signature component by summing the product and the first random number. The signature component is reduced using one or more modular reduction operations, using a modulus equal to an order of the elliptic curve, and then the reduced signature component and the field elements are sent to the challenger as a digital signature for verification by the challenger.05-28-2009
20100332840Systems and Methods for Electronic Postmarking of Data Including Location Data - Systems and methods for electronic postmarking of location data are provided. Electronic postmarking of location data (S.12-30-2010
20110010555Method and system for digital watermarking - A method for applying a digital watermark to a content signal is disclosed. In accordance with such a method, a watermarking key is identified. The watermarking key includes a binary sequence and information describing application of that binary sequence to the content signal. The digital watermark is then encoded within the content signal at one or more locations determined by the watermarking key.01-13-2011
20110246780VALIDATION METHOD AND SYSTEM FOR USE IN SECURING NOMADIC ELECTRONIC TRANSACTIONS - A method involving a communication device, which comprises sending a request to a communication device; receiving a response from the communication device over a local communication path; deriving a received data set from said response; determining at least one data set that had been previously transmitted to the communication device over a wireless portion of a second communication path different from the local communication path; and validating the response based on the received data set and the at least one previously transmitted data set.10-06-2011
20110010556System and Method of Secure Authentication Information Distribution - A system and method of distributing authentication information for remotely accessing a computer resource. A request for authentication information, including identity information, is received from a user of a remote device. When the user is authenticated based on the identity information, requested authentication information is retrieved and returned to the remote device. The authentication information, or information generated from the authentication information, is then used for remotely accessing the computer resource.01-13-2011
20110029779INFORMATION PROCESSING APPARATUS, PROGRAM, STORAGE MEDIUM AND INFORMATION PROCESSING SYSTEM - Provided is an information processing apparatus including a reception unit that receives a request for access to an IC chip from an application having access right information for accessing to the IC chip, an acquisition unit that acquires an authentication information for authenticating the application from an external server based on the access right information contained the request for access received by the reception unit, an authentication unit that authenticates the application based on the authentication information obtained by the acquisition unit, and a control unit that controls an access of the application to the IC chip based on an authentication result by the authentication unit.02-03-2011
20110113254MULTIPAD ENCRYPTION - A method for protecting a message or document. The method comprises encrypting the message using a first key associated with a first party; sending the encrypted message to a second party; encrypting the message using a second key associated with the second party, so that it is encrypted with two keys simultaneously; sending the encrypted message to the first party; decrypting the message using the first key; sending the message to the second party, the message being encrypted with the second key, and using the second key to decrypt the encrypted message, thereby exposing the original message.05-12-2011
20110113253ENHANCED DIGITAL SIGNATURES ALGORITHM METHOD AND SYSTEM UTILIZING A SECRET GENERATOR - The present invention is a digital signatures scheme method and system that permits the generation of a digital signature in a manner whereby the generator is kept secret. The inclusion of a secret generator in the digital signatures scheme may reduce the potential for an attack upon the scheme to be successful. The present invention may incorporate a signing procedure and a verification procedure. The signing procedure may facilitate the determination of a group, and the identification of the generator from the group. The signing procedure may also keep the generator secret and may generate a digital signature of a message. The generator may be kept secret by one or more conditions, and one or more public keys may be utilized by the digital signatures scheme. The verification procedure may be a verification procedure operable to obtain the message and the digital signature and to verify the digital signature. Embodiments of the present invention may achieve processing of the signing procedure and/or verification procedure at a fast rate of speed, which may further diminish the chance of a successful attack upon the digital signatures scheme. Embodiments of the present invention may further generate variations of digital signatures.05-12-2011
20110040974Authentication of email servers and personal computers - An originating email server is authenticated by a destination email server using a public key provided by the originating email server, thereby making it possible to detect an email with a forged origination address with no action required by a domain owner. A personal computer is authenticated using a reputation report associated with a unique number corresponding to the personal computer, enabling, in one embodiment, spam detection, and, in another embodiment, a decision that a valid user is requesting service registration at a website.02-17-2011
20110040975SYSTEM AND METHOD FOR CONTROLLED COPYING AND MOVING OF CONTENT BETWEEN DEVICES AND DOMAINS BASED ON CONDITIONAL ENCRYPTION OF CONTENT KEY DEPENDING ON USAGE STATE - A system and method is disclosed for allowing content providers to protect against widespread copying of their content, while enabling them to give their customers more freedom in the way they use the content. In accordance with one embodiment, content providers identify their content as protected by watermarking the content. Consumers use compliant devices to access protected content. All of a user's compliant devices, or all of a family's devices, can be organized into an authorized domain. This authorized domain is used by content providers to create a logical boundary in which they can allow users increased freedom to use their content.02-17-2011
20110119493UNAUTHORIZED CONTENTS DETECTION SYSTEM - Processing load on an executing device for conducting playback is high during the playback of contents since the executing device performs verification of the contents validity in parallel with the contents playback, and therefore the executing device has to be equipped with a highly efficient processor. The present invention reduces the processing load involved in the verification by using, for the verification, only a predetermined number of encrypted units selected randomly from multiple encrypted units constituting encrypted contents recorded on the DVD. In addition, the present invention is capable of improving the accuracy of detecting unauthorized contents to some extent by randomly selecting a predetermined number of encrypted units every time the verification is performed.05-19-2011
20100146283ENTERTAINMENT DEVICE - An entertainment device comprises communication means operable to receive media data from a media data source, storage means operable to store the received media data, in which the storage means limits the duration of access to the media data which was received from the media data source.06-10-2010
20110213982ELGAMAL SIGNATURE SCHEMES - There is disclosed a method of generating a digital signature of a message m. A signature component s of the digital signature is calculated by first masking the long-term private key d using a single additive operation to combine the key d with a first value. The masked value is then multiplied by a second value to obtain component s. The first value is calculated using the message m and another component of the digital signature, and the second value is derived using the inverse of a component of the first value. In this way, the signature component s is generated using a method that counters the effectiveness of side channel attacks, such as differential side channel analysis, by avoiding a direct multiplication using long-term private key d.09-01-2011
20090089586Methods, Apparatus and Programs for Generating and Utilizing Content Signatures - The presently claimed invention generally relates to deriving and/or utilizing content signatures (e.g., so-called “fingerprints”). One claim recites a method of generating a fingerprint associated with a content item including: pseudo-randomly selecting a segment of the content item; and utilizing a processor or electronic processing circuitry, fingerprinting the selected segment of content item as at least an identifier of the content item. Of course, other claims and combination are provided as well.04-02-2009
20110213983AUTHENTICATION SYSTEM FOR A PLUG-IN ELECTRIC DRIVE VEHICLE - The invention relates to an authentication and/or energy auditing system for a plug-in electric drive vehicle. A first device connects to a first power apparatus and establishes an electrical power path between the first and a remote device. The latter is connectable to a second power apparatus. The authentication system preferably includes a powerline transceiver to receive a request containing an identifier from the remote device over the power path. Control means controls operation of the first device and responds to the request to initiate an authentication process to determine whether or not the remote device is authentic and authorised to exchange power with the first device, and to activate a control switch to electrically connect the first device to the first power apparatus only upon an authentic and authorised determination. The energy auditing system measures energy received by each device in a specified time interval and electrically disconnects the first device from the first power apparatus when a power loss between the respective devices is detected.09-01-2011
20090172404Method and Apparatus for Hybrid Watermarking - A hybrid watermark insertion method includes the steps of dividing the digital image into a low frequency region and a high frequency region using an edge map of the digital image; inserting a watermark into the low frequency region of the image by employing a watermarking method using a human visual system (HVS); and inserting the watermark into the high frequency region of the image by employing a quantization index modulation (QIM) method. A hybrid watermark extraction method includes the steps of estimating a reference value used when inserting a watermark, and searching a maximum value of correlation coefficients in an image of the watermark image while changing the estimated reference value within a designated range, to thereby find out the watermark insertion method. Accordingly, the watermark insertion method can be easily identified, thereby enabling the watermark extraction in a more readily manner.07-02-2009
20100131770COMPUTER-IMPLEMENTED METHOD AND SYSTEM FOR EMBEDDING AND AUTHENTICATING ANCILLARY INFORMATION IN DIGITALLY SIGNED CONTENT - A computer-implemented system and method for embedding and authenticating ancillary information in digitally signed content are disclosed. The method and system include loading digital content containing a digitally signed executable into memory for execution, while checking for the integrity of a digital signature and the contents of the executable; and erasing any non-authenticated regions of the digital content by zeroing out or value-filling memory locations corresponding to the non-authenticated regions.05-27-2010
20100131769DELIVERY CONFIRMATION SYSTEM, PORTABLE TERMINAL, AND COMPUTER PROGRAM PRODUCT - A portable terminal, which is connected to a server, includes: a communication section to send and receive data to and from the server; a time obtaining section to obtain current time; a location obtaining section to obtain a current location of the portable terminal; an input section to input receipt confirmation information indicating that a recipient of a shipment has received the shipment; and a control section to cause a digital signature to be attached to electronic form data, and to cause the communication section to send the electronic form data with the digital signature to the server. The electronic form data includes the receipt confirmation information input through the input section when the shipment is received; the current time obtained by the time obtaining section when the shipment is received; and the current location obtained by the location obtaining section when the shipment is received.05-27-2010
20100131767Methods for Audio Watermarking and Decoding - The presently claimed invention relates generally to encoding and decoding audio signals to include auxiliary information. One example encoding technique includes steganography. One method recites: using a microphone, obtaining an audio signal carried by sound waves; utilizing an analog-to-digital converter to convert the audio signal into a digital audio signal; utilizing a programmed electronic processor, extracting auxiliary data from a series of segments of the digital audio signal, the segments conveying the same auxiliary data, yet the segments represent the auxiliary data differently as code signals carrying the same auxiliary data change over the blocks, the auxiliary data being steganographically hidden in the digital audio signal; and utilizing a programmed electronic processor, utilizing the auxiliary data from the series of segments to increase confidence of accurate extraction of the auxiliary data, the auxiliary data being separately decoded from the segments and combined to increase the confidence of extraction of the auxiliary data. Of course, other combination and claims are provided as well.05-27-2010
20110087886SYSTEM AND METHOD FOR OPEN DISTRIBUTION OF DIGITAL MEDIA - Various embodiments of the present invention provide a system and method for open digital media distribution. According to one embodiment, a system is provided which performs the operations of: creating a profile (e.g., artist or label profile) based on an input from a first party; receiving a digital media upload from the first party, wherein the digital media upload contains media content and the first party has a property interest in the media content; receiving from the first party an assignment of a payment account to the digital media upload, such that money from sales relating to the digital media upload is deposited into the payment account; receiving from the first party a sales parameters associated with the digital media upload; presenting through a computing device the digital media upload for sale to a second party; and selling the digital media upload to the second party through a computing device.04-14-2011
20110093714SYSTEMS AND METHODS FOR ASYMMETRIC CRYPTOGRAPHIC ACCESSORY AUTHENTICATION - Embodiments relate to systems, methods and devices for asymmetric cryptographic authentication. In an embodiment, a system includes an accessory comprising an authentication chip, the authentication chip comprising a public authentication key, a private authentication key and data signed by a private verification key; and a device comprising a public verification key forming a verification key pair with the private verification key, the device configured to read the data and public authentication key from the authentication chip, verify the data and the public authentication key using the public verification key, and authenticate the accessory for use with the device using the public authentication key if verified.04-21-2011
20090031136HASH-BASED SYSTEMS AND METHODS FOR DETECTING AND PREVENTING TRANSMISSION OF UNWANTED E-MAIL01-29-2009
20090031133METHOD AND SYSTEM FOR SCREENING AND AUTHORIZING CONTENT - Apparatus and method are disclosed for preventing the use of disapproved received electronic content on a Mobile Station. The apparatus and method may include modules for extracting and comparing fingerprints of the received content on the Mobile Station to fingerprints of disapproved content, and for the activation of an authorization process based on the results of the comparison, as well as on the decisions of the user whether to purchase authorization when it is required. A cryptography-based check-in procedure is introduced to assure that all content has passed the verification phase.01-29-2009
20090031132Apparatus And Method For Incorporating Signature Into Electronic Documents - There is presented a method and apparatus for incorporating digital signature to within a document for paper-less office. The method comprises generating the document to be signed on a computer and transferring it and displaying it on a device for incorporating digital signature wherein the device comprises a screen, signature means such as electronic pen or fingerprint capturing device, and et least one smart card reader. Then, the document is being digitally signed. The digitally signed document is being encrypted and transferred to the computer so as to prevent restoration of the digital signature. From the customer side, the procedure is based on “what you see is what you sign”.01-29-2009
20100185867DIGITAL SIGNATURE METHOD, PROGRAM, AND APPARATUS - A method for generating a digital signature with respect to an electronic document, the method including: inputting a target electronic document and a corresponding digital signature σ; dividing the target electronic document into a plurality of partial documents mi; and when a revision of the partial documents is to be performed, in a case where deletion of the one partial document is to be performed, when sanitization is not prohibited, exponentiating the digital signature σ twice with a hash value Gi, when sanitization is prohibited, exponentiating σ with the Gi; in a case where sanitization is to be performed, replacing a partial document by Gi; in a case where deletion is to be prohibited, exponentiating σ with a hash value Hi; in a case where the sanitization is to be prohibited, exponentiating σ with Gi; and updating σ.07-22-2010
20100185865GENERATION OF COMMUNICATION DEVICE SIGNATURES FOR USE IN SECURING NOMADIC ELECTRONIC TRANSACTIONS - A method for execution in a communication device, which comprises accessing an identifier stored in a memory; receiving a first data set and a second data set over a first communication path; generating a first signature from the identifier and the first data set; generating a second signature from the identifier and the second data set; responding to a first request by releasing a first response including the first signature over a local communication path different from the first communication path; and responding to a subsequent request by releasing a second response including the second signature over the local communication path.07-22-2010
20090327734MATCHING A WATERMARK TO A HOST SAMPLING RATE - The invention deals with matching of a watermark to a host sampling rate of a multimedia signal. A watermark sampled at a first sampling rate is matched to multimedia host signal sampled at a second sampling rate, in a process where the watermark sampled at the first sampling rate is received, a scaling factor between the first sampling rate and the second sampling rate is determined, and re-scale widths of the watermark symbols are set. A modified watermark is generated wherein the watermark symbols of the modified watermark being of re-scale widths, so as to substantially match the modified watermark sequences to the second sampling rate.12-31-2009
20090327733Data Security Method and System - A method of verifying integrity of a digital file includes receiving the digital file subsequent to exposure to a foreign environment and validating the digital file. The received digital file has an appended signature label that includes one or both of a first hash value and a digital signature. Validating the digital file includes hashing the digital file to obtain a second hash value, retrieving the first hash value from the signature label, and comparing the first hash value and second hash value.12-31-2009
20100070770SYSTEMS AND METHODS, APPARATUS, AND COMPUTER READABLE MEDIA FOR INTERCEPTING AND MODIFYING HMAC SIGNED MESSAGES - Systems, methods, apparatus and computer-executable instructions stored on computer-readable media for communicating a modified hash message authentication code (HMAC) signed message between two endpoints are provided. The HMAC signature of the message may include a plurality of components. In some cases, the HMAC signature is a Server Message Block (SMB) signature. The first and/or second endpoint may be a client, server, or host. Some embodiments of the present application utilize a proxy, such as a CIFS proxy. In one embodiment, HMAC signature information sent from the first endpoint to the second endpoint may be intercepted. A value for a component of the HMAC signature may be determined by, for example, using the intercepted HMAC signature information. The intercepted message may be modified, resigned using the intercepted HMAC signature information, and transmitted to a receiving endpoint.03-18-2010
20090037740Optimization methods for the insertion, protection, and detection of digital watermarks in digital data - Disclosed herein are methods and systems for encoding digital watermarks into content signals. Also disclosed are systems and methods for detecting and/or verifying digital watermarks in content signals. According to one embodiment, a system for encoding of digital watermark information includes: a window identifier for identifying a sample window in the signal; an interval calculator for determining a quantization interval of the sample window; and a sampler for normalizing the sample window to provide normalized samples. According to another embodiment, a system for pre-analyzing a digital signal for encoding at least one digital watermark using a digital filter is disclosed. According to another embodiment, a method for pre-analyzing a digital signal for encoding digital watermarks comprises: (1) providing a digital signal; (2) providing a digital filter to be applied to the digital signal; and (3) identifying an area of the digital signal that will be affected by the digital filter based on at least one measurable difference between the digital signal and a counterpart of the digital signal selected from the group consisting of the digital signal as transmitted, the digital signal as stored in a medium, and the digital signal as played backed. According to another embodiment, a method for encoding a watermark in a content signal includes the steps of (1) splitting a watermark bit stream; and (2) encoding at least half of the watermark bit stream in the content signal using inverted instances of the watermark bit stream. Other methods and systems for encoding/decoding digital watermarks are also disclosed.02-05-2009
20100064140Optimization methods for the insertion, protection, and detection of digital watermarks in digital data - Disclosed herein are methods and systems for encoding digital watermarks into content signals. Also disclosed are systems and methods for detecting and/or verifying digital watermarks in content signals. According to one embodiment, a system for encoding of digital watermark information includes: a window identifier for identifying a sample window in the signal; an interval calculator for determining a quantization interval of the sample window; and a sampler for normalizing the sample window to provide normalized samples. According to another embodiment, a system for pre-analyzing a digital signal for encoding at least one digital watermark using a digital filter is disclosed. According to another embodiment, a method for pre-analyzing a digital signal for encoding digital watermarks comprises: (1) providing a digital signal; (2) providing a digital filter to be applied to the digital signal; and (3) identifying an area of the digital signal that will be affected by the digital filter based on at least one measurable difference between the digital signal and a counterpart of the digital signal selected from the group consisting of the digital signal as transmitted, the digital signal as stored in a medium, and the digital signal as played backed. According to another embodiment, a method for encoding a watermark in a content signal includes the steps of (1) splitting a watermark bit stream; and (2) encoding at least half of the watermark bit stream in the content signal using inverted instances of the watermark bit stream. Other methods and systems for encoding/decoding digital watermarks are also disclosed.03-11-2010
20100037059SYSTEM AND METHOD FOR FORENSIC ANALYSIS OF MEDIA WORKS - A method and system for identifying a source of a copied work that in one embodiment includes obtaining at least some portions of a reference work, collecting at least some portions of the suspect work, matching the suspect work with the reference work, wherein the matching includes temporally aligning one or more frames of the reference work and the suspect work, spatially aligning frames of the reference work and the suspect work, and detecting forensic marks in the suspect work by spatiotemporal matching with the reference work.02-11-2010
20100037060FILE SYSTEM AUTHENTICATION - The present invention relates to file system authentication and, in particular, authentication of users for accessing files stored on a serverless distributed or peer-to-peer file system. Its objective is to preserve the anonymity of the users and to provide secure and private storage of data for users on a serverless distributed file system. It provides a method of authenticating access to a distributed file system comprising the steps of; receiving a user identifier; retrieving an encrypted validation record identified by the user identifier; decrypting the encrypted validation record so as to provide decrypted information; and authenticating access to data in the distributed file system using the decrypted information.02-11-2010
20090217051Method for distribution of multimedia tracks through computer networks - A method for distributing multimedia files through a computer network comprises the steps of selecting a multimedia track from an archive, encoded in a digital file according to a conventional encoding which comprises a header and a division into frames; converting a plurality of the conventionally encoded frames into encrypted frames; applying a digital signature in the header; generating an audio file which comprises a signed header, a plurality of frames with conventional encoding and a plurality of encrypted frames.08-27-2009
20090217050SYSTEMS AND METHODS FOR OPTIMIZING SIGNATURE VERIFICATION TIME FOR A CRYPTOGRAPHIC CACHE - Embodiments provide systems and methods to optimize signature verification time for a cryptographic cache. Time is reduced by eliminating at least some of the duplicative application of cryptographic primitives. In some embodiments, systems and methods for signature verification comprise obtaining a signature which was previously generated using an asymmetrical cryptographic scheme, and determining whether an identical signature has previously been stored in a signature cache. If an identical signature has been previously stored in the signature cache, retrieving previously generated results corresponding to the previously stored identical signature, the results a consequence of application of cryptographic primitives of the asymmetrical cryptographic scheme corresponding to the identical signature. The results are forwarded to a signature verifier. In at least some embodiments, at least one of these functions occurs in a secure execution environment.08-27-2009
20090217049METHOD FOR LINKING A DIGITAL CONTENT TO A PERSON - A process is proposed for linking digital content specific to the person. This is marked by the following steps: generation of a on-to-one key, generation of a first data record that contains the key and data space identifying the person, implementation of the key in the digital content.08-27-2009
20120246482BUNDLE VERIFICATION - Systems, devices, and methods for modifying a signed bundle and verifying the modified bundle are disclosed. A signed bundle may be modified by removing a file specified in a server file list from a plurality of files in the bundle. The signed bundle comprises a catalog of files in the signed bundle and their associated hashes. The modified bundle includes the remaining files of the signed bundle that are not specified in the server file list and the catalog file of the signed bundle, the catalog signature of the signed bundle. The modified bundle may be verified by verifying the catalog signature of the modified signed bundle, and checking that the files specified in the catalog are either in the modified signed bundle or specified in the server file list. The hashes of the files in the modified signed bundle may also be checked to verify the modified signed bundle.09-27-2012
20100070774INTEROPERABLE SYSTEMS AND METHODS FOR PEER-TO-PEER SERVICE ORCHESTRATION - Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL. In a preferred embodiment, a media services framework is provided that enables nodes to find one another, interact, exchange value, and cooperate across tiers of networks from WANs to PANs.03-18-2010
20100070773Digital contents receiving apparatus - A television set is capable of receiving both broadcast program from television station and corresponding digital file of the same contents from a server station through internet. The television set keeps information of time limit for the server station to surely provide the file. The television set automatically downloads the file when the time limit comes close or the time limit information is failed to be kept. The television set keeps URL for the moving image program enjoyed upon turning-off of the television set until the next turning-on for instantly enjoying the moving image content provided at the URL. User who turning-on the television set or changing the channel with any program not in mind to feel interest in the program on display by chance can enjoy the program from the beginning by means of downloading corresponding digital file of the same contents through internet by an automatic link.03-18-2010
20100070772NAVIGATION APPARATUS AND INFORMATION DISTRIBUTION SYSTEM - A CPU of a navigation apparatus stores public keys to which priorities are set and which are published by an information distribution center in a public key storage section. The CPU of the navigation apparatus extracts an electronic signature of distribution data which is distributed from the information distribution center and verifies the electronic signature by using only ‘valid’ public keys among the public keys in order of the priorities. The CPU of the navigation apparatus determines that the distribution data is valid information which is distributed from the information distribution center when the electronic signature passes verification.03-18-2010
20100058065EXTRACTING AUXILIARY DATA FROM A HOST SIGNAL - The invention relates to extracting and embedding auxiliary data from and to a host signal. In an embodiment, the auxiliary data relates to remotely control of an application or a device, such as an interactive toy. Auxiliary data are extracted from a host signal, by periodically (03-04-2010
20100058064LOGIN AUTHENTICATION USING A TRUSTED DEVICE - A user working on a client computer is allowed to remotely login to a server over a computer network. A first secure connection is established between the client and the server. Communications with a trusted device which is in the user's control is established via a communication channel between the trusted device and the client, where this channel is not part of the network. A second secure connection is established between the trusted device and the server through the client, where this second secure connection is tunneled within the first secure connection. The user remotely logs into the server over the second secure connection using the trusted device.03-04-2010
20100070771AUTHENTICATION OF ACCESS POINTS IN WIRELESS LOCAL AREA NETWORKS - A method is provided for authenticating an identity of an operator (03-18-2010
20110083015SYSTEM AND METHOD FOR AN ELECTRONIC SIGNATURE FOR QUICK AND EFFICIENT DATA AUTHENTICATION - System and method for generating an electronic signature to authenticate data includes generating a private and a public key using the last value in a hash chain formed from the private key as a starting point, signing a message m, using a distinct set of hash chains using a second secure hash value of the message m and a counter c, selecting a block offset using the hash value of the selected chains, the message m, and the counter c, generating the signature from the selected seals and the counter. The electronic signature validity is verified by synchronizing a verification unit with a source of a signed message, computing expected chains by hashing the signed message m and a counter c with a first hash function, computing a set of expected block offsets by hashing the signed message m, counter c, and computed chains with a second hash function.04-07-2011
20100241863DEVICE FOR REPRODUCING DIGITAL CONTENT, SECURE ELECTRONIC ENTITY, SYSTEM COMPRISING SAID ELEMENTS AND METHOD FOR REPRODUCING DIGITAL CONTENT - The invention concerns a method for reproducing digital content including the following steps: receiving (E09-23-2010
20110154045ANONYMOUS AUTHENTICATION SERVICE METHOD FOR PROVIDING LOCAL LINKABILITY - There is provided an anonymous service method of providing local linkability. The anonymous service method providing local linkability according to exemplary embodiments of the invention, an anonymous authentication operation based on a short group signature is performed, for which the concept of a local linkability is introduced to secure linkability within the same service domain. Namely, in the interior of a service provider, a virtual index having a fixed value is calculated for each service user, and in this case, although a plurality of service providers collude with each other, they cannot calculate a virtual index having the same value, whereby the linkability can be secured within the same service domain but not within the interiors of different service domains.06-23-2011
20110078451Encrypted Communication System with Restricted Rate of Stored Encryption Key Retrievals - A system for encrypted communication with external entities is configured to frustrate side channel attacks attempting to determine an encryption key. The system has a device with an encryption key stored in memory, an external entity with identity data for transmission to the device to initiate communication such that in response the device applies a one way function to the encryption key and the identity data to generate a variant key used to authenticate communications between the device and the external entity. The device is configured to limit the number of times the encryption key is retrieved from the first memory in a given period of time.03-31-2011
20110078450Method of Encrypted Communication with Limited Number of Stored Encryption Key Retrievals - A method of encrypted communication between entities in a manner that frustrates side channel attacks attempting to determine an encryption key. The method involves providing a device with an encryption key stored in memory, providing an external entity with identity data for transmission to the device, applying a one way function to the encryption key and the identity data to generate a variant key, authenticating communications between the device and the external entity with the variant key and limiting the number of times the encryption key is retrieved from the first memory to a pre-determined threshold.03-31-2011
20120303962SYSTEM AND METHOD FOR EMBEDDING A WRITTEN SIGNATURE INTO A SECURE ELECTRONIC DOCUMENT - A system and method for embedding a written signature into a secure electronic document is disclosed. The method includes forming a placeholder electronic document containing content to be attested to by a signature. A signing individual can be selected from a signer list. A signature tag can be placed into the placeholder electronic document at a selected signature location. The signature tag is associated with the signing individual and defines the signature location for the signing individual to sign. The placeholder electronic document can be secured to form a secure electronic document having content configured to be uneditable. A signature can be captured with a signature capture device configured to enable the signing individual to write the signature to be embedded into the secure electronic document at the location indicated by the signature tag to mimic a real world experience of signing paper documents.11-29-2012
20110072272LARGE-SCALE DOCUMENT AUTHENTICATION AND IDENTIFICATION SYSTEM - Computer-implemented methods, systems, and computer program products for document authentication and identification using a large-scale distributed system are provided. A method includes receiving a digitized document at a trusted system managed by a trusted third-party that is separate from a creator of content in the digitized document. The digitized document is compared to a set of markers to determine whether the digitized document includes one or more of the markers, and in response thereto, information associated with the one or more markers is extracted using a decoder on the trusted system according to encoding strategies. The method further includes generating a comparison registration identifier on the trusted system as a summary of the extracted information and the one or more markers, and comparing the comparison registration identifier with a stored registration identifier in an encoding history via the trusted system to authenticate and identify the received digitized document.03-24-2011
20110072271DOCUMENT AUTHENTICATION AND IDENTIFICATION - Computer-implemented methods, systems, and computer program products for document authentication and identification using encoding and decoding are provided. A method includes receiving a digitized document and comparing the digitized document to a set of markers to determine whether the digitized document is an encoded document with one or more characters replaced. In response to determining that the digitized document is encoded, information is extracted from the set of markers using a decoder according to an encoding strategy. The extracted information and the set of markers are compared with data stored in encoding history to authenticate and identify the received digitized document. Markers in the encoded document may be hidden in plain sight, such that the encoding is not readily apparent to a casual observer.03-24-2011
20110252241USING WATERMARKING TO REDUCE COMMUNICATION OVERHEAD - A method for reducing overhead when transmitting and receiving an Internet Protocol (IP) packet by a device begins with receiving of the IP packet by the device. In the packet, an IP address of the packet has been removed and replaced with a watermarking signature based on the IP address. The IP address is obtained using the watermarking signature. The IP address is attached to the packet and the packet is forwarded by the device to a destination over a network using the IP address.10-13-2011
20120066503Secure Data Transfer in an Automation Network - A method for secure data transfer in an automation network wherein the method comprises authenticating a user by a program invocation rights system aided by user data for approving a use of the program invocation by the user, encrypting and signing data by the program invocation, were the data contains the user data. The method also includes transferring the data by a transfer medium from the program invocation to the subassembly, decrypting the data in the subassembly, authenticating the program invocation associated with the subassembly, and authenticating the user by the subassembly rights system aided by the user data.03-15-2012
20130166916DUAL-CHANNEL ELECTRONIC SIGNATURE SYSTEM USING IMAGE CODES AND RELATED COMPUTER PROGRAM PRODUCT - A dual-channel electronic signature system is disclosed, having a signature verification server, a signature requester device, and a hand-held device. The signature requester device calculates a characteristic value related to content of a target document, encodes the characteristic value and a destination message to generate a first graph, and outputs the first graph The hand-held device captures and decodes an image of the first graph to obtain the characteristic value, performs an electronic signature operation on the characteristic value to generate a signature data, encodes the signature data to generate a second graph, and transmits the second graph to a destination network address. If the signature data contained in the second graph passes a verification procedure of the signature verification server, the signature verification server transmits a verification graph corresponding to the second graph to the signature requester device.06-27-2013
20110258455MASKED DIGITAL SIGNATURES - The present invention relates to digital signature operations using public key schemes in a secure communications system and in particular for use with processors having limited computing power such as ‘smart cards’. This invention describes a method for creating and authenticating a digital signature comprising the steps of selecting a first session parameter k and generating a first short term public key derived from the session parameter k, computing a first signature component r derived from a first mathematical function using the short term public key, selecting a second session parameter t and computing a second signature component s derived from a second mathematical function using the second session parameter t and without using an inverse operation, computing a third signature component using the first and second session parameters and sending the signature components (s, r, c) as a masked digital signature to a receiver computer system. In the receiver computer system computing a recovered second signature component s′ by combining a third signature component with the second signature component to derive signature components (s′, r) as an unmasked digital signature. Verifying these signature components as in a usual EIGamal or ECDSA type signature verification.10-20-2011
20100115282METHOD FOR WATERMARK HIDING IN DESIGNATED APPLICATIONS - A method, service, and product for hiding a watermark existing in a digital media within a software application, comprising creating a set pattern of pixels represented by coordinates which represent a red, a green, a blue, and an alpha level of color, where the set pattern of pixels covers a set of original pixels within the digital media. The method including determining whether the transparency level of color should be removed from the set pattern of pixels based on a known pixel transparency removal parameter; and modifying the set pattern of pixels to remove the transparency level of color coordinates, wherein an original pixel color can be seen because the set pattern of pixels are made transparent; or not modifying the set of pixels to remove the transparency level of color coordinates, wherein the original pixel color cannot be seen because the set of original pixels is made transparent.05-06-2010
20100281266SYSTEM FOR SECURE INTERACTION WITH SECURE DOCUMENT - A system for secure interaction with a secure document is provided. The secure document has coded tags which each encode data associated with the document identity and a location of that tag on the document. The system has memory for recording a correspondence between the document identity and information relating to the document, a receiver for receiving data from a sensing device used to interact with the document, and a processor for verifying the interaction with the document using the received data and the recorded correspondence. The received data is generated by the sensing device through sensing of the data encoded by the coded tags to identify the document identity and a position of the sensing device relative to the document.11-04-2010
20110258454CROSS-DOMAIN IDENTITY MANAGEMENT FOR A WHITELIST-BASED ONLINE SECURE DEVICE PROVISIONING FRAMEWORK - A method for managing identifiers associated with network-enabled devices and used in an identity data system provisioning the network-enabled devices with identity data includes receiving a first set data that includes a previously assigned identifier for one or more of the network-enabled devices that are authorized to be provisioned with new identity data. If identity data is currently installed on the one or more network-enabled devices, each of the previously assigned identifiers in the first set of data is associated with a corresponding identifier linked to the identity data currently installed on the one or more network-enabled devices to establish a second set of data. New identity data is bound to each of the one or more network-enabled devices by assigning a new identifier linked with the new identity data to each of the one or more network-enabled devices to establish a whitelist. The whitelist specifies, for each of the one or more network-enabled devices, its previously assigned identifier, its corresponding identifier and its new identifier that is linked with the new identity data.10-20-2011
20100064139SYSTEM AND METHOD OF EXTENDING MARKING INFORMATION IN CONTENT DISTRIBUTION - In one embodiment the present invention includes a method of generating tracking information for steganographic insertion in content. The method includes splitting a tracking message into submessages, which are then inserted steganographically into the content and later extracted for tracking purposes. In this manner, the amount of information communicated in the tracking messages may be increased without requiring a redesign of every message insertion device in a distribution chain.03-11-2010
20100005305APPARATUSES, AND METHODS FOR INSERTING USER DATA INTO DIGITAL MULTIMEDIA SIGNALS - Apparatuses, and methods for inserting user data into digital multimedia signals are provided in which user data is inserted into the digital multimedia signals in a substantially imperceptible fashion. In one embodiment of the invention, digital watermarking techniques are used to embed user data into the digital multimedia signal, such that user data is later helpful in indexing the digital multimedia signal. User data can be in any generic form such as text, audio or video signals. In another embodiment of the invention, user data is superimposed on the digital multimedia signal at a location which contains the least amount of information. In yet another embodiment of the invention, user data is inserted at a location chosen by the user. The color in which user data is superimposed can also be chosen by the user by using either a color palette or by pointing to an area in the digital image or video.01-07-2010
20120204034DATA TRANSMISSION METHOD USING AN ACKNOWLEDGEMENT CODE COMPRISING HIDDEN AUTHENTICATION BITS - A method for transmitting data between a first and a second point comprises the steps of transmitting data, from the first to the second point, together with a signature comprising bits of a first authentication code, and transmitting an acknowledgement, from the second to the first point. The length of the first authentication code is greater than the length of the signature and the first authentication code comprises hidden authentication bits. The acknowledgement is produced by using hidden authentication bits of a second authentication code presumed to be identical to the first, produced at the second point.08-09-2012
20090240945ANTICOUNTERFEITING MEANS FOR OPTICAL COMMUNICATION COMPONENTS - Methods and systems for detecting counterfeit optical communications products are described. An exemplary system includes a host device and a fiber optic component, such as an optical transceiver. The optical transceiver may include a TOSA, a ROSA, a controller circuit, and a memory module. The controller circuit may be operably connected to the TOSA, the ROSA, and the memory module. The host device may send a set of challenge data to the optical transceiver. The optical transceiver may respond with a data set encrypted by the controller circuit using a secret key stored in the memory module. The encrypted response data set may be evaluated to determine whether the optical transceiver is authenticate.09-24-2009
20090240946DYNAMIC IDENTIFIER FOR USE IN IDENTIFICATION OF A DEVICE - A method for execution by a device, which comprises: generating a first signature by encrypting an identifier of the device together with first additional data; generating a second signature by encrypting the identifier of the device together with second additional data that is different from the first additional data; releasing the first signature to identify the device on a first occasion; and releasing the second signature to identify the device on a second occasion. Also, a device, which comprises: a memory storing an identifier of the device; a processing entity configured to generate a plurality of different signatures encoding the identifier and to store the signatures in the memory; and a transmit/receive entity configured to identify the device on respective occasions by releasing individual ones of the signatures.09-24-2009
20080307229Method And Apparatus For Certificate Roll-Over - A method and an electronic apparatus for rolling over from a first to second trusted certificate in the electronic apparatus. Information containing identification data for identifying the second trusted certificate is acquired in the electronic apparatus. Also, the second trusted certificate, which is preinstalled in the electronic apparatus, is activated based on said identification data.12-11-2008
20080307230CONTROL DEVICE, UPDATE METHOD AND CONTROL SOFTWARE - To update the program, the file is updated by verifying according to a digital signature attached to the file having the program converted whether the file is not dishonestly falsified. To verify the digital signature, a time for verifying the signature can be shortened by verifying not the entire file but only a particularly important part, and an area for temporarily storing the file can be made small. Thus, the control can be performed to update only when the file is valid.12-11-2008
20080313467Authentication Processor Using a Signature Encoded in a Number of Data Portions - A method of authenticating an object using a processor, the object being associated with a surface having disposed thereon or therein coded data having a number of coded data portions, each coded data portion encoding: an identity of the object; and, a fragment of a signature, the signature being a digital signature of at least part of the identity. The method including, in the processor: receiving from a sensing device, indicating data, the indicating data being generated in response to sensing of a plurality of coded data portions, the indicating data being indicative of: the identity of the object; and, a plurality of signature fragments; determining, from the indicating data, a received identity and a plurality of received signature fragments; determining, using the plurality of signature fragments and a secret key, a determined identity; comparing the determined identity to the received identity; and, authenticating the object using the results of the comparison.12-18-2008
20080313466METHOD AND APPARATUS FOR DIGITALLY SIGNING ELECTRONIC MAIL THAT ORIGINATES FROM A BROWSER - One embodiment of the present invention provides a system for digitally signing electronic mail that originates from a browser. The system operates by first receiving a message from a browser at a mail server. The mail server formats the message and returns the formatted message to the browser so that the browser can sign the message. The mail server then receives the signature for the formatted message from the browser and encapsulates the formatted message and the signature into a secure message. Next, the mail server forwards the secure message to the intended recipients for the message.12-18-2008
20080288778Method for Generating and Verifying an Electronic Signature - The present invention provides a secure, efficient, simple and operator-independent method for generating an electronic signature, for execution by a processing unit in a mobile terminal. The method comprises the steps of receiving an electronic message, fetching a basic key from a memory area, inputting a credential from a user, generating a dynamic key based on the basic key and the credential, and generating an electronic signature for the message using the dynamic key. The invention further comprises a corresponding method for verifying the electronic signature, for execution by a verification server.11-20-2008
20080276093SERVICE MOBILITY MANAGEMENT SYSTEM USING XML SECURITY AND THE METHOD THEREOF - A system for managing service mobility using an extensible Markup Language (XML) electronic signature. A mobility interface stops and stores the operation of a service being currently performed. Before the service is moved, a service serializer serializes service state information and converts it into an XML form which is attachable to an electronic signature. An XML security manager creates an XML electronic signature for the Manifest file of the Java ARchive (JAR) file of a service bundle, attaches the serialized service state information to the XML electronic signature, and records it. A service installer transmits the signed JAR file to an Open Service Gateway initiative (OSGi) framework that has requested that the service be moved.11-06-2008
20080229111PREVENTION OF UNAUTHORIZED FORWARDING AND AUTHENTICATION OF SIGNATURES - A forwarding signature comprises a modified digital signature, modified using a predetermined parameter between a sender and an intended recipient. An intended recipient of the forwarding signature can verify that the forwarding signature corresponds to the message, but, can neither derive the original digital signature nor generate a new forwarding signature for a different parameter. Generation and verification of the forwarding signature is accomplished with access to the public key of a public/private cryptographic key pair, the original signed message, and the predetermined parameter. Access to the private key is not needed.09-18-2008
20090013188Search for a Watermark in a Data Signal - The invention relates to a method of searching for a watermark in a data signal, and to a watermark detector, such as a copy-control watermark detector. The search is conducted in order to find a watermark in content which possibly has been attacked and/or altered. The search is conducted by the steps of determining or setting a search space for the data signal, selecting a subspace of the search space, and searching for the presence of the watermark in the subspace. The subspace may be selected from a multitude of regions, the selection e.g. being based on a deterministic or probabilistic function.01-08-2009
20110161672Provisioning, upgrading, and/or changing of hardware - In some embodiments a secure permit request to change a hardware configuration is created. The secure permit request is sent to a remote location, and a permit sent from the remote location in response to the permit request is received. The hardware configuration is changed in response to the received permit. Other embodiments are described and claimed.06-30-2011
20110161673METHOD AND APPARATUS FOR ENHANCING SECURITY OF WIRELESS COMMUNICATIONS - The present invention is related to a method and apparatus for enhancing security of communications. The apparatus comprises a security processing unit, a data processing unit, a cross-layer watermarking unit, and optionally a smart antenna processor. The security processing unit generates a token/key to be used in watermarking and sends a node security policy to other components. The data processing unit generates user data. The cross-layer watermarking unit includes at least one of Layer-2/3, Layer-1 and Layer-0. Each layer performs a different scheme or degree of watermarking. The cross-layer watermarking unit embeds the token/key into the user data transmission on at least one of the layers selectively in accordance with a security policy.06-30-2011
20110055579ELECTRONIC NAME REGISTRY TYPE - Digital signatures may be verified by maintaining a database of information of digital signatures and documents to which they were applied. Verification of electronically signed documents may be requested, with verification performed by comparing information of the electronically signed document with information in the database. The digital signatures may include graphic images, and may be transferred from one party to another.03-03-2011
20110055578VERIFICATION OF DISPERSED STORAGE NETWORK ACCESS CONTROL INFORMATION - In a dispersed storage network access control list information must be occasionally written out to system units across the network. A dispersed storage (DS) managing unit (03-03-2011
20110055577Location authentication - In one implementation a method of authenticating the installation of a television receiver involves generating a fingerprint value as function of the television network characteristics at an authorized installation location, where the fingerprint is a function of at least one of a gain value of a variable gain amplifier and an equalizer coefficient of an adaptive equalizer of the television appliance; receiving a code that is a function of both a decryption key and the fingerprint value from a broadcast source; ascertaining a value of the decryption key by applying an inverse function to the code that produces the decryption key as an output; and carrying out a decryption process at the television receiver appliance using the decryption key. This abstract is not to be considered limiting, since other embodiments may deviate from the features described in this abstract.03-03-2011
20110055576HASH FUNCTION USING A HEAP MODELING PROCESS - This discloses, in the computer data security field, a cryptographic hash function process embodied in a computer system and which may be keyless, but is highly secure. The process is based on the type of randomness exhibited by a heap or stack of physical objects such as a heap of pieces of fruit and involves modeling the behavior of such a heap when pieces are removed from the heap. Computation of the hash value (digest) is thereby the result of executing a heap model algorithm using the message as an input to initialize the heap, then executing the heap model algorithm which logically models the process of serially removing objects (pieces of fruit) from the heap at various locations in the modeled heap.03-03-2011
20100281265INFORMATION DISTRIBUTION SYSTEM AND PROGRAM FOR THE SAME - The present invention is made to provide an information distribution system capable of securely storing digitized personal information in an encrypted state in a storage section and securely transferring/disclosing the stored digitized information only to a particular third person via a network. Communication of the information is securely performed in the encrypted state between information terminals connected to the communication network (between a client and a server or between peer-to-peer client terminals). An information terminal which has created information encrypts the original information by a common key generated upon communication and stores the information in a secure storage of one of the information terminals connected to the communication network while maintaining the encrypted state. Further, the system creates a mechanism for authenticating a person having a particular authority for viewing the encrypted information and index information having an encrypted common key and link information indicating the location of the information for supply to a user.11-04-2010
20080256360Method and apparatus for authenticating a code image upon starting a device - A device such as a mobile receiving unit (10-16-2008
20120173878DEVICE AND METHOD FOR FORMING A SIGNATURE - A device is described for forming a signature from an input signal (input). According to the present invention, a plurality of transformation elements is provided, each having a finite-state machine, to which, on the input end, in each case the input signal (input) and/or a signal (input′), that is a function of the input signal, is able to be fed, all the finite-state machines are similar and are configured in such a way, particularly able to be initialized, that each finite-state machine always respectively has a different state than do all the other finite-state machines, and the signature is formable as a function of state data of at least one finite-state machine.07-05-2012
20080244271METHOD AND SYSTEM FOR AUTHENTICATION BASED ON WIRELESS IDENTIFICATION, WIRELESS IDENTIFICATION AND SERVER - The invention discloses a method and a system for authentication based on a wireless identification, and a wireless identification. The method comprises steps of: obtaining, by a mobile device, wireless tag information and connection configuration information from the wireless identification; establishing, by the mobile device, a connection with the server according to the connection configuration information, and transmitting, by the mobile device, the wireless tag information to the server; authenticating, by the server, the validity of the wireless tag information, and determining, by the server, an access right of the mobile device after the authentication is successful; generating, by the wireless identification, device signature information and forwarding it, by the mobile device, to the server; and authenticating, by the server, the validity of the device signature information, and canceling, by the server, the access right of the mobile device. The present invention provides an authentication system based on the wireless identification, wherein the server authenticates not only the wireless tag information, but also the device signature information generated by the wireless identification, thereby the system is of a higher security.10-02-2008
20080244270SYSTEM AND METHOD FOR SIGNATURE BASED DATA CONTAINER RECOGNITION - A system and method for signature based data container recognition is provided. When a new data container, such as a lun, is created, a security appliance generates a signature of the data container, by, e.g., examining the contents of one or more data blocks of the data container. The generated signature is then associated with the appropriate encryption key for the data container and is stored either within a configuration database of the security appliance or on a key management system operating within a security appliance environment. To identify the encryption key associated with a data container, the security appliance generates a signature of the data container and compares the generated signature with the stored signatures. Should there be a matching signature, the security appliance utilizes the encryption key associated with the matching signature to process data access requests to/from the data container.10-02-2008
20100287378SIGNATURES FOR MULTIPLE ENCODINGS - Signatures for multiple encodings is disclosed. In some embodiments, signatures for multiple encodings includes receiving a first signature of digitally signed data, wherein the first signature is a digital signature of data included in a first document having a first document encoding; receiving a second signature of digitally signed data, wherein the second signature is a digital signature of data included in the first document having a second document encoding, and wherein the first document encoding and the second document encoding are different document encodings; receiving a third signature of digitally signed data, wherein the third signature is a digital signature of data included in a canonicalized version of the first document having a canonical encoding, and wherein canonicalizing the first document includes providing a different order of data within the first document based on a canonical ordering; selecting a signature from the received first signature, the received second signature, and the received third signature, wherein the first signature, the second signature, and the third signature are associated with the first document to provide a digitally signed first document; and verifying the digitally signed data using the selected signature.11-11-2010
20100287377Method and a system for a secure execution of workflow tasks of a workflow in a decentralized workflow system - A computer-implemented method is disclosed for a secure execution of workflow tasks of a workflow to be executed according to a given execution pattern in a decentralized workflow system with a central workflow engine (CWE) initiating the workflow and a plurality of task execution agents (A1, A2, . . . ), wherein task-based public-private key pairs are produced using a workflow signature scheme. The method starts at an i'th execution agent which is selected by at least one preceding execution agent in accord with the execution pattern to perform an i'th task of the workflow. The method includes receiving, from the at least one preceding execution agent via a secure channel, a task-based private key generated by the at least one preceding execution agent; signing workflow information of the workflow for at least one subsequent execution agent with a workflow signature, the workflow signature being computed using the workflow signature scheme by taking as input at least the task-based private key; selecting at least one appropriate subsequent execution agent; computing a task-based private key for the at least one subsequent execution agent wherein the task-based private key is computed using system parameters and a workflow identifier assigned to the subsequent execution agent; forwarding to the at least one subsequent execution agent the workflow information with its associated workflow signature, the system parameters and the task-based private key for the at least one subsequent execution agent through a secure channel.11-11-2010
20100287376EXTERNAL SIGNATURE DEVICE FOR A PC WITH WIRELESS COMMUNICATION CAPACITY - External signature device for a PC, with capacity for wireless communication with the computer, which can be used immediately in electronic banking and electronic commerce or in any other system based on electronic signature requiring a high level of security with a relatively small amount of data for signature, said device including a communication interface with wireless connection to the PC, an alphanumeric display (11-11-2010
20110078452METHOD TO CONTROL ACCESS BETWEEN NETWORK ENDPOINTS BASED ON TRUST SCORES CALCULATED FROM INFORMATION SYSTEM COMPONENT ANALYSIS - Signatures are generated for modules in a computer system. The signatures can be assembled into an integrity log. The signatures are compared with signatures in a database in an integrity validator. Once signatures are either validated or invalidated, a trust score can be generated. The trust score can then be used to determine whether the computer system should be granted access to a resource using a policy.03-31-2011
20110078449Encrypted Communication System with Limited Number of Stored Encryption Key Retrievals - A system for encrypted communication with external entities is configured to frustrate side channel attacks attempting to determine an encryption key. The system has a device with an encryption key stored in memory, an external entity with identity data for transmission to the device to initiate communication such that in response the device applies a one way function to the encryption key and the identity data to generate a variant key used to authenticate communications between the device and the external entity. The device is configured to limit the number of times the encryption key is allowed to be retrieved from the first memory to a pre-determined threshold.03-31-2011
20100293387Method and system for digital watermarking - A method for applying a digital watermark to a content signal is disclosed. In accordance with such a method, a watermarking key is identified. The watermarking key includes a binary sequence and information describing application of that binary sequence to the content signal. The digital watermark is then encoded within the content signal at one or more locations determined by the watermarking key.11-18-2010
20100293386DISTRIBUTION AND PRINTING OF TRAVEL DOCUMENTS - A system for generating and printing travel documents for a customer associated with a journey having one or more parts, the system comprising: a travel documentation distribution module capable of generating travel documentation for the customer and capable of passing the documents for storage on a customer device at the request of the customer; and a printer located in the vicinity of a starting point of one of the parts of the journey which is capable of responding to a short range communication from the customer device to print the travel documents for said part of the journey for the customer.11-18-2010
20110126021METHOD AND APPARATUS FOR TRANSMITTING AND RECEIVING SECURE AND NON-SECURE DATA - A communications system, and a method suitable for use therein, are described which are suitable for transmitting and receiving both secure and non-secure data. The system comprises: means for transmitting data comprising both ciphered secure data and unciphered non-secure data; means for receiving transmitted data; means for deciphering the received data to produce deciphered data; and means for: validating the deciphered data to produce a first validation result and outputting the deciphered data depending upon the first validation result; or validating the received data to produce a second validation result and outputting the received data depending upon the second validation result; or validating the deciphered data to produce a first validation result and outputting the deciphered data depending upon the first validation result, and also validating the received data to produce a second validation result and outputting the received data depending upon the second validation result.05-26-2011
20110126020CONTENT DISCLOSURE SYSTEM AND METHOD FOR GUARANTEEING DISCLOSED CONTENTS IN THE SYSTEM - Means for confirming the validity of the contents of a change made to a disclosed content is provided for use in a content disclosure system in which a signed content may be modified and the validity of the modified signed content may be verified using a verification key corresponding to a signature on the content before the modification. When a signed changed-content is created based on a request to change a signed content, a signed content change device connected to the content disclosure system generates restoration validity proving data for restoring the signed changed-content to a state before the change and proving the validity of the restored Contents. A verification key of the signed content, the signed changed-content, and the restoration validity proving data are provided to allow a third party to confirm the validity of the content.05-26-2011
20110126018Methods and systems for transaction digital watermarking in content delivery network - Methods and systems for applying a transaction digital watermark to content being downloaded over a content delivery network. The digital watermark carries information about the transaction pursuant to which the content was downloaded, which can be useful in establishing a “chain of custody” that facilitates piracy detection and/or other tracking and monitoring applications. Moreover, the digital watermark is applied by an edge caching server, which enables downstream entities in the content delivery chain, such as Internet service providers, to influence the information carried in the digital watermark and enables transaction details that become known after the content leaves the content provider network to be carried in the digital watermark, but without opening up a security hole at the end user premises.05-26-2011
20110126019ALTERING FUNCTIONALITY FOR CHILD-FRIENDLY CONTROL DEVICES - A method of interacting with a digital content device is described. The method includes defining a collection of digital content available via the digital content device. A specific control device is associated with the collection of digital content. A control signal is received from the control device. The digital content device allows the control device to access digital content included in the collection.05-26-2011
20120311339METHOD FOR STORING DATA ON A PEER-TO-PEER NETWORK - A method of storing data from a first node on a peer-to-peer network. The method includes creating a public and private key pair from a data item, determining a hash value for the public key, assigning the hash value as a user identifier for the user of the node, and storing the public key within a distributed hash table of the network. The user identifier corresponds to the key for the public key within the distributed hash table. The method includes the step of digitally signing the user identifier using the created private key.12-06-2012
20120311338SECURE AUTHENTICATION OF IDENTIFICATION FOR COMPUTING DEVICES - In the field of computer and data security, the identifier (ID) of a computing device is protected by providing a secure signature used to verify the ID. The signature is computed from the ID using a “White Box” cryptographic process and a hash function. This provides a signature that is computationally easy to verify but difficult or impossible to generate by a hacker (unauthorized user). This method of first creating the signature and later verifying the identifier using the signature and the associated computing apparatus are thereby useful for protection against hacking of such identifiers of computing devices.12-06-2012
20120311337METHOD AND SYSTEM FOR SIGNED STATELESS DATA TRANSFER - According to some embodiments, a method and system provides receiving a first request for service from a client during a communication session by a server, providing a response to the first request to the client, the response to the first request including state information specific to the first request and a memory of the server; clearing the server memory of the state information specific to the first request; receiving, by the server, a second request for service from the client during the communication session, the second request including the state information specific to the first request; and restoring a state of the server memory based on the state information specific to the first request received in the second request.12-06-2012
20100180125INFORMATION SERVICE METHOD, INFORMATION SERVICE UNIT, RECORDING OR REPRODUCING CONTROLLING METHOD, AND RECORDING AND/OR REPRODUCING UNIT - Unique identification information is prerecorded on a disc. The identification information is registered to a server along with user's license when he or she buys the disc. When an terminal unit reproduces data from the disc, identification information is read and transmitted to the server through the Internet. The server creates a key that controls to reproduce data from the disc in accordance with the license identified by the identification information and transmits the key to the terminal unit along with the user's license information for the disc. The terminal unit controls to reproduce contents of the disc in accordance with key and license information transmitted from the server. The license for each disc is managed in accordance with the identification information. Thus, different services can be provided for individual discs.07-15-2010
20100122092COMMUNITY-BASED IMAGE CATALOG - A community-based image catalog is provided. An example system to provide a community-based image catalog comprises a communications module to receive a submitted digital image at a server system, a detector to determine that the submitted digital image is to be made available for use by community members, a community image generator to add an interactive watermark to the submitted digital image thereby generating a community image, and a database interface module to provide the community image to a repository of images. An interactive watermark may be designed to be indicative of the community image being available for use by community members and being indicative of an interactive nature of the interactive watermark.05-13-2010
20110093716METHOD, SYSTEM AND APPARATUS FOR ESTABLISHING COMMUNICATION - A method, a system, and an apparatus for establishing communication are disclosed. The method is invented to establish communication between at least two communication parties including a first communication party and a second communication party. The method includes: sending a Cryptographically Generated Address (CGA) request to the first communication party; receiving CGA parameters and a CGA signature returned by the first communication party; and authenticating the CGA parameters and the CGA signature, and establishing communication with the first communication party if the authentication succeeds. By using the method disclosed herein, in the process of establishing communication, the communication party authenticates the CGA parameters and CGA signature carried in the CGA extension header to determine authenticity of the CGA, thus preventing the IP address spoofing and preventing or mitigating the network security problems caused by the IP address spoofing.04-21-2011
20110093715Management Server, Management Method, Management System for Downloading of Contents, and Mobile Devices - A receiver is configured to receive, from a mobile device of a first type adapted to read a content from a recording medium and run the content, a first device identifier identifying the mobile device of the first type and a recording medium identifier identifying a recording medium loaded in the mobile device of the first type, along with a digital signature generated in the mobile device of the first type using an encryption key secretly stored in the mobile device of the first type. A signature verification unit is configured to verify the authenticity of the digital signature. A voucher issuance unit is configured to issue a voucher to a mobile device of a second type adapted to acquire a content by downloading the content and to run the content accordingly and mapped into the mobile device of the first type, so that the mobile device of the second type is capable of downloading a content.04-21-2011
20120151216METHODS AND SYSTEMS FOR ENCODING AND PROTECTING DATA USING DIGITAL SIGNATURE AND WATERMARKING TECHNIQUES - Systems and methods are provided for protecting and managing electronic data signals. In one embodiment a strong watermark is inserted in a data signal that is divided into a sequence of blocks, and a digital signature for each block is embedded in the signal via a watermark. The signal is then stored and distributed. When attempts are made to use or access the signal, the signal is checked for the presence of a watermark containing the digital signature for the desired portion of the signal. If the watermark is found, the digital signature is extracted and used to verify the authenticity of the desired portion of the signal. If not found, the signal is checked for the presence of the strong watermark, which if found causes the system to inhibit further use of the signal, and if not found further use of the signal is allowed.06-14-2012
20100161991APPARATUS AND METHOD FOR CONTROLLING USE OF BROADCASTING PROGRAM USING SIGNATURE IN PROGRAM INFORMATION - Disclosed is a broadcasting signal receiving apparatus for controlling use of a broadcasting program using a signature in program information and a method thereof. The broadcasting signal receiving apparatus includes a communicating unit for receiving a broadcasting signal, an extracting unit for extracting a broadcasting program and program information from the received broadcasting signal, and a determining unit configured to generate a temporal signature for confirmation (confirmation signature) which determines whether the program information is changed or not from the original program information and determine validity of the program information by comparing a signature included in the extracted program information with the confirmation signature.06-24-2010
20120151214METHOD FOR THE USE OF A MOBILE APPLIANCE USING A MOTOR VEHICLE - The invention relates to a method for the use of a mobile appliance which is not associated with a motor vehicle using a motor vehicle, wherein a program which can be executed on the mobile appliance and a digital certificate associated with the program are stored in the mobile appliance, wherein the digital certificate is transmitted from the mobile appliance to the motor vehicle, wherein the digital certificate is verified in the motor vehicle, wherein—if verification of the digital certificate is successful—information associated with the program which can be executed on the mobile appliance is presented using a display in the motor vehicle, and wherein the program which can be executed on the mobile appliance is used using a user arrangement, associated with the display, in the motor vehicle.06-14-2012
20100082989Storing Composite Services on Untrusted Hosts - A method of storing a composite service on an untrusted host without enabling the untrusted host to access resources called by the composite service is described. In an embodiment, the delegator provides a delegatee with credentials to enable verification of the composite service and to enable access to the resources. The credential which is provided to enable access to the resources may be a credential which can be used to decrypt access credentials for each of the resources. These access credentials are stored in encrypted form in a credential store. The delegatee downloads the composite service and the encrypted access credentials and executes the composite service once it has been verified.04-01-2010
20090300362PASSWORD SELF ENCRYPTION METHOD AND SYSTEM AND ENCRYPTION BY KEYS GENERATED FROM PERSONAL SECRET INFORMATION - A public key cryptographic system and method is provided for a password or any other predefined personal secret information that defeats key factoring and spoofing attacks. The method adopts a new technique of encrypting a password or any predefined secret information by a numeric function of itself, replacing the fixed public key of the conventional RSA encryption. The whole process involving key generation, encryption, decryption and password handling is discussed in detail. Mathematical and cryptanalytical proofs of defeating factoring and spoofing attacks are furnished.12-03-2009
20090292926System and method for controlling features on a device - Trust between entities participating in an upgrade or enablement/disablement process is established and, to facilitate this remotely and securely, a highly tamper resistant point of trust in the system that is being produced is used. This point of trust enables a more efficient distribution system to be used. Through either a provisioning process or at later stages, i.e. subsequent to installation, manufacture, assembly, sale, etc.; the point of trust embodied as a feature controller on the device or system being modified is given a feature set (or updated feature set) that, when validated, is used to enable or disable entire features or to activate portions of the feature.11-26-2009
20090292925METHOD FOR PROVIDING WEB APPLICATION SECURITY - A method for an HTTP server to decide whether a remote client is victim of a phishing ttack, comprising: —receiving a first HTTP request from the remote client on said HTTP Server; —responding to said first HTTP request, wherein a token is added to the response submitted to said remote client; —receiving a second HTTP request on said HTTP server; —judging whether the second HTTP request includes said token; —judging whether the token originates from said remote client; —processing the HTTP request when said remote client has really issued the second HTTP request.11-26-2009
20090292924MECHANISM FOR DETECTING HUMAN PRESENCE USING AUTHENTICATED INPUT ACTIVITY - When a service request associated with an initiated online service transaction is received, an attestation identifying a human-input activity is requested. Upon receiving a signature attesting the human-input activity, the previously initiated service transaction is authenticated based at least in part on the signature.11-26-2009
20110264917METHOD FOR TWO STEP DIGITAL SIGNATURE - The invention relates to a method for the digital signature of a message by a signer having an identity and holding a signature device, in which a public key cryptographic scheme is used. The signer has a public key and two private keys, the second private key being deposited at a reliable third party. For each signing operation, two additional steps are respectively carried out with a separate private key, i.e.: the calculation by the signer of a pre-signature of the message using the first private key, and transmitting the message and the pre-signature to the reliable third party; and the verification by the reliable third party of the pre-signature followed by the calculation by the reliable third party of a signature of the message using the second private key deposited at the reliable third party as well as the pre-signature previously calculated by the signer.10-27-2011
20100031050PERMANENT DISPLAY AND AUTHENTICATION OF STATUS INFORMATION OF A TECHNICAL DEVICE - The invention relates to an arrangement and a method for the acquisition and verification of at least one aspect of status information of a technical device, in particular for checking the software version. In order to make it possible to simply and reliably check the current software version the technical device comprises a storage device, a processing unit and a display, wherein the storage device comprises at least one software required for operating the technical device, a software version number and security data for calculating an identification characteristic to be graphically displayed. The security data is deposited in an encrypted region of the storage device. With the use of the processing unit the identification characteristic can be calculated on behalf of the software version number and the security data. The display displays information even in a current-free state without the use of an external energy source.02-04-2010
20100031049TIME INFORMATION DISTRIBUTION SYSTEM, TIME DISTRIBUTING STATION, TERMINAL, TIME INFORMATION DISTRIBUTION METHOD, AND PROGRAM - In a time information distribution system for distributing time information from a time distributing station to terminals, the time distributing station gives the electronic signature of the time distributing station to time information to be distributed and distributes the time information to which the electronic signature has been appended to the terminals. The terminals verify the electronic signature given to the time information distributed from the time distributing station and, if a determination has been made that the electronic signature has already been given by the time distributing station, store the time information to which the electronic signature is given in a hardware security module installed in the terminals.02-04-2010
20100031047ATTESTATION ARCHITECTURE AND SYSTEM - An architecture and system are provided for flexible, composable attestation systems. Systems built according to this attestation architecture can be composed to accomplish complex attestation scenarios. The system is designed around composable components to permit flexible recombination. A system, method, and computer program product are provided for proving attestations to an appraiser regarding a target system. In an embodiment, an attestation request is sent from an appraiser to a target system, wherein the attestation request includes queries regarding properties of the target system needed by the appraiser to make trust decisions regarding the target system. The attestation request is forwarded from the target system to an attester which collects the requested data. The attester sends an attestation response to the appraiser, wherein the response includes at least information regarding properties of the target system requested by the appraiser in order to make a trust decision regarding the target system.02-04-2010
20100023775COMPRESSED ECDSA SIGNATURES - An improved compression scheme for compressing an ECDSA signature is provided. The scheme substitutes the integer s in a signature (r, s) by a smaller value c. The value c is derived from s and another value d, d being small enough such that c is smaller than s. The compressed signature (r, c) is verified by computing a value using r and e, e being a hash of a message m, and using this value with a value R recovered from r to derive the value d. The value s can then be recovered and the full signature then recovered and verified.01-28-2010
20100023776Method and System for Storing a Key in a Remote Security Module - The invention concerns a method for obtaining assurance that a content control key is securely stored in a remote security module for further secure communications between a content provider and said security. A security module manufacturer, which has a pre-established trustful relation with the security module, imports a symmetric transport key into the security module, wherein the symmetric transport key is unique to the security module. The content provider shares the symmetric transport key with the security module manufacturer and exchanges messages with the security module through a security module communication manager in order to get the proof that the security module stores the content control key. At least a portion of the messages exchanged between the content provider and the security module are protected using the symmetric transport key.01-28-2010
20100023774INFORMATION SECURITY DEVICE - An information security device is provided that, when information is circulated through a chain, permits changing of a usage rule for the information or collection (deletion) of the information after the circulation.01-28-2010
20100017614ENCODING AND DETECTING APPARATUS - An encoding data processing apparatus generates a video material item marked copy by embedding a payload data word into the video material item. The video material item includes plural video frames. A code word generator generates a water mark code word from the payload data word and reads data representing the water mark code word into a shuffle data store. A shuffle processor generates pseudo randomly at least one address within an address space of the shuffle data store for each video frame and reads data representing part or parts of the water mark code word out from the data store at locations identified by the pseudo randomly generated address. A data embedding processor receives the video material item and embeds the data representing the part or parts of the water mark code word read out from the shuffle data store for each frame into a corresponding frame of the video material item.01-21-2010
20080307227Digital-Invisible-Ink Data Hiding Schemes - A novel steganographic approach analogous to the real-world secret communication mechanism, in which messages to be concealed are written on white papers using invisible ink like lemon juice or milk and are revealed only after the papers are heated, is proposed. Carefully designed informed-embedders now play the role of “invisible ink”; some pre-negotiated attacks that can be provided by common content processing tools correspond to required “heating” process. Theoretic models and feasible implementations of the proposed digital-invisible-ink (DII) watermarking approach are provided. The proposed DII watermarking schemes can prevent the supervisor from interpreting secret messages even the watermark extractor, decryption tool, as well as session keys are available to the supervisor. Furthermore, under certain steganographic application scenarios, secret communication systems employing the DII watermarking schemes can aggressively mislead the channel supervisor with fake payloads and transmit genuine secrets at the same time.12-11-2008
20090193256ELECTRONIC SIGNATURE METHOD, APPARATUS, AND RECORDING MEDIUM HAVING ELECTRONIC SIGNATURE PROGRAM RECORDED THEREON - A computer divides a target electronic document into a plurality of document segments. Then, the computer generates a signature (s, t) that includes a set of two values having a signature value s forming a signature on the electronic document and a deletion signature value t used for deletion, the signature value s which serves as a body of the signature being formed by a superposition of signature information on the individual document segments. Then, in a case where one of the plurality of document segments obtained by the division is to be extracted, the computer superimposes deletion information of a document segment to be deleted on the deletion signature value t to generate a new signature value t′, and produces an updated signature (s, t′).07-30-2009
20110154044COMPUTER IMPLEMENTED METHOD FOR SENDING A MESSAGE TO A RECIPIENT USER, RECEIVING A MESSAGE BY A RECIPIENT USER, A COMPUTER READABLE STORAGE MEDIUM AND A COMPUTER SYSTEM - The invention relates to a computer implemented method for sending a message to a recipient user, wherein a recipient asymmetric cryptographic key pair is associated with the recipient user, said key pair comprising a public recipient key and a private recipient key, the method comprising sending the message to said recipient user with the recipient address to which the message is sent comprising the public recipient key.06-23-2011
20110307702METHOD FOR AUTHENTICATING AND EXECUTING A PROGRAM - Unlike the technology for a program downloaded through conventional broadcast waves, in the case of downloading a program via a network, there is a possibility that such program will be activated without noticing that the program is tampered with. For this reason, when a program is downloaded via a network, a file hierarchy for the program located on a server is constructed in a local area of a terminal. Subsequently, the authentication of the program is performed with respect to the file hierarchy constructed in the local area, and the credibility of the program is guaranteed.12-15-2011
20110307701ENCRYPTION AND AUTHENTICATION SYSTEMS AND METHODS - Methods, apparatus, and systems are disclosed for, among other things, passphrase input using secure delay, passphrase input with characteristic shape display, user authentication with non-repeated selection of elements with a displayed set of elements, document authentication with embedding of a digital signature stamp within a graphical representation of the electronic document wherein the stamp comprises digits of a digital signature, and sub-hash computation using secure delay.12-15-2011
20110307700SYSTEM AND METHOD FOR PERFORMING TWO FACTOR AUTHENTICATION AND DIGITAL SIGNING - The present invention relates to a system (12-15-2011
20110307703CRYPTOGRAPHIC MODULE FOR SECURE PROCESSING OF VALUE-BEARING ITEMS - An on-line value bearing item (VBI) printing system that includes one or more cryptographic modules and a central database is disclosed. The cryptographic modules are capable of implementing the USPS Information Based Indicia Program Postal Security Device Performance Criteria and other required VBI standards. The modules encipher the information stored in the central database for all of the on-line VBI system customers and are capable of preventing access to the database by unauthorized users. Additionally, the cryptographic module is capable of preventing unauthorized and undetected modification, including the unauthorized modification, substitution, insertion, and deletion of VBI related data and cryptographically critical security parameters.12-15-2011
20090031135Tamper Proof Seal For An Electronic Document - A method of generating a tamper proof seal 01-29-2009
20090172405AUDIO DATA PROCESSING APPARATUS AND AUDIO DATA PROCESSING METHOD - According to one embodiment, an audio data processing apparatus of this invention comprises a decryption unit which selects audio data to be reproduced under copyright protection, an HDMI unit which outputs the audio data selected by the decryption unit in the form of a bitstream to an AV amplifier connected via a dedicated cable, and a system control unit which acquires specification identification data from the AV amplifier before the bitstream output of the audio data and recognizes a watermark detection function of the AV amplifier on the basis of the specification identification data.07-02-2009
20120233470TRUSTED MESSAGE STORAGE AND TRANSFER PROTOCOL AND SYSTEM - An electronic content storage and exchange system includes an interface configured to send and receive messages; a database and a controller. The database includes a plurality of records, each record representing a respective virtual storage media and including at least: a respective unique identifier assigned to the virtual storage media; a respective Private key and certificate assigned to the virtual storage media; a current content value, and a log of content transfers. The controller executes transfer-in and transfer-out processes in respect of each of the virtual storage media. The transfer-in process includes steps of: receiving a content transfer message including at least a message content to be transferred and the respective identifier assigned to a recipient virtual storage media; accessing the record representing the recipient virtual storage media,; and storing the message content in the current content of the recipient virtual storage media. The transfer-out process includes steps of: receiving a content transfer request message including at least at least a message content to be transferred and the respective identifier assigned to a sending virtual storage media; accessing the record representing the sending virtual storage media; removing the message content from the current content; generating a content transfer message including the message content; and returning the content transfer message.09-13-2012
20120005482SYSTEMS AND METHODS FOR SECURELY REQUESTING AND TRANSMITTING EDUCATIONAL RECORDS VIA THE INTERNET - Systems and methods for securely ordering and transmitting educational records via the Internet are disclosed. A requestor orders educational records via a clearinghouse web site. An application services module receives the order and forwards it to a school over the Internet via a secure connector module. The secure connector module provides authentication, encryption, and validation services, and interfaces with an SIS operations module. The SIS operations module retrieves the requested records from the school's student information system (“SIS”). The educational records are transmitted back to the clearinghouse via the secure connector module. The requestor can then download the records from the clearinghouse via a secure web site.01-05-2012
20090077386NOTARY ENFORCEMENT - FRAUD PREVENTION - A system for electronically signing a document and verifying the signor's identity includes a computer having a processor, an input device, and a memory. A biometric scanner is in electronic communication with the computer for scanning at least one biometric feature of a signor. An instruction set is stored within the memory for execution by the processor wherein execution of at least a portion of the instruction set operates to create an electronic signature and integrates at least one biometric characteristic of the biometric feature within the electronic signature.03-19-2009
20110167274PROVIDING SERVICES TO DEVICES USING A ZIGBEE NETWORK - A network device may receive two different sets of authentication information from a user device over a ZigBee network. The network device may authenticate the user device based on the received two different sets of authentication information and permit, in response to authenticating the user device, the user device to obtain a service by exchanging information between the network device and the user device over the ZigBee network.07-07-2011
20120017091METHODS AND APPARATUS FOR THWARTING WATERMARK DETECTION CIRCUMVENTION - Methods and apparatus for thwarting circumvention of watermark detection are provided. When content is received at a device that is equipped with a watermark extractor, an attacker may disguise the form of the received content in an attempt to circumvent detection of watermarks that are embedded in the content. A signal processing operation is performed on the received content such that the signal processing operation does not significantly degrade the perceptual quality of the content if the content is indeed in the form that is purported to be. The signal processing operation, however, significantly degrades the perceptual quality of the content if the content is in a different form, thereby discouraging the attacker's attempts to thwart watermark detection.01-19-2012
20120023335DEVICE AND PROCESS FOR PROTECTING A DIGITAL DOCUMENT, AND CORRESPONDING PROCESS FOR VERIFYING THE AUTHENTICITY OF A PRINTED HARDCOPY - According to the invention, a digital document is protected through: 01-26-2012
20120060035Secure and Verifiable Data Handling - The described implementations relate to secure and verifiable data handling. One implementation can receive a request to add information from a drop-off site to a user account. The request can include a location element and a security element. This implementation can also obtain encrypted units of the referenced data from the drop-off site based upon the location element. This implementation can associate the information with the user account and store the security element.03-08-2012
20120060036Method of Providing Transactions Employing Advertising Based Verification - A method of improving electronic security establishes a secure trusted path between a user and an institution seeking an electronic signature to verify a transaction before any request for signature and completing electronic transaction activities occurs. The secure trusted path providing the user with a first predetermined portion of a branded watermark, for instance an advertisement, provided from the institution in conjunction with the request, and a second predetermined portion of the branded watermark being provided upon a personalized device that cannot be intercepted or manipulated by malware, allowing the user to verify that the request as displayed upon the user's primary computing device is valid.03-08-2012
20120210136ENABLING SECURE ACCESS TO SENSOR NETWORK INFRASTRUCTURE USING MULTIPLE INTERFACES AND APPLICATION-BASED GROUP KEY SELECTION - A method implemented in a network element for controlling access to a set of resources on a per-application basis, the set of resources including subsets of the resources where each subset is accessible to a set of one or more applications through the use of a separate group key, the method comprising the steps of receiving an authentication request from a node communicatively connected to the network element through a first network interface of the network element, the authentication request including a certificate for the node, validating the certificate for the node, determining that the certificate has been authorized for the set of one or more applications through a query of a certificate database, retrieving each group key that corresponds to the set of one or more applications through a query of a group key database, and returning each group key retrieved from the group key database to the node.08-16-2012
20120159175Deduplicated and Encrypted Backups - A system and method for efficiently creating deduplicated and encrypted data across a plurality of computers allows local encryption and remote storage of deduplicated segments. Large data blocks may be divided into segments of data, and encrypted using a two-step process. A standard hash of the encrypted segment is used as an index into a remote deduplicated database so that only unique data segments are stored, and are stored only in encrypted form. When retrieving data, a data owner uses the stored digest to retrieve the data from the deduplicated database and the stored IV and second key to decrypt the data. Only the data owner has the second key and IV, so the encrypted data segment stored data in the deduplicated database is highly secure from information bleed during the storage process.06-21-2012
20120159177System and Method for Website Authentication Using a Shared Secret - A web site can be authenticated by a third party authentication service. A user designates an authentication device that is a shared secret between the user and the authentication service. A web site page includes a URL that points to the authentication service. The URL includes a digital signature by the web site. When the user receives the page, the user's browser issues a request to the authentication service, which attempts to authenticate the digital signature. If the authentication is successful, it sends the authentication device to the user computer.06-21-2012
20120159176Method and Apparatus to Create and Manage Virtual Private Groups in a Content Oriented Network - A content router for managing content for virtual private groups in a content oriented network, the content router comprising storage configured to cache a content from a customer in a content oriented network (CON), and a transmitter coupled to the storage and configured to forward the content upon request, wherein the content is signed by the user, wherein the CON provides different security levels for different users in a plurality of users, and wherein the plurality of users correspond to a plurality of user classes.06-21-2012
20120159174System and Method for Conveying Session Information for Use in Forensic Watermarking - Methods for providing content session information using a content manager, streaming server, and one or more watermarking devices are disclosed. A content asset is also disclosed. The content asset may include content. In addition, the content asset may include a content data field having forensic watermark information, e.g. session or identifying information. In one aspect, the content asset is compressed and the compressed content asset has one or more pre-processed candidate watermark locations. In this aspect, the forensic watermark information may be extracted, e.g. by a watermarking device, from the content data field and included in the one or more pre-processed candidate watermark locations.06-21-2012
20120072731SECURE AND EFFICIENT CONTENT SCREENING IN A NETWORKED ENVIRONMENT - Methods, devices, and computer program products facilitate the application of a content use policy based on watermarks that are embedded in a content. Watermark extraction and content screening operations, which can include the application of content usage enforcement actions, may be organized such that some or all of the operations can be conducted at different times by different devices. These operations can be conducted by one or more trusted devices that reside in a networked environment. The authenticity of various devices can be verified through the exchange of certificates that can further enable such devices to ascertain capabilities of one another. Based on the ascertained capabilities, an operational configuration for conducting watermark extraction and content screening can be determined.03-22-2012
20120072729WATERMARK EXTRACTION AND CONTENT SCREENING IN A NETWORKED ENVIRONMENT - Methods, devices, and computer program products facilitate the application of a content use policy based on watermarks that are embedded in a content. Watermark extraction and content screening operations, which can include the application of content usage enforcement actions, may be organized such that some or all of the operations can be conducted at different times by different devices. The watermark extraction results can be stored in a secure location and accessed by other devices at different times. These operations can be conducted by one or more trusted devices that reside in a home network. The home network can also include a gateway device that can coordinate the operations of the various network devices and/or delegate the various watermark extraction and content screening operations.03-22-2012
20120110335Secure Association of Metadata with Content - A method and system for associating metadata with an encrypted content item, the method including receiving metadata for association with a content item, receiving an entitlement control packet (ECP) associated with the content item, applying a cryptographic hash function to the ECP, thereby generating an ECP hash value, combining the ECP hash value with the metadata, thereby creating a data control object, performing a cryptographic operation on the data control object, thereby generating cryptographic integrity data, and joining the cryptographic integrity data to the data control object after the cryptographic operation, wherein usage of the content by the recipient is dependent on both a validation of the ECP hash value and a validation of the cryptographic integrity data. Related apparatus and methods are also described.05-03-2012
20120072732 CRYPTOGRAPHIC METHOD FOR ANONYMOUS AUTHENTICATION AND SEPARATE IDENTIFICATION OF A USER - The invention relates to cryptographic method for the anonymous authentication and the identification of a user entity (U03-22-2012
20120110334SECURE ROUTE OPTIMIZATION IN MOBILE INTERNET PROTOCOL USING TRUSTED DOMAIN NAME SERVERS - A trusted domain name server is introduced to provide a secure route optimization procedure for MIPv6. A trusted authority registers network addresses of a mobile node with corresponding fully qualified domain names. The trusted domain name server can later be queried to compare the domain of a network address for a mobile node with the domain of a network address for another network node.05-03-2012
20080270798Anonymous Authentification Method - An authentication method based on an encryption algorithm with a secret key. According to the invention, the anonymity of the entity being authenticated is guaranteed, so that only a legitimate authentication entity may recognize the identity of the entity which is being authenticated.10-30-2008
20110107107Multisigning - A Protocol For Robust Multiple Party Digital Signatures - Embodiments describe a system and/or method for multiple party digital signatures. According to a first aspect a method comprises establishing a first validity range for a first key, establishing a first validity range for at least a second key, and determining if the validity range of the first key overlaps the first validity range of the at least a second key. A certificate is signed with the first validity range of the first key and the first validity range of the at least a second key if the validity ranges overlap. According to another embodiment, signage of the certificate is refused if the first validity range of the first key does not overlap with the first validity range of the at least a second key.05-05-2011
20110107106File-Distribution Apparatus and Recording Medium Having File-Distribution Authorization Program Recorded Therein - A file-distribution apparatus includes a file-distribution unit configured to distribute an image file received from an image-forming device to a terminal device, a source-reference-information storage unit configured to store source-reference authorization information, and a security-management unit configured to determine whether a source-apparatus identifier corresponding to the image file is included in the source-reference information, and thus permits distribution of the image file if the determination is affirmative, and denies distribution of the image file if the determination is negative.05-05-2011
20110107105MESSAGE SENDING/RECEIVING METHOD - Provided is a message sending method for sending a message by a process of a computer including a processor and a memory. The method includes the steps of: randomizing a signature generation key sk_s with a random number r to calculate a randomized signature generation key sk′_s=SigningKeyRandomize(sk05-05-2011
20100095126Scanned Image Disclosure Apparatus, Method and Storage Medium; Electronic Mail Transmission Apparatus, Method and Storage Medium; and Internet Facsimile Transmission Apparatus - A scanned image disclosure apparatus has a disclosure unit that encrypts and discloses to a disclosure destination a scanned image by using a public key or a private key relating to a public key certificate that has been verified to be valid, a re-verification unit that judges whether or not re-verification of the validity of the public key certificate is necessary during execution for the disclosure unit and performs re-verification if it is judged to be necessary, a termination unit that terminates the execution for the disclosure unit if the public key certificate was judged to be invalid by the re-verification unit.04-15-2010
20110099382PERSONALIZED DIGITAL MEDIA ACCESS SYSTEM (PDMAS) - The invention is an apparatus that facilitates access to encrypted digital media to accept verification and authentication from an excelsior enabler using at least one token and at least one electronic identification. The at least one electronic identification could be a device serial number, a networking MAC address, or a membership ID reference from a web service. Access to the product is also managed with a plurality of secondary enablers using the at least one electronic identification reference.04-28-2011
20110099381SYSTEM AND METHOD FOR RETRIEVING CERTIFICATES ASSOCIATED WITH SENDERS OF DIGITALLY SIGNED MESSAGES - A system and method for retrieving certificates and/or verifying the revocation status of certificates. In one embodiment, when a user opens a digitally signed message, a certificate that is required to verify the digital signature on the message may be automatically retrieved if it is not stored on the user's computing device (e.g. a mobile device), eliminating the need for users to initiate the task manually. Verification of the digital signature may also be automatically performed by the application after the certificate is retrieved. Verification of the revocation status of a certificate may also be automatically performed if it is determined that the time that has elapsed since the status was last updated exceeds a pre-specified limit.04-28-2011
20110099380System and Method of Controlling Access to Information Content Transmitted Over Communication Network - An electronic communication system provides sender controlled access to electronic communications transmitted through an electronic communication network. A sender profile and recipient profile are registered with an electronic content service provider. An electronic communication with information content is transmitted from a sender computer to the electronic content service provider. A signature is generated unique to the electronic communication. The signature without the information content is transmitted to a recipient computer. The information content of the electronic communication is accessed by transmitting an authorization based on the recipient profile from the recipient computer to the electronic content service provider. The information content of the electronic communication is transmitted from the electronic content service provider through the electronic communication network to the recipient computer with restricted access as determined by the sender computer upon confirmation of the authorization. If the authorization is not confirmed, access to the electronic communication is blocked.04-28-2011
20120124381VALIDATION SYSTEM AND VERIFICATION METHOD INCLUDING SIGNATURE DEVICE AND VERIFICATION DEVICE TO VERIFY CONTENTS - Provided are methods and a validation system that includes a signature device and a verification device for verifying a content. The signature device may generate verification information for each segment of a divided content and may generate signature information to verify the integrity of each segment and whether a corresponding segment is a part of a content. When a segment is received, the verification device may verify integrity of the segment and whether the segment is a part of the content, based on the verification information and the signature value received from the signature device.05-17-2012
20120124380USB COMPOSITE DEVICE AND METHOD THEREFOR - The invention, which relates to information security device, provides a USB composite device and implementing method thereof. The invention provides a solution that integrates the mass storage function and the key device function on a single device. A USB composite device is connected with a host computer and claims its device type; the composite device receives the operating instruction allocated by the host computer and determines whether the instruction is key device operating instruction; if so, performs key device operating; otherwise, performs data reading/writing operating. Providing higher data security and good usability for the user, the solution of the invention is easy to use.05-17-2012
20120124382SYSTEM AND METHOD FOR CHECKING DIGITAL CERTIFICATE STATUS - A method for handling digital certificate status requests between a client system and a proxy system is provided. The method includes the steps of receiving at the proxy system digital certificate status request data transmitted from the client system and generating query data for the digital certificate status in response to receiving the digital certificate status request data. The query data is transmitted to a status provider system, and status data from the status provider system in response to the query data is received at the proxy system. Digital certificate status data based on the status data received is generated and transmitting to the client system.05-17-2012
20090132825APPARATUS AND METHOD FOR TRANSMITTING SECURE AND/OR COPYRIGHTED DIGITAL VIDEO BROADCASTING DATA OVER INTERNET PROTOCOL NETWORK - A content distribution method for video copyright authentication and security comprising the steps of invisibly watermarking digital video data input from a video data source to create watermarked data; encrypting the watermarked digital video data using an encryption key to create encrypted video data; sending the encrypted watermarked digital data and a decryption key to a distribution network; decrypting the encrypted watermarked digital data to generate video data and adding visible watermarking data to the video data to generate visibly encrypted watermarked data compressing the visibly encrypted watermarked data to create compressed data; sending said compressed data and to an end user receiver; decompressing the compressed data at the receiver to generate decompressed data; and displaying the decompressed data to an end user.05-21-2009
20120317420ELECTRONIC SIGNATURE DEVICE AND ELECTRONIC SIGNATURE METHOD - An electronic signature device includes a processor configured to internally execute signature generation processing of generating an electronic signature for a digital data string; and an output unit configured to output the digital data string and the generated electronic signature.12-13-2012
20120317419SYSTEM FOR CONTROLLING THE DISTRIBUTION AND USE OF RENDERED DIGITAL WORKS THROUGH WATERMARKING - Method, apparatus, and media for embedding a watermark in digital content. An exemplary method comprises receiving digital content in an encrypted form, receiving a decryption key associated with the digital content, receiving permitted use information specifying conditions under which the digital content is permitted to be rendered and indicating that a watermark is to be embedded in a rendered copy of the digital content, determining whether the conditions are satisfied, and rendering the digital content if the conditions are satisfied based on the determining, the rendering including generating a watermark based on the permitted use information and creating a rendered copy of the digital content having the watermark embedded therein.12-13-2012
20120317418System and Method for Extracting Device Uniqueness to Assign a License to the Device - An information handling system includes a device, a controller, and a license manager subsystem. The controller is configured to determine whether the device has a license assigned and to extract a unique identification for the device in response to a request for information about the device. The license manager subsystem is configured to send the request for information about the device to the controller, to send the unique identification for the device to a license server as a request for the license for the device, to receive the license from the license server, and to assign the license to the device when the license is received.12-13-2012
20120166807Systems and Methods Using Cryptography to Protect Secure Computing Environments - Secure computation environments are protected from bogus or rogue load modules, executables and other data elements through use of digital signatures, seals and certificates issued by a verifying authority. A verifying authority—which may be a trusted independent third party—tests the load modules or other executables to verify that their corresponding specifications are accurate and complete, and then digitally signs the load module or other executable based on tamper resistance work factor classification. Secure computation environments with different tamper resistance work factors use different verification digital signature authentication techniques (e.g., different signature algorithms and/or signature verification keys)—allowing one tamper resistance work factor environment to protect itself against load modules from another, different tamper resistance work factor environment. Several dissimilar digital signature algorithms may be used to reduce vulnerability from algorithm compromise, and subsets of multiple digital signatures may be used to reduce the scope of any specific compromise.06-28-2012
20120166806Method and Apparatus to Use Identify Information for Digital Signing and Encrypting Content Integrity and Authenticity in Content Oriented Networks - A content router comprising storage configured to cache, in a content oriented network (CON), a content object with a signature signed by a publisher based on a known identity to a subscriber; and a transmitter coupled to the storage and configured to forward the content object with the signature upon request to the subscriber, wherein the subscriber uses the signature to verify one of the content object's integrity and the content object's authenticity based on the known identity without verifying a trust of a publisher key for the publisher, and wherein the known identity is trusted by the publisher and does not require verifying trust from the publisher.06-28-2012
20120131347SECURING OF ELECTRONIC TRANSACTIONS - A method in an approval service and a corresponding method in a user identity unit for securing of an electronic transaction. The method comprises a number of steps that begins with receiving of a request of approving a business transaction associated with at least one user identity and one business service, after which a check of the authority of the user identity to use the business service is performed. An exchange with the user identity is then performed of an encrypted and signed verification document that comprises at least information about the business transaction. The business transaction is then approved depending on the contents of the verification document.05-24-2012
20100217993DISPLAY WINDOW CONTROL SYSTEM AND METHOD - An embodiment of a method for rendering an item of media content includes obtaining a media presentation having a media-content portion and a display-window-configuration component. The display-window-configuration component is recovered from the media presentation and causes a defined display window to be presented contemporaneously with rendering the media content of the media-content portion. And an embodiment of a method for rendering an item of media content having an action-indicator associated with an action includes analyzing the media content to detect the action-indicator and executing the associated action. For example, the action-indicator may be a watermark, which may be visible while an image portion of the media content is displayed.08-26-2010
20100217994Trusted Infrastructure Support Systems, Methods and Techniques for Secure Electronic Commerce, Electronic Transactions, Commerce Process Control and Automation, Distributed Computing, And Rights Management - An integrated, modular array of administrative and support services are provided for electronic commerce and electronic rights and transaction management. These administrative and support services supply a secure foundation for conducting transaction-related capabilities functioning over electronic networks can also be adapted to the specific needs of electronic commerce value chains. In one embodiment, a Distributed Commerce Utility having a secure, programmable, distributed architecture provides administrative and support services. The Distributed Commerce Utility may comprise a number of Commerce Utility Systems. These Commerce Utility Systems provide a web of infrastructure support available to, and reusable by, the entire electronic community and/or many of its participants. Different support functions can be collected together in hierarchical and/or networked relationships to suit various business models or other objectives. Modular support functions can be combined in different arrays to form different Commerce Utility Systems for different design implementations and purposes.08-26-2010
20100205445WATERMARK SYSTEMS AND METHODS - Various improvements relating to digital watermarking and related technologies are detailed, including methods that enhance security and functionality, and new articles including watermarked puzzles and marked DNA.08-12-2010
20100205444Software Program for Encrypting and Decrypting, Digital Media; Photograph and Video and encoding an expiration date in them. - The digital media, photograph and video encryption and decryption software will encrypt the photograph or video and a provision is provided to put an expiration date on the photograph or video, after the expiration date the Software program will give a message saying the photograph or video has expired and not decrypt the photograph or video for viewing. The encryption key can be stored on an online web account, which can be modified by the user and lets the user; change the expiration date of a particular photograph or video. All the information; encryption key, expiration date; will be stored inside the encrypted media, photograph or video as a digital watermark or in a separate file based on user preference.08-12-2010
20110179279DEVICE AND METHOD FOR A BACKUP OF RIGHTS OBJECTS - A common backup format of a backup rights object according to embodiments of the present invention has the following features: License information that is not critical for cryptographic security of the rights object is kept in “plain text” with a well defined syntax in a first data container, license information that is critical for cryptographic security of the rights object is stored in cryptographically protected form that is specific for the originating device to which the rights object is bound to in a second data container, and the rights object is cryptographically signed by the originating device such that it may not be manipulated. The signature is stored in a third data container.07-21-2011
20120137135STORAGE-MEDIUM PROCESSING METHOD, A STORAGE-MEDIUM PROCESSING APPARATUS, AND A STORAGE-MEDIUM PROCESSING PROGRAM - Spread of a forged storage medium is prevented suppressing an authentic storage medium's damage and trouble of a owner to the minimum. When there is an update request of user key data, the update history of the user key data concerning the shown above-mentioned medium identifier IDm is referred to. When judged that the update of the user key data concerning the shown medium identifier IDm not being performed within a predetermined period, the update of user key data is performed. The request of a update is refused when judged that the update of the user key data concerning the shown medium identifier IDm being performed within a predetermined period.05-31-2012
20110185181NETWORK AUTHENTICATION METHOD AND DEVICE FOR IMPLEMENTING THE SAME - A network authentication method is to be implemented using a network authentication device and a user end for authenticating the user end. The network authentication method includes the steps of: configuring the network authentication device to store hardware information associated with unique identification codes of hardware components of the user end; when it is intended to verify identity of the user end, configuring the user end to execute a terminal program stored therein for scanning the hardware components thereof to obtain the identification codes of the hardware components, for establishing a hardware list according to the identification codes thus obtained, and for sending to the network authentication device verification data that is associated with the hardware list; and configuring the network authentication device to verify identity of the user end based on relationship between the verification data received from the user end and the hardware information stored therein.07-28-2011
20110185180METHOD AND DEVICE FOR CREATING DIGITAL SIGNATURE - A method is disclosed for creating a digital signature associated with a user having a code-generating device including a data interface, a display device, a user input device and processing circuitry, the digital signature being indicative of at least one signature object including a signature element having been pre-selected for display to the user. In at least one embodiment, the method includes: receiving, through the data interface, signature data from a user communication device, the signature data including reference data indicating a location of the signature object and a corresponding identifier code, uniquely identifying the signature object; acquiring, through the data interface, the signature object including the signature element having been pre-selected for display; determining a candidate identifier code for the signature object including the signature element having been pre-selected for display; displaying, if the candidate identifier code matches the identifier code included in the signature data, information indicative of the signature element having been pre-selected for display using the display device; determining, if user input indicative of approval of the displayed information is received through the user input device, a digital signature based on the signature data using the processing circuitry; and providing the digital signature to the user communication device.07-28-2011
20100174910Public Key Encryption with Digital Signature Scheme - An improved encryption and digital signature system and method in accordance with the invention reuses an encryption ephemeral key pair from an encryption process in a digital signature process. The reuse of the encryption ephemeral key pair in the digital signature process advantageously results in reduced byte size of the digital signature and reduction of costly computation overhead. In a preferred embodiment, the invention is based on the El Gamal encryption scheme and the Nyberg-Rueppel signature scheme. The present invention is particularly useful for operation in conjunction with small communication devices having limited processing and storage, wherein such devices may communicate via bandwidth sensitive RF links.07-08-2010
20120216043Method for Securely Dematerializing the Transfer of Evidence in Data-Stream Production Systems, In Particular Video-Surveillance Systems - A method including putting in place an end-to-end secure network, digitally signing the recorded data, regardless of its type, encrypting the recorded sensitive data, and putting in place a key management infrastructure for the creation, the renewal, the distribution and the repudiation of the keys, and putting in place an evidence administration process which guarantees the time-stamping of the digital signature, the validation of this digital signature and the ultimate archiving of the legal evidence of the integrity and of the authenticity of the video stream.08-23-2012
20100049983METHOD OF AUTHENTICATING DIGITAL SIGNATURE - A method of authenticating a digital signature is provided. The method includes sending a request from a first entity to a second entity, at least some of the request being digitally signed with a base key by the first entity, receiving, at the first entity, a digital signature and a bit-pattern from the second entity, the digital signature having been generated by the second entity using a variant key to digitally sign at least part of data indicative of a value stored in the second entity which is to be authenticated, the variant key being based on the result of applying a one way function to the base key and the bit-pattern, receiving the data at the first entity, generating, at the first entity, the variant key from the bit-pattern and the base key, and authenticating, at the first entity, the digital signature using the generated variant key. Only the first entity includes the base key and the second entity includes the variant key and the bit-pattern.02-25-2010
20100049982DNSSEC BASE ROLLOUT - The invention relates to a method for accessing via a first device a predetermined piece of information duplicated in several server devices, each server device implementing a sub-assembly of safety mechanisms from a predetermined set of safety mechanisms in order to provide a predetermined safety level for accessing the predetermined piece of information, wherein said method comprises the following steps: a) transmission (02-25-2010
20090106554E-MAIL RELAY APPARATUS AND E-MAIL RELAY METHOD - An e-mail relay apparatus notifies a user of which e-mail could not be transmitted if a transmission error has occurred, without consuming a memory capacity. When an e-mail transmission instruction is received and after header information of the received e-mail is stored, a digital signature is added to the e-mail, and the e-mail text is encrypted. Then, after the digital signature is added, the encrypted e-mail is stored, and after the original e-mail is deleted, the transmission of the e-mail is started. If an error has occurred during the e-mail transmission and the transmission has failed, an error-notifying mail addressed to a transmission source is generated. After a header file of the e-mail is attached to the error-notifying mail, the error-notifying mail to which the header file is attached is stored in a mail box for the user of the transmission source.04-23-2009
20100275028VERIFICATION APPARATUS - In an integer partitioning process S10-28-2010
20100275027RECEIVED MESSAGE VERIFICATION - A method of verifying the validity of a message received by a telecommunications terminal (10-28-2010
20100023773SIGNATURE VERIFICATION APPARATUS, METHOD FOR CONTROLLING SIGNATURE VERIFICATION APPARATUS, SIGNING APPARATUS, METHOD FOR CONTROLLING SIGNING APPARATUS, PROGRAM, AND STORAGE MEDIUM - A signature verification apparatus includes a determining unit configured to determine a type of a signature affixed to a document file, a first generating unit configured to, when the determining unit determines that the signature is of a first type, check the validity of a certificate contained in the signature, detect whether the document file has been tampered with based on the signature, and generate a first verification result indicating whether the signature is valid based on the check and the detection, and a second generating unit configured to, when the determining unit determines that the signature is of a second type, without checking the validity of a certificate contained in the signature, detect whether the document file has been tampered with based on the signature, and generate a second verification result indicating whether the signature is valid based on the detection.01-28-2010
20100011215Securing dynamic authorization messages - To fortify trust in a roaming environment, a token is introduced in transactions between an authoritative entity (e.g., a Home AAA in RADIUS) and a service providing entity (e.g., a NAS in RADIUS). A Token-Information is sent from the authoritative entity to the service providing entity during the initial authentication. Subsequent transactions include a token computed from the Token-Information. The service providing entity discards messages that it receives that do not contain the correct token. The Token-Information is transported in an encrypted fashion. The token provides secure transactions when messages between the authoritative entity and the service providing entity are routed through proxy servers.01-14-2010
20100011218SYSTEM AND METHOD FOR SECURE AUTHENTICATION OF A "SMART" BATTERY BY A HOST - Systems and methods for providing a battery module 01-14-2010
20100011217WATERMARK SIGNAL GENERATING APPARATUS - An apparatus 01-14-2010
20100011216Method of providing secure tamper-proof acquired data from process instruments - Field devices used to measure process parameters can also function as a data historian by storing process data and associated time stamps. In response to a request for stored process data, the field device uses a cipher and a secret method to generate an encrypted validation string that is provided along with unencrypted information including the process data and time stamps. A validation service that maintains a secure database of field devices and their associated ciphers and secret methods can validate the unencrypted information by using the validation string.01-14-2010
20120254619GENERATING A SECURE SIGNATURE UTILIZING A PLURALITY OF KEY SHARES - A method begins by a module to generate a secure signature on an item by selecting a first key representation index of a set of key representation indexes, wherein a first mathematical encoding of a private key generates a first plurality of key shares as a first key representation. The method continues with the module determining whether a first plurality of signature contributions have been received in response to a signature request for the item based on the first key representation index, wherein one of a first set of dispersed storage (DS) units executes a first mathematical signature function using one of the first plurality of key shares on the item to produce a signature contribution of the first plurality of signature contributions and when the first plurality of signature contributions have been received, generating the secure signature on the item from the first plurality of signature contributions.10-04-2012
20120260097SYSTEM AND METHOD OF SIGNING A MESSAGE - A system and method of signing a message to be sent from a first communication device to a destination via a second communication device. The message includes a first portion on the first communication device and a second portion on the second communication device. The method includes receiving at the second communication device the first portion of the message and a first signature for the first portion from the first communication device; combining the first portion and the second portion to form the message; obtaining a second signature for the message; and sending the first signature, the second signature and the message from the second communication device to the destination.10-11-2012
20120260096METHOD AND SYSTEM FOR MONITORING A SECURE DOCUMENT - A method for enabling access to a secure document by a document service includes receiving the document, and an ordered sequence of signature verification keys that are to be selected in an orderly manner, from a document owner. Access is enabled to the document via an allocated access address. Uploading an uploaded document is enabled. A signature associated with the uploaded document is verified using a currently selected signature verification key from the ordered sequence. If verification fails, the uploaded document is rejected. If verification succeeds, the document accessible via the allocated access address is replaced with the uploaded document and a next signature verification key of the ordered sequence is selected to be the currently selected signature verification key.10-11-2012
20100293384Digital Signatures - Technologies are generally described for secure digital signatures that employ hardware public physically unclonable functions. Each unique digital signature generator can be implemented as hardware such that manufacturing variations provide measurable performance differences resulting in unique, unclonable devices or systems. For example, slight timing variations through a large number of logic gates may be used as a hardware public physically unclonable function of the digital signature unit. The hardware digital signature unit can be parameterized such that its physical characteristics may be publicly distributed to signature verifiers. The verifiers may then simulate randomly selected portions of the signature for verification.11-18-2010
20120221861METHOD AND APPARATUS FOR PROVIDING END-TO-END SECURITY FOR DISTRIBUTED COMPUTATIONS - An approach is provided for providing end-to-end security in multi-level distributed computations. A distributed computation security platform determines one or more signatures associated with one or more computation closures of at least one functional flow. The distributed computation security platform also processes and/or facilitates a processing of the one or more signatures to generate at least one supersignature. The distributed computation security platform further determines to associate the at least one supersignature with the at least one functional flow.08-30-2012
20120084568Lightweight Secure Neighbor Discovery Protocol for Low-Power and Lossy Networks - An apparatus comprising a network node configured to support a lightweight secure neighbor discovery (LSEND) protocol for securing neighbor discovery protocols (NDP) for energy-aware devices, wherein the network node is configured to wirelessly communicate with a host node, wherein the network node is configured to exchange LSEND protocol messages with the host node, and wherein the LSEND protocol uses reduced public key and signature sizes and more lightweight signature calculations in comparison to a secure neighbor discovery (SEND) protocol for securing NDP communications that are more suitable for low-power and lossy networks (LLNs).04-05-2012
20120260095APPARATUS AND METHODS FOR CONTROLLING DISTRIBUTION OF ELECTRONIC ACCESS CLIENTS - Apparatus and methods for controlling the distribution of electronic access clients to a device. In one embodiment, a virtualized Universal Integrated Circuit Card (UICC) can only load an access client such as an electronic Subscriber Identity Module (eSIM) according to an activation ticket. The activation ticket ensures that the virtualized UICC can only receive eSIMs from specific carriers (“carrier locking”). Unlike prior art methods which enforce carrier locking on a software application launched from a software chain of trust (which can be compromised), the present invention advantageously enforces carrier locking with the secure UICC hardware which has, for example, a secure code base.10-11-2012
20120260099INCREMENTAL SECURE BACKUP AND RESTORE OF USER SETTINGS AND DATA - Methods and apparatuses for performing secure incremental backup and restore operations are disclosed.10-11-2012
20120260098Storage and Authentication of Data Transactions - Data is transmitted between a first user and a second user via an information technology communications network, in a method comprising the steps of: 10-11-2012
20090019286Watermark Detection - A detector (01-15-2009
20080320309METHOD OF AUTHENTICATING PRINT MEDIUM USING PRINTING MOBILE DEVICE - A method of using a mobile device to authenticate a print medium offline before completing printing onto the print medium, the mobile device including processing means, a printhead and a sensor, the print medium comprising a laminar substrate, the method comprising the steps of: using the sensor to sense coded data provided on a surface of the substrate; using the processing means: determining, from the sensed coded data: an identity of the print medium; and at least part of a signature, the signature being a digital signature of at least part of the identity; determining, using the at least part of the signature, a determined signature; generating, using the determined signature and a public key stored in the mobile device, a generated identity; comparing the identity to the generated identity; and authenticating the print medium using the results of the comparison; and in the event the authentication step is successful, using the printhead to print onto the print medium.12-25-2008
20080301452Systems and Methods for Watermarking Software and Other Media - Systems and methods are disclosed for embedding information in software and/or other electronic content such that the information is difficult for an unauthorized party to detect, remove, insert, forge, and/or corrupt. The embedded information can be used to protect electronic content by identifying the content's source, thus enabling unauthorized copies or derivatives to be reliably traced, and thus facilitating effective legal recourse by the content owner. Systems and methods are also disclosed for protecting, detecting, removing, and decoding information embedded in electronic content, and for using the embedded information to protect software or other media from unauthorized analysis, attack, and/or modification.12-04-2008
20080301456Efficient Secure Forensic Watermarking - The invention relates to a watermark generation method for generating watermarks to be embedded in digital media, where said watermark is generated by combining at least two watermark patterns from a set of watermark patterns. The set of watermark patterns are divided into at least two subsets of watermark patterns, and the subsets are hierarchically related and the watermark patterns in said watermark are directly related watermark patterns. Directly related means that the watermark patterns are related like parent and child in a hierarchical structure e.g. a tree structure. Further, the invention relates to an apparatus adapted to generate watermarks to be embedded in media.12-04-2008
20080301455Authentication System And Authentication Object Device - To provide an authentication system for improving security, using fewer encryption keys. An authentication requesting device (12-04-2008
20080301454Information Management System - An information management system is described comprising one or more workstations running applications which allow a user of the workstation to connect to a network, such as the Internet. Each application has an analyzer, which monitors transmission data that the application is about to transmit to the network or has just received from the network, and which determines an appropriate action to take regarding that data. The analyzer may consult policy data containing a supervisor-defined policy to govern the workstations in order to determine what action to take. Such actions may be extracting data from the transmission data, such as passwords and usernames, digital certificates or eCommerce transaction details for storage and record keeping; ensuring that the transmission data is transmitted at an encryption strength appropriate to the contents of the transmission data; determining whether a check needs to be made as to whether a digital certificate received in transmission is valid; determining whether a transaction about to be made by a user of one of the workstations needs third party approval before it is made; and controlling the transmission of messages, such as e-mails according to a policy.12-04-2008
20080301453OFFICE MACHINE HAVING IDENTIFICATION UNIT AND DOCUMENT MANAGEMENT SYSTEM INCLUDING SUCH OFFICE MACHINE - The present invention relates to an office machine having an identity verification unit and a document management system including such an office machine. The office machine includes a processor and an identity verification unit. The processor is used for controlling operations of the office machine. The identity verification unit is included in the processor for verifying identity information of a user when an electronic document sent from the user is received by the office machine. The electronic document is verified according to an asymmetric cryptosystem, thereby ensuring security and user authenticity of the electronic document.12-04-2008
20080301449Signature Apparatus, Verifying Apparatus, Proving Apparatus, Encrypting Apparatus, and Decrypting Apparatus - Provided are a signature apparatus, a verifying apparatus, a proving apparatus, an encrypting apparatus, and a decrypting apparatus capable of efficiently reducing a signature text counterfeit problem to a discrete logarithm problem. The commitment is a hash value of a set of a value to be committed. Data including a pair of elements of a cyclic group associated with a discrete logarithm problem is used as a public key, and a discrete logarithm of an order of the pair is used as a secret key. Accordingly, it is possible to summarize secret information of an attacker from the commitment without rewinding the attacker and to ensure a higher safety than that of a Schnorr signature scheme. In addition, one-time power residue calculation is performed in each of the signature and verification calculations, so that it is possible to lower an amount of calculation in the signature and verification calculations.12-04-2008
20080301448Security Against Corruption for Networked Storage - Systems and methods for security against corruption for networked storage are described. In one aspect, a destination device receives a linear combination of packets. The linear combination of packets represents digitally signed blocks of content and public information used to digitally sign segmented blocks of content. The destination device recombines the linear combination of packets to compute new valid signatures as linear combinations of received homomorphic digital signatures. The new valid signatures are for verifying by a requesting computing device recovering data associated with at least a subset of the linear combination of packets, integrity of the at least a subset. This provides the requesting node with security against corruption of data in networked storage.12-04-2008
20110004765LICENSE MANAGING METHOD AND DEVICE - A license managing device sets a security area for storing a license file, maintains the security area as an encoded file in an inactive state of the security area by encoding the security area, maintains the security area as a directory in an active state of the security area by decoding the security area, and encodes a license file by using a file encoding key according to the user's request and stores the same in a security area in an active state of the security area.01-06-2011
20110004764SECURE METER ACCESS FROM A MOBILE READER - Generally described, the disclosed subject matter is directed to improved processes for securely accessing a meter. In accordance with one embodiment, a method for providing a mobile meter reader with an authorization that may be used to establish a secure session with a meter is implemented. In particular, the method includes issuing a request for authorization to access the meter from the mobile meter reader. If the mobile meter reader maintains sufficient rights, an authorization having an encoded digital signature is generated at a host computer system and provided to the mobile meter reader. Then the method formulates and transmits an authorization command to the meter having the encoded digital signature that was generated by the host computing system.01-06-2011
20120265993ADVANCED WATERMARKING SYSTEM AND METHOD - A method, computer program product, and computing device for obtaining an uncompressed digital media data file. One or more default watermarks is inserted into the uncompressed digital media data file to form a watermarked uncompressed digital media data file. The watermarked uncompressed digital media data file is compressed to form a first watermarked compressed digital media data file. The first watermarked compressed media data file is stored on a storage device. The first watermarked compressed media data file is retrieved from the storage device. The first watermarked compressed digital media data file is modified to associate the first watermarked compressed digital media data file with a transaction identifier to form a second watermarked compressed digital media data file.10-18-2012
20110131417IDENTITY BASED NETWORK POLICY ENABLEMENT - Enhanced network data transmission security and individualized data transmission processing can be implemented by intermediaries in a communication path between two endpoint peers individually having the capability to identify and authenticate one or both of the endpoint peers. Communication session establishment, endpoint peer identity processing and authentication and data traffic encryption protocols are modified to allow intermediaries to track the communications between endpoint peers for a particular communication session and obtain information to authenticate the endpoint peers and identify data traffic transmitted between them. Intermediaries can use the identities of one or both of the endpoint peers to enforce identity based rules for processing data traffic between the endpoint peers for a communication session.06-02-2011
20120239936CREDENTIAL TRANSFER - Methods and apparatus, including computer program products, are provided for credential transfer. In one aspect there is provided a method. The method may include receiving, at a first device, an authorization token; determining, at the first device, a delegation token, one or more credentials, and metadata; and providing, by the first device to a second device, the delegation token, the one or more credentials, and the metadata. Related apparatus, systems, methods, and articles are also described.09-20-2012
20110047386SIGNING METHOD, APPARATUS, AND SYSTEM - A signing method, apparatus, and system, which relate to the information security field. The present invention overcomes the problem of signature counterfeit in prior art. The client host generates a transaction message and determines the key information of the message after receiving transaction information entered by a user, forms a data packet for signing, and transmits the data packet to the USB key, which will then extract the key information and output it for confirmation by the user, and if a confirmation is received, the USB key signs the data packet and transmits a signature to the client host; after receiving the signature and the transaction message from the client host, the server extracts the key information from the transaction message to form a data packet for signing and verifies the signature against the data packet. The embodiments of the present invention are mainly applicable to the field of information security.02-24-2011
20110047385Methods and Systems for Digitally Signing a Document - Methods and systems according to various embodiments provide a voice-based digital signature to a digital document. For example, a user can access a website to fill in or compete a digital document such as an insurance application (e.g., an application for Medicare supplement insurance), and can call an interactive voice response (“IVR”) system to provide a voice-based (or oral or aural) digital signature to the digital document. The digital signature can then be attached, related, or appended to that digital document in place of a traditional signature. Thus, the digital document need not be printed and sent to the user for a signature.02-24-2011
20110047384ESTABLISHING AN AD HOC NETWORK USING FACE RECOGNITION - Ad hoc network formation is provided in connection with using face recognition and simple device pairing to build a network. Upon determining the identity of an individual using, for instance, a software recognition program, various protocols may be used to implement the formation of the ad hoc network.02-24-2011
20120324230SYSTEM FOR ENABLING DIGITAL SIGNATURE AUDITING - A computer method, computer system, and article for enabling digital signature auditing. The method includes the steps of: receiving at least one signature request issued by at least one application, forwarding a first data corresponding to the received at least one signature request to at least one signing entity for subsequent signature of the first data, storing an updated system state that is computed using a function of: i) a reference system state and ii) a second data corresponding to the received at least one signature request, where the reference system state and the updated system state attest to the at least one signature request, and repeating the above steps, using the updated system state as a new reference system state, where the steps of the method are executed at a server of a computerized system.12-20-2012
20120324232Author Signatures for Legal Purposes - Methods and apparatus, including computer program products, implementing and using techniques for establishing trust in an electronic document. An electronic document is received. State dependent content in the electronic document is identified. The state dependent content is content that is renderable to have a several appearances. The electronic document is presented to a user, which includes disclosing the presence of any identified state dependent content in the electronic document.12-20-2012
20120324231ATTRIBUTES IN CRYPTOGRAPHIC CREDENTIALS - Method and apparatus for generating cryptographic credentials certifying user attributes and making cryptographic proofs about attributes encoded in such credentials. Attributes are encoded as prime numbers E in accordance with a predetermined mapping and a cryptographic credential is generated encoding E. To prove that an attribute encoded in a cryptographic credential associated with a proving module of the system is a member of a predetermined set of user attributes, without revealing the attribute in question, the proving module determines the product Q of respective prime numbers corresponding to the attributes in the set in accordance with the predetermined mapping of attributes to prime numbers. The proving module demonstrates to the receiving module possession of a cryptographic credential encoding a secret value that is the prime number E, and then whether this secret value divides the product value Q.12-20-2012
20120324229SYSTEM AND METHOD FOR GENERATING KEYLESS DIGITAL MULTI-SIGNATURES - A method of generating a keyless digital multi-signature is provided. The method includes receiving multiple signature generation requests from one or more client computers, building subtrees based on the signature generation requests, and constructing a search tree including the subtrees. The method also includes assigning explicit length tags to leaf nodes of the search tree to balance the search tree and applying a hash function to each of the search tree nodes. The root hash value and the height of the search tree make up a generated aggregate signature request, followed by receiving an aggregate signature based on the aggregate signature request. The keyless digital multi-signature is generated based on the aggregate signature and contains an implicit length tag to verify that the number of signature generation requests is limited. The aggregate signature is generated if the height of the search tree does not exceed a predetermined height limitation.12-20-2012
20120324228PLATFORM THAT FACILITATES PRESERVATION OF USER PRIVACY - Described herein are technologies pertaining to preserving privacy of users of mobile computing devices. Two users of two mobile computing devices share a quantization scheme for quantizing location data using a predefined quantization interval. The two users additionally share a private key that is utilized to encrypt locations obtained by the two computing devices that have been quantized using the shared quantization scheme. Encrypted, quantized locations are compared in a cloud computing service in connection with answering location-based queries, where the comparison is undertaken without the cloud computing service decrypting the encrypted, quantized locations.12-20-2012
20110238997EFFICIENT TECHNIQUE TO ACHIEVE NON-REPUDIATION AND RESILIENCE TO DoS ATTACKS IN WIRELESS NETWORKS - A computationally efficient message verification strategy that achieves non-repudiation and resilience to computational denial of service attacks in conjunction with a broadcast authentication protocol that authenticates messages using a combination of a digital signature and a TESLA MAC. When messages are received at a receiver, the verification strategy separates the messages into messages with the same sender identification. The strategy then determines whether the TESLA MAC authenticator is valid for each message and discards those messages that do not have a valid TESLA MAC. The strategy collects the messages that have a valid TESLA MAC for each sender identification and performs a batch verification process on the group of messages to determine if the messages in the group have a valid digital signature. This strategy verifies each message in the group of messages if the batch verification process shows that the group of messages has a valid digital signature.09-29-2011
20120278626DNSSEC Inline Signing - Systems and methods of performing incremental DNSSEC signing at a registry are described in which digital signature operations may be performed as part of a single transaction including DNS add, update, and/or delete operations and the like. Exemplary methods may include receiving a domain command from a requester, the domain command including an identifier of a domain. The received domain command may be executed with respect to data stored by the registry for the domain. As part of an individual transaction including the execution of the domain command, the registry may also sign DNSSEC records for the domain using a private key of an authoritative server. After the DNSSEC records have been signed, the registry may incrementally publish the signed DNSSEC records to a separate server. Exemplary methods may also include “took-aside” operations in which, for example, add, update, and/or delete operations may be executed on data stored in a registry database and reported to a requester, prior to applying digital-signatures to the DNSSEC data. After reporting that the instructions have been executed, the registry may generate a digital signature based on the add, update, and/or delete changes, and commit the digital signature to a registry resolution database.11-01-2012
20120278627Security based on subliminal and supraliminal channels for data objects - This invention relates to security for data objects; more particularly, the present invention relates to improved security based on subliminal and supraliminal channels for data objects. In another embodiment, a method of protecting a data object comprises: steganographically encoding a subset of candidate bits in a digitized sample stream; perceptibly manipulating data in the digitized sample stream; and combining the imperceptible and perceptible data changes to create a secure/unique digital sample stream. In yet another embodiment, a method for securing a data signal comprises: preanalyzing said data signal for candidate watermark/signature bits; steganographically encoding independent data into the data signal into a subset of the candidate watermark bits, at least one time; and encoding the data signal subsequently with a perceptible technique.11-01-2012
20120089845VERIFIABLE DEVICE ASSISTED SERVICE USAGE BILLING WITH INTEGRATED ACCOUNTING, MEDIATION ACCOUNTING, AND MULTI-ACCOUNT - Various embodiments are disclosed for a services policy communication system and method. In some embodiments, a communications device implements a service policy for assisting billing for the communications device use of a service on a network; and monitors use of the service based on the service policy, in which a local service usage is synchronized with a network based service usage.04-12-2012
20120089844ONE WAY AUTHENTICATION - A cryptosystem prevents replay attacks within existing authentication protocols, susceptible to such attacks but containing a random component, without requiring modification to said protocols. The entity charged with authentication maintains a list of previously used bit patterns, extracted from a portion of the authentication message connected to the random component. If the bit pattern has been seen before, the message is rejected; if the bit pattern has not been seen before, the bit pattern is added to the stored list and the message is accepted.04-12-2012
20120089843INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND PROGRAM - An information processing apparatus includes: a data processor which creates content to be distributed to a client, wherein the data processor executes processing of creating content provided to a client by selecting data in units of segments, which are division data of content, from a plurality of additional information recorded content items obtained by recording different additional information items on original content, selects different segment columns in units of content distribution clients in the processing of creating content provided to a client, and creates management information in which client information for identifying a client of a content distribution destination and segment column information indicating a segment selection state of the content provided to a client, which is provided to a corresponding client, are matched with each other and records the management information in a storage unit.04-12-2012
20120331301METHOD AND SYSTEM FOR USING A SMART PHONE FOR ELECTRICAL VEHICLE CHARGING - Systems and methods are provided to allow a smart phone or any terminal to reserve and activate an electric vehicle charger using a web site or server computer system. An access control system is provided that includes a server and an access device. The access device includes an electrical vehicle charger. A reservation request is accepted from a first terminal using the server. A reservation certificate is provided to a portable second terminal in response to the request using the server. The reservation certificate is accepted from the portable second terminal using the access device. The reservation certificate is determined to be authentic using the access device. The electric vehicle charger is activated in response to accepting an authentic reservation certificate using the access device.12-27-2012
20110320821FEDERATION AMONG SERVICES FOR SUPPORTING VIRTUAL-NETWORK OVERLAYS - Computerized methods, systems, and computer-readable media for promoting cooperation between a first and second virtual network overlay (“overlay”) are provided. The first overlay is governed by a first authority domain and includes members assigned virtual IP addresses from a first address range. The second overlay is governed by a second authority domain, which is associated with a second federation mechanism, for negotiating on behalf of the second overlay. The second federation mechanism is capable of negotiating with, or soliciting delegation of authority from, a first federation mechanism that is associated with the first authority domain. When negotiations are successful or authority is delegated, the second federation mechanism establishes a communication link between the second overlay and the first overlay or joins a member of the second overlay to the first overlay. Joining involves allocating a guest IP address from the first address range to the member.12-29-2011
20110320820Restoring Secure Sessions - The different illustrative embodiments provide a method, a computer program product, and an apparatus for restoring secure sessions. A determination is made whether cached information for a session for the requestor is stored at the data processing system using a session cookie responsive to receiving a request at a data processing system from a requestor to access a resource. Access to the resource is controlled using the cached information and a number of privileges for the requestor associated with the cached information responsive to a determination that the cached information for the session is stored at the data processing system. A migration cookie is requested from the requestor responsive to an absence of a determination that the cached information for the session is stored at the data processing system. The cached information is generated for the session using the migration cookie.12-29-2011
20110320819ACCESSING RESTRICTED CONTENT BASED ON PROXIMITY - A license to use content (e.g., a movie, song, application, etc.) is provided to a consumer. The license allows for use of the content by the device the consumer is using (e.g., logged into) and devices near the device the consumer is using. For example, a first computing device obtains a license to restricted content. A second computing device obtains a copy of the restricted content; however, the second computing device is not licensed to use the content and may not be able to access the content because the content is encrypted or otherwise restricted. The first computing device is brought into proximity with the second computing device. In response to detecting that the first computing device is in proximity with the second computing device, the second computing device is provided with legal access to the restricted content. The second computing device can then decrypt (or otherwise access) and play the content.12-29-2011
20120102330METHOD FOR PROTECTING A TELECOMMUNICATION NETWORK AND SECURE ROUTER IMPLEMENTING SUCH A METHOD - This invention pertains to a method for protecting a telecommunication network comprising at least one secure router (04-26-2012
20120102329CONTENT DISTRIBUTION AND AGGREGATION - In an example, a method for secure publication of content is described. The method may include encrypting content with a media key. The method may also include providing the encrypted content to a client device associated with a private key and a public key. The private key may be stored at the client device. The method may also include encrypting the media key with the public key. The method may also include providing the encrypted media key to the client device.04-26-2012
20120331300Span Out Load Balancing Model - This document describes techniques for transporting at least a portion of the data for a remote presentation session via datagrams. In particular, a span-out model is described whereby a remote presentation session can be associated with multiple channels and each channel can be routed through a different gateway computer system. As such, a connectionless oriented channel for a client may be routed through a first gateway computer system and a connection oriented channel for the client may be routed through a second gateway computer system. In addition to the foregoing, other techniques are described in the claims, the attached drawings, and the description.12-27-2012
20100199097NON-REPUDIABLE TRANSLATION OF ELECTRONIC DOCUMENTS - A method for non-repudiable translation of documents is disclosed, whereby a computer application determines a storage location for a first document, generates a first digital signature for the first document, determines a storage location for a plurality of translation instructions, generates a second digital signature for the plurality of translation instructions, translates the first document, assembles a second document including the storage location for the first document, the storage location for the plurality of translation instructions, the first digital signature, the second digital signature, the translation, and at least one encryption key associated with the first document and the plurality of translation instructions, and digitally signs the second document. The signed document includes sufficient information to demonstrate non-repudiable translation of the first document.08-05-2010
20100199096INTEGRATED CIRCUIT AND MEMORY DATA PROTECTION APPARATUS AND METHODS THEREOF - A memory data protection apparatus including a storage device, a cipher, and a validator is provided. The storage device is embedded in a chip electrically coupled to an external memory for storing an offset value, a signature and a key. The cipher electrically coupled to the storage device and the external memory to receive the key includes an encrypter and a decrypter. The encrypter is capable of executing an encryption to output an encrypted data and an encrypted certified data. The decrypter is capable of executing a decryption to output a decrypted data. The validator electrically coupled to the storage device receives the signature, the offset value and the certified data and determines an access limit of the external memory by validating the certified data with the signature and the offset value. The memory data protection apparatus accesses an original data in the external memory according to the access limit.08-05-2010
20120151215APPARATUS AND METHOD FOR PROTECTING COPYRIGHT OF DIGITAL CONTENT, AND APPARATUS AND METHOD FOR DETERMINING AUTHENTICITY OF DIGITAL CONTENT - Provided are an apparatus and method for protecting the copyright of digital content, and an apparatus and method for determining the authenticity of digital content. The apparatus for protecting the copyright of digital content includes a creative commons license (CCL) watermark application unit configured to watermark digital content provided with06-14-2012
20130024696METHOD AND APPARATUS FOR FLASH UPDATES WITH SECURE FLASH - Firmware updates are performed in a digital device that includes a secure flash that secures each block of stored data with a digital signature. In at least one embodiment, the update package that is received by the digital device for use in performing the update includes the digital signatures of blocks to be updated in the flash. In other embodiments, the digital signatures are generated within the digital device after an update package has been received.01-24-2013
20130024699System and Method for Protecting Cryptographic Assets From a White-Box Attack - A digital signature generation (DSG) process which provides resistance against white box attackers is disclosed. This is done by applying specially selected data transformations to the inputs, outputs and internal parameters of the algorithm. In particular, the signatory's private key does not appear in the clear in our protected implementation. Our new white box implementation produces signatures that are compatible with signatures created by conventional implementations; thus our solution facilitates interoperability and can be used as a drop-in replacement for conventional implementations. In particular, we describe transformations to the key (d) and the generator domain parameter (usually denoted G or g) of the digital signature generation processes, such that embodiments of the invention can produce signed messages which appear to a verifier as if the key (d) was used, without actually ever using the key (d). This makes it impossible for an adversary to ever observe the key (d), as it is not actually used. Further embodiments include additional protections to make it even harder for an adversary to deduce the key (d) by observing the process which generates the digital signature.01-24-2013
20130024697SYSTEM AND METHOD FOR OBFUSCATION INITIATION VALUES OF A CRYPTOGRAPHY PROTOCOL - A computer-implemented technique for determining whether a first computing device has the correct version of a software program may be used to provide a secure approach to verifying that a client computing device has a secure and approved version of content player software implemented for consuming downloaded copyright media content. With this technique, copyright media content providers are able to ensure that only secure and approved content players are implemented to access the content.01-24-2013
20130024698DIGITAL CONTENT MANAGEMENT SYSTEM, DEVICE, PROGRAM AND METHOD - A digital content management system (01-24-2013
20080256361Watermarking of a Processing Module - The present invention relates to a method, for watermarking a processing module (10-16-2008
20130173923METHOD AND SYSTEM FOR DIGITAL CONTENT SECURITY COOPERATION - A method for digital content security cooperation, including: creating, by a first content possessing device, a cooperation content packet of digital contents and transmitting the created cooperation content packet to at least one of a second content possessing device or a first content cooperating device, wherein the cooperation content packet includes an attribute data block and a content data block; and performing, by the first content cooperating device receiving the cooperation content packet, privilege verification according to the cooperation content packet, and after the privilege verification is passed, updating the information in the content data block in the cooperation content packet, and transmitting the cooperation content packet including the updated information to at least one of a second content cooperating device or the first content possessing device.07-04-2013
20110246779ZERO-KNOWLEDGE PROOF SYSTEM, ZERO-KNOWLEDGE PROOF DEVICE, ZERO-KNOWLEDGE VERIFICATION DEVICE, ZERO-KNOWLEDGE PROOF METHOD AND PROGRAM THEREFOR - Provided is a zero-knowledge proof system that allows a discrete-logarithm zero-knowledge proof. The zero-knowledge proof device includes a temporary memory unit that stores pseudorandom numbers and previously determined hash values, a first processing unit that calculates multiple pseudorandom numbers and performs multiple iterations of processing to calculate hash values based on the calculated pseudorandom numbers and the information stored in the temporary memory unit, a second processing unit that determines some of the multiple pseudorandom numbers based on the hash values, and a third processing unit that re-calculates some of the pseudorandom numbers and sends the hash values obtained to a zero-knowledge verification device. The zero-knowledge verification device includes a temporary memory region, a data receiving module that sequentially receives new input data, and a processing module that overwrites hash values including variables and input data, as variables into the temporary memory region each time the input data are received.10-06-2011
20110246778PROVIDING SECURITY MECHANISMS FOR VIRTUAL MACHINE IMAGES - A method for providing a security mechanism for validating and executing a virtual machine image where the virtual machine image is obtained from an external source to run on an endpoint or host system. An electronic device storing validation data is connected to the host system, and the virtual machine image is validated with the validation data. The virtual machine image run on the host system if validated and/or decrypted. The electronic device can be a USB flash drive, and the electronic device can include a security processor with memory in addition to having a display, keypad, token, or any combination thereof. The validation data utilized may comprise a keyed hash or digital signature when validating the virtual machine image.10-06-2011
20080222422MANAGING ELECTRONIC DOCUMENTS UTILIZING A DIGITAL SEAL - A method for storing electronic documents can include associating a digital seal with at least one electronic document. An image within a user interface can be displayed, wherein the image is a user selectable representation for the digital seal. At least one metadata attribute can be stored as a characteristic related to the digital seal. A storage characteristic of at least one electronic document can be modified based on one or more of the metadata attributes.09-11-2008
20080222421SIGNATURE INFORMATION PROCESSING METHOD, ITS PROGRAM AND INFORMATION PROCESSING APPARATUS - A signature information processing method using a relay apparatus which executes information processing on data containing signature information which is information concerning a signature is provided in order to prevent a signature from being invalidated. A signature information extraction unit conducts extraction processing to extract signature information from the data and store the signature information in the signature information storage unit. A message processing unit executes processing on the data. Thereafter, a signature information substitution unit conducts substitution processing to substitute signature information stored in the signature information storage unit for signature information contained in data obtained after execution of the processing.09-11-2008
20080222420Systems and Methods for Authenticating and Protecting the Integrity of Data Streams and Other Data - Systems and methods are disclosed for enabling a recipient of a cryptographically-signed electronic communication to verify the authenticity of the communication on-the-fly using a signed chain of check values, the chain being constructed from the original content of the communication, and each check value in the chain being at least partially dependent on the signed root of the chain and a portion of the communication. Fault tolerance can be provided by including error-check values in the communication that enable a decoding device to maintain the chain's security in the face of communication errors. In one embodiment, systems and methods are provided for enabling secure quasi-random access to a content file by constructing a hierarchy of hash values from the file, the hierarchy deriving its security in a manner similar to that used by the above-described chain. The hierarchy culminates with a signed hash that can be used to verify the integrity of other hash values in the hierarchy, and these other hash values can, in turn, be used to efficiently verify the authenticity of arbitrary portions of the content file.09-11-2008
20080222419Content Management of Public/Private Content, Including Use of Digital Watermarks to Access Private Content - A public version of content includes information to access a private version. The private version is typically of higher value, as it is a complete version and/or of higher audio or video quality than the public version. The public version can be shared or played without restriction, which enables the content to be promoted, yet provides an incentive for the user to access the private version. The public version can include information that enables a user to obtain software necessary to get the private version. In addition, the public version can include a digital watermark used to access the private version.09-11-2008
20080222418Signature Generation Device and Signature Verification Device - A signature generation apparatus capable of preventing transcript attack on signature data is provided. The signature generation apparatus performing a digital signature operation with the use of a signature key: stores the signature key; performs the digital signature operation on signature target data with the use of the signature key to generate signature data; counts the cumulative count of digital signature operations having been performed by the signature generation unit with the use of the signature key; judges whether the cumulative count has reached a predetermined count; and inhibits the use of the signature key in the digital signature operation from then onward in a case where the judgment unit determines that the cumulative count has reached the predetermined count.09-11-2008
20130179690METHOD AND APPARATUS FOR FAST IMAGE ENCRYPTION AND INVISIBLE DIGITAL WATERMARK - The invention is for a method and system for encrypting and decrypting image/signal, based on new column and/or row operation of the image/signal, and a new digital watermark system, based on the new encryption/decryption system. The column and row operation are introduced for creating a chaotic image/signal so that the resulting image/signal is unreadable/inaudible with a fast computational speed. The new digital watermark technology can sustain cropping damage for verification.07-11-2013
20130145165METHOD OF SENDING A SELF-SIGNED CERTIFICATE FROM A COMMUNICATION DEVICE - A method of sending a self-signed certificate from a communication device, the self-signed certificate being signed by the communication device. The method includes: receiving a communication in relation to establishing a session from a second communication device in proximity to said communication device, outputting on an output device of said communication device a certificate hash of the self-signed certificate or an address of where to obtain the certificate hash, and sending the self-signed certificate to said second communication device. The method may also include sending a broadcast message to announce a presence of the communication device.06-06-2013
20110271116SET OF METADATA FOR ASSOCIATION WITH A COMPOSITE MEDIA ITEM AND TOOL FOR CREATING SUCH SET OF METADATA - A set of metadata for association with the composite media item and a tool for creating a composite media item with an associated set metadata. In one embodiment, the tool comprises a component for extracting a portion of a first media item having first metadata and for extracting a portion of a second media item having second metadata, a component for combining the first portion and the second portion to form a composite media item, and a component for analyzing the first metadata and the second metadata to extract portions of the first and second metadata to form a new set of metadata for association with the composite media item. In one embodiment, the new metadata is a data container.11-03-2011
20110271115CERTIFICATE INFORMATION STORAGE SYSTEM AND METHOD - A system and method of storing in a computer device digital certificate data from a digital certificate are provided. When a digital certificate is received at the computer device, it is determined whether the digital certificate data in the digital certificate is stored in a first memory store in the computer device. The digital certificate data is stored in the first memory store upon determining that the digital certificate data is not stored in the first memory store.11-03-2011
20130091360LIGHTWEIGHT GROUP SIGNATURE SYSTEM AND METHOD WITH SHORT SIGNATURE - A lightweight group signature system and method with short signatures according to the exemplary embodiments of the present invention can provide security characteristics similar to group signature mechanisms providing the existing known controllable linkability but can make a revocation method simple by outputting a short signature and providing excellent operation efficiency at the time of signature generation, signature verification, and revocation on smart terminals, and can be widely applied to various anonymity-based application environments, making by making operation efficiency excellent at the time of signature generation and verification and outputting very short signature lengths.04-11-2013
20130097426WATERMARKING AND SCALABILITY TECHNIQUES FOR A VIRTUAL DESKTOP PLANNING TOOL - A method for measuring performance of virtual desktop services offered by a server including a processor is described. A first encoded watermark is embedded into user interface display generated by a virtual desktop when initiating an operation. The first encoded watermark includes pixels identifying the operation and indicating its initiation. A second encoded watermark is embedded into the user interface upon completion of the operation indicating completion of the operation. An action performance time is then computed and stored in a memory. Multiple performance times may be compiled from multiple operations of multiple virtual desktops to assess the performance of the system as a whole.04-18-2013
20130124870CRYPTOGRAPHIC DOCUMENT PROCESSING IN A NETWORK - Data received over a network is processed by a server. The processing includes determining identity information corresponding to an identity associated with a document represented by document data received over an input port of the server from a sender. At the server, a private key is computed based on: a master private key, and the identity information. At the server digital information is computed based at least in part on the document data using the computed private key. The digital information is stored in a storage medium accessible to the server in association with the identify information.05-16-2013
20130124869Using Digital Certificates in Document Distribution - One embodiment of the present invention provides a system that uses digital certificates to facilitate enforcing licensing terms for applications that manipulate documents. During operation, the system obtains a credential, wherein the credential includes a private key and a digital certificate containing a corresponding public key. This digital certificate also contains a profile specifying allowed operations which can be performed on documents signed with the credential. Next, the system digitally signs a document using the credential, so that the resulting signed document is signed with the private key and includes a copy of the digital certificate with the profile specifying the allowed operations. The certificate issuer can subsequently revoke the digital certificate (which effectively revokes the license) if teens of a license agreement associated with the digital certificate are violated.05-16-2013
20130124868SYSTEM AND METHOD FOR PARTS-BASED DIGITAL RIGHTS MANAGEMENT - Various embodiments of a system and method for parts-based digital rights management are described. Various embodiments may include a digital rights management component configured to receive content comprising a plurality of portions of content. The digital rights management component may also receive a license for the encrypted content; the license may include a plurality of permissions each specific to a respective portion of the content. Additionally, each permission may specify one or more access privileges for the respective portion of the content. The digital rights management component may receive a digital signature for the entire license. The digital rights management component may validate the digital signature to determine that the permissions have not been modified. The digital rights management component may also be configured to, in response to determining that said permissions have not been modified, provide access to content in accordance with said license including said permissions.05-16-2013
20130132729METHOD AND SYSTEM FOR PROTECTING BY WATERMARKING AGAINST NON-AUTHORISED USE ORIGINAL AUDIO OR VIDEO DATA WHICH ARE TO BE PRESENTED - For protecting by watermarking against non-authorised use, e.g. non-authorised recording or copying, original audio or video data which are to be presented in a digital cinema, a sender site generates from the original signal at least two differently pre-watermarked versions for successive blocks or frames of the signal, wherein these versions are derived by applying a repeated watermark symbol value to a version and different watermark symbol values to the different versions. The pre-watermarked signal versions are encrypted and transferred e.g. as data files to a digital cinema unit in which they are decrypted. According to the values of a desired watermark information word, corresponding frames or blocks from said decrypted and pre-watermarked versions are assembled in a successive manner, so as to provide and present a watermarked version of said original audio or video signal that carries said watermark information word.05-23-2013
20130132727ENHANCED CONTENT MANAGEMENT BASED ON WATERMARK EXTRACTION RECORDS - Content screening operations are facilitated in devices that receive a content that is subject to screening obligations. When such a content is received at a device, a watermark extraction record is obtained and accessed to fulfil content screening obligations. Upon the receipt of such an extraction record, verification of the received extraction record is carried out based on a verification rate. If the verification is successful for an extraction record with permissive information, the verification rate is decreased, thereby reducing the processing load of the device. If the verification is unsuccessful, the verification rate is increased, which can adversely affect the processing load of the device.05-23-2013
20130179691SIGNATURE GENERATION APPARATUS, SIGNATURE GENERATION METHOD, AND STORAGE MEDIUM - e and n are public information and d is private information. An electronic signature is generated based on a calculated value of e×d mod n. A signature generation apparatus 07-11-2013
20130145168MASKED DIGITAL SIGNATURES - A method for creating and authenticating a digital signature is provided, including selecting a first session parameter k and generating a first short term public key derived from the session parameter k, computing a first signature component r derived from a first mathematical function using the short term public key, selecting a second session parameter t and computing a second signature component s derived from a second mathematical function using the second session parameter t and without using an inverse operation, computing a third signature component using the first and second session parameters and sending the signature components (s, r, c) as a masked digital signature to a receiver computer system. In the receiver computer system, a recovered second signature component s′ is computed by combining a third signature component with the second signature component to derive signature components (s′, r) as an unmasked digital signature.06-06-2013
20110060910DEVICE ENABLED VERIFIABLE STROKE AND IMAGE BASED WORKFLOWS - A system for device enabled verifiable stroke and image based workflows comprises a plurality of portable computing devices, coupled by a network to a stroke and image workflow server. The portable computing devices include a display, stroke capture capability and a wireless communication capability. The portable computing devices are adapted to receive images, add stroke annotations to the received images, and send the annotated received images. The stroke and image workflow server is coupled to the network for communication with the portable computing devices. The stroke and image workflow server sends and receives documents from the portable computing devices, maintains a log for verification, and implements a paper like workflow and processing the documents. Essentially, this stroke and image workflow server implements paper like workflow and handles the overhead of processing electronic documents so that it is invisible to the user.03-10-2011
20110219236METHOD AND DEVICE FOR MANAGING DIGITAL CONTENT - The invention provides a method and devices for managing digital content, the method comprising the steps of sending, by a first device (09-08-2011
20130103948POINT OF SALE (POS) PERSONAL IDENTIFICATION NUMBER (PIN) SECURITY - A key is securely injected into a POS PIN pad processor in its usual operating environment. In response to entry of a personal identification number (PIN) into a PIN pad, the processor puts the PIN into a PIN block; puts additional random data into the PIN block; and encrypts the entire PIN block using asymmetric cryptography with a public key derived from the injected key residing in the PIN pad processor. The corresponding private key may be held securely and secretly by an acquirer processor for decrypting the PIN block to retrieve the PIN. The encrypted random data defends the PIN against dictionary attacks. Time stamp data and constant data encrypted with the PIN block enables a defense of the PIN against replay attacks and tampering. The method may also include accepting the PIN from a mobile phone in communication with the processor.04-25-2013
20110238998METHOD AND APPARATUS FOR PORTABLE SELF-CONTAINED NODE COMPUTER - A portable self-contained node computer is provided. The portable self-contained node computer connects to a host computer. The host computer allows the portable node computer to access its peripheral input/output devices.09-29-2011
20120278628Digital Signature Method and System - A digital signature method, a method for initialising a digital signature scheme, a system for digitally signing a message and a computer program product are described. At least the digital signature method involves a signer having a weak security parameter. The signer retrieves a cryptographic element from each of a plurality of computing entities. Each cryptographic element is a function of a commitment supplied by the signer and the commitment includes a cryptographic function of a weak security parameter provided by the signer. A strong cryptographic security parameter is generated using a plurality of said elements. A message is then signed according to the digital signature scheme using the strong cryptographic security parameter to generate a digital signature.11-01-2012
20130151855WATERMARK EMBEDDING WORKFLOW IMPROVEMENTS - Methods, devices and computer program products facilitate embedding and extraction of watermarks into and from a host content. Embedded watermarks include an automatically generated portion that is associated with metadata. The metadata, which includes one or more identifiers of the host content, is stored at a database and can be accessible to both the watermark embedder and a watermark extractor. The automatically generated portion of the payload can be a serial number is changed for each watermark embedding session.06-13-2013
20130151856CONDITIONAL ACCESS USING EMBEDDED WATERMARKS - Methods, devices and computer program products facilitate conditional access to a content embedded with watermarks. For such a content, when copy control rules associated with an embedded watermark message prohibits unconditional access to the content, it is determined whether or not an exception to the copy control rules exists, and if an exception to the copy control rules exists, the content is conditionally accessed. Additional watermark messages can be extracted while the content is being conditionally accessed, and based on the additionally extracted watermark messages, it is verified that conditional access to the content has been fulfilled.06-13-2013
20100293383Storage device authentication - Systems and methods authenticate storage devices. In one implementation, a computer-implemented method is provided for authenticating a storage device. According to the method, a manifest that identifies a destination is receive. A transfer station reads a digital signature from the storage device. The digital signature is validated and, based on the validation of the digital signature, a transfer of one or more files from the storage device via the transfer station is authorized to the destination identified in the manifest.11-18-2010
20100299527NEAR FIELD COMMUNICATION (NFC) DEVICE AND METHOD FOR SELECTIVELY SECURING RECORDS IN A NEAR FIELD COMMUNICATION DATA EXCHANGE FORMAT (NDEF) MESSAGE - Methods for selectively securing records in a Near Field Communication Data Exchange Format (NDEF) message. A method includes placing a place marker signature record in the NDEF message. The place marker signature record is a modified signature Record Type Definition (RTD). A first set of records preceding the place marker signature record in the NDEF message is unsecured. The method also includes securing a second set of records following the place marker signature record. Another method includes placing a secured bytes field in the signature RTD. The secured byte field indicates a number of bytes of data to be secured preceding this field. The method also includes securing data in records preceding this field in the signature RTD, based on a value of the secured bytes field.11-25-2010
20100318804SCHEME OF APPLYING THE MODIFIED POLYNOMIAL-BASED HASH FUNCTION IN THE DIGITAL SIGNATURE ALGORITHM BASED ON THE DIVISION ALGORITHM - The present invention relates specifically to a modified digital signature algorithm together with a polynomial-based hash function, in which the last step of the calculation of the final hash value, the exponentiation, is omitted. Such a modification eliminates some of the potential attacks to which a basic hash function algorithm is susceptible. It further introduces several flexibilities to a digital signature scheme. For example, hashing and MAC-ing procedures omit an exponentiations step, whereby the security of data is increased as the possibility of successful attack is diminished. Furthermore, the present invention may be implemented either by way of hardware or software. It may also be capable of generating a digital signature for any set of parameters extracted from a message. Generation of a digital signature may occur without the step of a hashing or MAC-ing procedure.12-16-2010
20120284521BONDING CONTENTS ON SEPARATE STORAGE MEDIA - Local storage on player instruments provides the ability for adding further amendments and most recent supplements to the optical disc content. A problem arising with this technically applicable possibility is the protection of copyrights bound to disc and supplement data. The present invention describes a technique to ensure a security framework that is able to handle this, by creating a virtual file system (VFS) by merging optical disc data and local storage data based upon a common identifier.11-08-2012
20130185564SYSTEMS AND METHODS FOR MULTI-LAYERED AUTHENTICATION/VERIFICATION OF TRUSTED PLATFORM UPDATES - In accordance with the present disclosure, a system and method for multilayered authentication of trusted platform updates is described. The method may include storing first cryptographic data in a personality module of an information handling system, with the first cryptographic data corresponding to a verified firmware component. A second cryptographic data may also be determined, with the second cryptographic data corresponding to an unverified firmware component. The unverified firmware component may be stored in a memory element of the information handling system, and the second cryptographic data may be determined using a processor of the information handling system. The method may further include determining if the first cryptographic data matches the second cryptographic data and updating firmware in the information handling system with the unverified firmware component if the first cryptographic data matches the second cryptographic data, and the unverified firmware component includes a digital signature of a manufacturer.07-18-2013
20130159719APPARATUS AND METHOD FOR SIGNING APPLICATION - When a signature apparatus cooperating with a market server receives signature request information for an optional application from the market server to sign an application, the signature apparatus determines whether an authentication note has been issued corresponding to application identification information included in the signature request information based on the application identification information. When the authentication note has not been issued; the signature apparatus issues the authentication note using the application identification information, generates signature information for the to application using the application identification information, and signs the application including the authentication note and the signature information.06-20-2013
20130159723METHODS, APPARATUS AND SYSTEMS FOR MONITORING LOCATIONS OF DATA WITHIN A NETWORK SERVICE - In one embodiment, a data set is received at a network service element of a network service, a location record for that data set is generated, and the location record is sent to a location registry within the network service to monitored locations of that data set within a network service. The network service element is operatively coupled to a communications link. The location record is generated based on a portion of the data set and a cryptographic key associated with the network service element. The location record uniquely identifies the presence of the data set at the network service element.06-20-2013
20130159722ACTIVE SENSING FOR DYNAMIC SPECTRUM ACCESS - Various communication systems may benefit from physical layer watermarking. For example, active sensing for dynamic spectrum access may be performed using physical layer watermarking, such as watermarking based on channel effects and/or receiver distortion. A method may include, for example, obtaining an original signal to be transmitted to at least one receiver. The method may also include watermarking the original signal with at least one of authentication data or ancillary data to provide an enhanced signal. The watermarking can include a physical layer watermark. The physical layer watermark can be configured to emulate at least one a channel effect or a receiver distortion. The method can further include transmitting the enhanced signal to the at least one receiver.06-20-2013
20130159721APPARATUS AND METHOD FOR SIGNATURE VERIFICATION - A receiver comprises a security processor and a first memory that stores software code or second stage authentication key and a signature for the software or the second stage key. The receiver also stores a plurality of verification keys (PUAK). When the receiver is switched on or reset, the software or second stage key and the signature are loaded from the first memory. The security processor then loads a PUAK and uses it to verify the signature. In case of successful verification, the software code or second stage key is used and the verification method ends; it is then possible to activate CA specific functions in the receiver. However, if the verification is unsuccessful, then it is verified if there are untried PUAKs. If there are no untried signatures, then the verification has failed and the software cannot be verified; the verification method ends. If there are untried signatures, then the next PUAK is loaded.06-20-2013
20130159720MOBILE SOLUTION FOR SIGNING AND RETAINING THIRD-PARTY DOCUMENTS - Techniques for signer-initiated electronic document signing via an electronic signature service using a mobile or other client device are described. Example embodiments provide an electronic signature service (“ESS”) configured to facilitate the creation, storage, and management of documents and corresponding electronic signatures. In some embodiments, when a signer user receives an electronic signature document on a mobile device, the signer may use a client module executing on the mobile device to import the document into the ESS. Once the document is imported into the ESS, the signer can access, review, and sign the document at the ESS via the mobile device. After signing the document, the signer can use the mobile device to cause the ESS to provide the signed document to one or more recipients.06-20-2013
20130159718UPDATING SIGNATURE ALGORITHMS FOR STRONG NAME BINDING - The present invention extends to methods, systems, and computer program products for updating signature algorithms used for signing an assembly with a strong name without changing the identity of the assembly. The present invention enables an assembly that has already been given an identity (via strong name signing with an identity public/private key pair) to be resigned with a different public/private key pair without changing the original identity that was based on the identity public/private key pair. This is accomplished by including a counter signature within the assembly that links the original identity of the assembly to the new signature key pair.06-20-2013
20130159717METHOD AND APPARATUS FOR SECURE FIRMWARE DOWNLOAD USING DIAGNOSTIC LINK CONNECTOR (DLC) AND ONSTAR SYSTEM - A method for authenticating a piece of firmware to be downloaded to a controller. The method includes signing the firmware or a first part of the firmware with a first private key at a first trusted source and signing the firmware or a second part of the firmware with a second private key at a second trusted source. The method also includes validating the signed firmware or the first part of the firmware using a first public key at the controller and validating the firmware or the second part of the firmware using a second public key at the controller. The method further includes authenticating the firmware if the firmware or the first part of the firmware is validated by the first public key at the controller and the firmware or the second part of the firmware is validated by the second public key at the controller.06-20-2013
20130132728DIGITAL SIGNATURE SERVER AND USER TERMINAL - To reduce a load on a user terminal imposed when verifying signature data and at the same time reduce a load on a server, a signature key matrix KM includes a plurality of signature keys Ki-j arranged in a matrix structure of m rows and n columns, and is stored in a signature key matrix database 05-23-2013
20130185565Efficient, High Volume Digital Signature System for Medical and Business Applications - The system relates to a method for collecting signatures from pre-validated signers. In one aspect of the method, a pre-validated signer's signature is affixed to an electronic document in an appropriate location after the pre-validated signer authorizes the use of his or her signature.07-18-2013
20130185563Multiple System Images for Over-The-Air Updates - In one embodiment, a mobile device performs an over-the-air firmware update by writing the updated firmware to a inactive system image partition, and rebooting the device. The security of the OTA update is maintained through checking a plurality of security signatures in an OTA manifest, and the integrity of the data is maintained by checking a hash value of the downloaded system image.07-18-2013
20110314292POWER ANALYSIS ATTACK COUNTERMEASURE FOR THE ECDSA - Execution of the Elliptic Curve Digital Signature Algorithm (ECDSA) requires determination of a signature, which determination involves arithmetic operations. Some of the arithmetic operations employ a long term cryptographic key. It is the execution of these arithmetic operations that can make the execution of the ECDSA vulnerable to a power analysis attack. In particular, an attacker using a power analysis attack may determine the long term cryptographic key. By modifying the sequence of operations involved in the determination of the signature and the inputs to those operations, power analysis attacks may no longer be applied to determine the long term cryptographic key.12-22-2011
20110314291Digital signature program, digital signature apparatus, and digital signature method - When input data (f12-22-2011
20110314290DIGIPASS FOR WEB-FUNCTIONAL DESCRIPTION - The DigiPass for the Web provides security for internet communication greater than that achieved by the use of a static password without requiring the user to install any software or to possess or use dedicated hardware of any kind. The user merely access an appropriate website which downloads an applet to the user's browser. This is a conventional function which is handled by the browser and does not require any expertise on the part of the user. The browser relies on a password known only to the user for authenticating the user to the browser/applet. The browser/applet interacts with the server to create an authentication key which is then stored on the user's computer. The user can invoke the authentication key dependent on the user's presentation to the browser/applet of the password. Since the password is not used outside the user-browser/applet interaction it is not subject to attacks by hackers. The authentication key is also protected from attacks by encryption although the user need not memorize any information other than the password.12-22-2011
20130191642NESTED DIGITAL SIGNATURES WITH CONSTANT FILE SIZE - A system and method are provided for implementing a digital signature scheme for embedding and validating multiple nested digital signatures in digitally produced documents without modifying a file size of the digitally produced and signed documents or otherwise corrupting previously-embedded digital signatures. A number of fixed fields are included in a digitally produced document, upfront, that will be populated with multiple digital signatures. With the fixed fields in the digitally produced documents, the entire file is cryptographically “hashed” and the individual digital signatures are independently verifiable via simple cryptographic schemes. Multiple digital signatures are embedded in documents including complex file formats in a manner that does not corrupt the documents. Known cryptographic techniques such as, for example, a known hash algorithm, are applied to the digitally produced documents including the multiple sequentially input digital signatures in a process that is independently verifiable.07-25-2013
20130191641CAPTCHA (COMPLETELY AUTOMATED PUBLIC TEST TO TELL COMPUTERS AND HUMANS APART) DATA GENERATION METHODS AND RELATED DATA MANAGEMENT SYSTEMS AND COMPUTER PROGRAM PRODUCTS THEREOF - CAPTCHA (Completely Automated Public Test to tell Computers and Humans Apart) data generation methods for use in an electronic device and related management systems are provided. First, the electronic device determines a first data set according to at least one first data corresponding to an operation to be performed, wherein the first data represents sensitive data corresponding to the operation. Then, the electronic device generates a group of CAPTCHA data corresponding to the first data set according to the first data. The electronic device may be a server or a client. When the electronic device is the client, the client obtains at least one generation module from the server to determine the first data set, and generate the CAPTCHA data. In some embodiments, during a data transmission procedure, the client performs the operation with the server using the CAPTCHA data.07-25-2013
20130191646SYSTEM FOR EXCHANGING DATA BETWEEN AT LEAST ONE SENDER AND ONE RECEIVER - The invention relates to a system for exchanging data between at least one sender and one receiver, such as a central server, by means of a data transmission network of Internet type, this system comprising means for encrypting/decrypting the data exchanged. The senders and the receiver comprise generators of encryption/decryption keys, which generators are synchronized to generate new keys for message encryption/decryption with each dispatching of a new message from the sender to the receiver.07-25-2013
20130191645MANAGING SECURE CONTENT IN A CONTENT DELIVERY NETWORK - A system, method, and computer readable medium for managing secure content by CDN service providers are provided. A network storage provider stores one or more resources on behalf of a content provider. A CDN service provider obtains client computing device requests for secure content. Based on processing first signature information, the CDN service provider determines whether the secure content is available to the client computing device. If the CDN service provider does not maintain the requested content, the CDN service provider transmits a request to the network storage provider. Based on second signature information and an identifier associated with the CDN service provider, the network storage provider processes the request based policy information associated with the identifier.07-25-2013
20130191644SYSTEMS AND METHODS FOR WATERMARKING SOFTWARE AND OTHER MEDIA - Systems and methods are disclosed for embedding information in software and/or other electronic content such that the information is difficult for an unauthorized party to detect, remove, insert, forge, and/or corrupt. The embedded information can be used to protect electronic content by identifying the content's source, thus enabling unauthorized copies or derivatives to be reliably traced, and thus facilitating effective legal recourse by the content owner. Systems and methods are also disclosed for protecting, detecting, removing, and decoding information embedded in electronic content, and for using the embedded information to protect software or other media from unauthorized analysis, attack, and/or modification.07-25-2013
20130191643ESTABLISHING A CHAIN OF TRUST WITHIN A VIRTUAL MACHINE - According to an aspect of an embodiment, a method of establishing a chain of trust into a virtual machine on a hardware system is described. The method may include measuring an immutable portion of a virtual machine image configured to instantiate as the virtual machine to generate a trust anchor measurement. The method may also include storing the trust anchor measurement in a sealed memory.07-25-2013
20120030471DOWNLOAD MANAGEMENT SYSTEM - A download management system includes a server, a computer host and a storage device. The server stores an encrypted data, which is encrypted according to a certification signature. The computer host is communicatively connected to the server for executing a management program. The storage device is connected electrically to the computer host and includes the certification signature, wherein the download management execution program is capable of reading the certification signature from the storage device, downloading the encrypted data from the server, decrypings the encrypted data according to the certification signature to obtain a decrypted data, and storing the decrypted data in the storage device.02-02-2012
20120030470WIRELESS PROGRAMMING OF VEHICLE MODULES - A system and method for programming a vehicle module via a secure local area wireless connection. The method carried by the system involves establishing a wireless connection between a vehicle telematics unit and a dealership wireless node. Then, the dealership sends via the wireless node a digital certificate to the vehicle telematics unit. The vehicle uses the digital certificate to verify that the dealership is authorized to provide the vehicle with an upgrade to one or more of the vehicle's components. In response of the verification, an upgrade is performed to one or more vehicle components via the wireless communication.02-02-2012
20120042168METHOD, DEVICE, AND SYSTEM FOR ISSUING LICENSE - A system for issuing a license includes a Content Issuer (CI) configured to receive a Cooperate-RORequest from a Rights Issuer (RI). The CI encapsulates, according to the information carried in the Cooperate-RORequest, content related information by using a key of a destination entity to obtain an encapsulation key, and generates a Message Authentication Code (MAC) on part of information of a license. The CI sends the generated MAC and obtained encapsulation key to the RI, so that the RI sends the license that includes the MAC and the encapsulation key to the destination entity.02-16-2012
20120066502SYSTEMS AND METHODS FOR ENABLING TRUST IN A FEDERATED COLLABORATION - Systems and methods consistent with the present invention enable explicit and multilateral trust across a community of federated servers via a network. A trusted third party establishes a framework of policies and procedures governing a federation. Organizations joining the federation submit to an audit process of internal policies and procedures to ensure compliance with the policies and procedures of the federation. Upon successful completion of an audit, an organization may receive a digital certificate containing the digital public key of the organization and indicating approval of the trusted third party. The organization may then use the associated digital private key for signing security assertions associated with a request for resources from another federation service provider. The service provider may trust the assertion from the organization based on trust placed in trusted third party by the service provider and the trust placed in the organization by the trusted third party.03-15-2012
20120072730CONTEXT ACCESS MANAGEMENT USING WATERMARK EXTRACTION INFORMATION - Methods, devices, and computer program products facilitate the application of a content use policy based on watermarks that are embedded in a content. Watermark extraction and content screening operations, which can include the application of content usage enforcement actions, may be organized such that some or all of the operations can be conducted at different times by different devices. These operations can be conducted by one or more trusted devices that reside in a networked environment. Real-time access to a content can also be facilitated by utilizing existing watermark extraction records. To facilitate real-time access to the content, the extraction records may contain segmented authentication information that correspond to particular segments of the content that is being accessed. Additionally, or alternatively, new watermark extraction operations can be conducted in real-time to produce new watermark extraction records.03-22-2012
20120096276SYSTEM AND METHOD FOR AUTHENTICATING DOCUMENTS - A data processing system for distributing and authenticating documents from a plurality of parties to a recipient data processing apparatus is disclosed. The system comprises a plurality of document distribution devices each configured to generate an original hash value from the content of a file containing a document to be distributed. A recipient data processing apparatus is configured to generate an original super hash value from the plurality of the original hash values, and to distribute the original super hash value to each of the document distribution devices. The system provides assurance that distributed documents have not been tampered with during communication, by an unscrupulous distributing party, or by an unscrupulous recipient by only submitting a hash value of the document to be distributed. The hash value provides for assurance at the eventual recipient of the document that no changes to the document have been made.04-19-2012
20120096275SYSTEMS AND METHODS FOR AUTHENTICATING AN ELECTRONIC MESSAGE - Systems and methods are disclosed for authenticating electronic messages. A data structure is generated by a computer server which allows for the authentication of the contents and computer server identity of a received electronic message and provides a trusted stamp to authenticate when the message was sent. Data which can authenticate the message, the computer server identity, and the time the message was sent is included into a data structure which is called an Electronic PostMark (EPM).04-19-2012
20120096274AUTHENTICATED ENCRYPTION FOR DIGITAL SIGNATURES WITH MESSAGE RECOVERY - A framework is proposed for authenticated encryption for digital signatures with message recovery whereby authentication is achieved without a redundancy requirement. The Elliptic Curve Pintsov-Vanstone Signature scheme is modified through the use of authenticated encryption, thereby enabling authentication using a message authentication code. The authenticated encryption may be performed within a single function or as two separate functions. The authenticated encryption may also be applied to associated data in the message to be signed.04-19-2012
20120096273AUTHENTICATED ENCRYPTION FOR DIGITAL SIGNATURES WITH MESSAGE RECOVERY - A framework is proposed for authenticated encryption for digital signatures with message recovery whereby authentication is achieved without a redundancy requirement. The Elliptic Curve Pintsov-Vanstone Signature scheme is modified through the use of authenticated encryption, thereby enabling authentication using a message authentication code. The authenticated encryption may be performed within a single function or as two separate functions. The authenticated encryption may also be applied to associated data in the message to be signed.04-19-2012
20120096272SECURITY MODEL FOR INDUSTRIAL DEVICES - Systems and/or methods are described relating to a security model that provides interoperability with foreign security domains while remaining scalable to small embedded devices. A security token service is provided, which is configured to issue, renew, and/or validate security tokens in response to a token request. A communication protocol, corresponding message structures, and the security tokens are defined in accordance with protocol buffer definitions.04-19-2012
20130212396Methods and Systems for State Synchronization Over a Non-Reliable Network Using Signature Processing - Systems and methods for facilitating confirmation of completion of a transaction(s) for state synchronization over a non reliable network using signature processing are described. One of the methods includes receiving a read request from a first client, sending a last known signature with a context object to the first client in response to receiving the read request, and receiving an appended signature from the first client with a context object for a transaction at the first client. The appended signature includes the last known signature and an increment by the first client. The operation of receiving the appended signature occurs upon execution of the transaction at the first client. The method further includes updating the last known signature to the appended signature and sending the updated last known signature to the first client to facilitate marking of the transaction as complete resulting in a definitive state synchronization.08-15-2013
20130212397APPARATUS AND METHOD FOR INCORPORATING SIGNATURE INTO ELECTRONIC DOCUMENTS - “Embodiments relate to methods and apparatus for facilitating the protection from tampering of an electronic document to which an electronic signature is applied. In non-limiting examples, techniques may relate to the handling of document appearance data, dynamic signature biometric data, digital footprints data, pixel history data, and camera-acquired image data.”08-15-2013