Entries |
Document | Title | Date |
20080209218 | METHODS AND SYSTEMS FOR PROVIDING INDEPENDENT VERIFICATION OF INFORMATION IN A PUBLIC FORUM - A social networking site host includes, in a user's profile, information that has been attested to and verified by both the user and an independent verifier. The independent verifier is an accepted authority with direct knowledge of the information. Both the user and verifier attest to the information by digitally signing the information and including the digital signature with the information. The host or visitors to the social networking site can authenticate the information by using both digital signatures. By authenticating the information, visitors and users viewing information on the social networking site can assume that the information is trusted and accurate. | 08-28-2008 |
20080209219 | Method Of Embedding A Digital Watermark In A Useful Signal - Method of embedding a digital watermark in a useful signal, wherein a watermark bit sequence is embedded into the frequency domain of the useful signal using adaptive frequency modulation of two given frequencies by tracking amplitudes of the chosen frequencies of the original signal and modifying them according to the current bit of watermark bit sequence. | 08-28-2008 |
20080209220 | Method of Quantization-Watermarking - There is provided a method of detecting a watermark included in a signal by way of quantization index modulation (QIM). The signal with the embedded watermark may have been geometrically transformed (e.g. spatially or temporally scaled) prior to detection. In order to detect the watermark even in such case, the embedder imposes an autocorrelation structure onto the embedded watermark data, for example by tiling. Initially, the detector applies conventional QIM detection. This step yields a first symbol vector, which corresponds to the embedded data when the signal was not tampered with, but does not correspond to the embedded data when the signal was subject to scaling. For example, when one data bit is embedded in each pixel of an image, 50% upsampling of the image causes a QIM detector to retrieve | 08-28-2008 |
20080215889 | Efficient Watermark Detection - A system and a method of effectively detecting watermarks in a significant amount of data signals. The method, in overview, consists in pre-filtering the significant amount of data signals in order to eliminate from the final watermark detection the segments of the data signals which have no significant relevance to the owner of the copyrights of the watermark under investigation, and then performing the actual watermark detection over the remaining segments of data signals relevant to the investigation. The pre-filtering feature being implemented by a definition of one or more goal descriptors, extraction of one or more descriptors from the data signals and its content and a comparison between goal descriptors and extracted descriptors. | 09-04-2008 |
20080222418 | Signature Generation Device and Signature Verification Device - A signature generation apparatus capable of preventing transcript attack on signature data is provided. The signature generation apparatus performing a digital signature operation with the use of a signature key: stores the signature key; performs the digital signature operation on signature target data with the use of the signature key to generate signature data; counts the cumulative count of digital signature operations having been performed by the signature generation unit with the use of the signature key; judges whether the cumulative count has reached a predetermined count; and inhibits the use of the signature key in the digital signature operation from then onward in a case where the judgment unit determines that the cumulative count has reached the predetermined count. | 09-11-2008 |
20080222419 | Content Management of Public/Private Content, Including Use of Digital Watermarks to Access Private Content - A public version of content includes information to access a private version. The private version is typically of higher value, as it is a complete version and/or of higher audio or video quality than the public version. The public version can be shared or played without restriction, which enables the content to be promoted, yet provides an incentive for the user to access the private version. The public version can include information that enables a user to obtain software necessary to get the private version. In addition, the public version can include a digital watermark used to access the private version. | 09-11-2008 |
20080222420 | Systems and Methods for Authenticating and Protecting the Integrity of Data Streams and Other Data - Systems and methods are disclosed for enabling a recipient of a cryptographically-signed electronic communication to verify the authenticity of the communication on-the-fly using a signed chain of check values, the chain being constructed from the original content of the communication, and each check value in the chain being at least partially dependent on the signed root of the chain and a portion of the communication. Fault tolerance can be provided by including error-check values in the communication that enable a decoding device to maintain the chain's security in the face of communication errors. In one embodiment, systems and methods are provided for enabling secure quasi-random access to a content file by constructing a hierarchy of hash values from the file, the hierarchy deriving its security in a manner similar to that used by the above-described chain. The hierarchy culminates with a signed hash that can be used to verify the integrity of other hash values in the hierarchy, and these other hash values can, in turn, be used to efficiently verify the authenticity of arbitrary portions of the content file. | 09-11-2008 |
20080222421 | SIGNATURE INFORMATION PROCESSING METHOD, ITS PROGRAM AND INFORMATION PROCESSING APPARATUS - A signature information processing method using a relay apparatus which executes information processing on data containing signature information which is information concerning a signature is provided in order to prevent a signature from being invalidated. A signature information extraction unit conducts extraction processing to extract signature information from the data and store the signature information in the signature information storage unit. A message processing unit executes processing on the data. Thereafter, a signature information substitution unit conducts substitution processing to substitute signature information stored in the signature information storage unit for signature information contained in data obtained after execution of the processing. | 09-11-2008 |
20080222422 | MANAGING ELECTRONIC DOCUMENTS UTILIZING A DIGITAL SEAL - A method for storing electronic documents can include associating a digital seal with at least one electronic document. An image within a user interface can be displayed, wherein the image is a user selectable representation for the digital seal. At least one metadata attribute can be stored as a characteristic related to the digital seal. A storage characteristic of at least one electronic document can be modified based on one or more of the metadata attributes. | 09-11-2008 |
20080229109 | HUMAN-RECOGNIZABLE CRYPTOGRAPHIC KEYS - A visual authentication scheme for websites is provided that binds an image to a website so that a user can by visually authenticate whether he/she is viewing an intended/trusted website. An authentication or cryptographic key (associated with a web page) is rendered as a unique key-identifying image or unique sequence of images. This key-identifying image(s) is then displayed to the user. The user associates this key-identifying image with the originator or source of the web page so that the user can easily recognize the originator by glancing at the key-identifying image. The association between the key-identifying image and the cryptographic/authentication key (and thereby the source of the web page) can be achieved similarly to brand awareness. | 09-18-2008 |
20080229110 | FAST AUTHENTICATION OVER SLOW CHANNELS - A method of providing secure communications over a network includes receiving, at a receiving computer, a public key of a sending computer, and a hash of a sending random number over a first communication channel, transmitting, from the receiving computer, a public key of the receiving computer and a receiving random number provided by the receiving computer over the first communication channel, and receiving, at the receiving computer, the sending random number provided by the sending computer over the first communication channel. | 09-18-2008 |
20080229111 | PREVENTION OF UNAUTHORIZED FORWARDING AND AUTHENTICATION OF SIGNATURES - A forwarding signature comprises a modified digital signature, modified using a predetermined parameter between a sender and an intended recipient. An intended recipient of the forwarding signature can verify that the forwarding signature corresponds to the message, but, can neither derive the original digital signature nor generate a new forwarding signature for a different parameter. Generation and verification of the forwarding signature is accomplished with access to the public key of a public/private cryptographic key pair, the original signed message, and the predetermined parameter. Access to the private key is not needed. | 09-18-2008 |
20080244270 | SYSTEM AND METHOD FOR SIGNATURE BASED DATA CONTAINER RECOGNITION - A system and method for signature based data container recognition is provided. When a new data container, such as a lun, is created, a security appliance generates a signature of the data container, by, e.g., examining the contents of one or more data blocks of the data container. The generated signature is then associated with the appropriate encryption key for the data container and is stored either within a configuration database of the security appliance or on a key management system operating within a security appliance environment. To identify the encryption key associated with a data container, the security appliance generates a signature of the data container and compares the generated signature with the stored signatures. Should there be a matching signature, the security appliance utilizes the encryption key associated with the matching signature to process data access requests to/from the data container. | 10-02-2008 |
20080244271 | METHOD AND SYSTEM FOR AUTHENTICATION BASED ON WIRELESS IDENTIFICATION, WIRELESS IDENTIFICATION AND SERVER - The invention discloses a method and a system for authentication based on a wireless identification, and a wireless identification. The method comprises steps of: obtaining, by a mobile device, wireless tag information and connection configuration information from the wireless identification; establishing, by the mobile device, a connection with the server according to the connection configuration information, and transmitting, by the mobile device, the wireless tag information to the server; authenticating, by the server, the validity of the wireless tag information, and determining, by the server, an access right of the mobile device after the authentication is successful; generating, by the wireless identification, device signature information and forwarding it, by the mobile device, to the server; and authenticating, by the server, the validity of the device signature information, and canceling, by the server, the access right of the mobile device. The present invention provides an authentication system based on the wireless identification, wherein the server authenticates not only the wireless tag information, but also the device signature information generated by the wireless identification, thereby the system is of a higher security. | 10-02-2008 |
20080256360 | Method and apparatus for authenticating a code image upon starting a device - A device such as a mobile receiving unit ( | 10-16-2008 |
20080256361 | Watermarking of a Processing Module - The present invention relates to a method, for watermarking a processing module ( | 10-16-2008 |
20080263358 | SYSTEM AND METHOD FOR LIMITING SPYWARE ACTIVITY - A system and method of detecting and limiting unsolicited data uploads. Downloaded content such as web pages and emails are scanned for web forms and/or links. A watermark is added where appropriate and the modified downloaded content is forwarded to the person who requested the content. A check is made to determine whether information received from a user includes appropriate watermarks. If so, the watermark is removed and the information is forwarded to its destination. | 10-23-2008 |
20080263359 | Water mark embedding and extraction - A watermarking key consisting of a sequence of elements is embedded into a data sequence. Each element may take on two or more values. In order to embed a watermarking key, first a reference sequence is divided into blocks. Each element of the watermarking key is associated with a respective block of the reference sequence. A watermarked sequence is then generated by shifting the associated blocks by a degree determined by the value of the respective associated element of the watermarking key. | 10-23-2008 |
20080270798 | Anonymous Authentification Method - An authentication method based on an encryption algorithm with a secret key. According to the invention, the anonymity of the entity being authenticated is guaranteed, so that only a legitimate authentication entity may recognize the identity of the entity which is being authenticated. | 10-30-2008 |
20080276093 | SERVICE MOBILITY MANAGEMENT SYSTEM USING XML SECURITY AND THE METHOD THEREOF - A system for managing service mobility using an extensible Markup Language (XML) electronic signature. A mobility interface stops and stores the operation of a service being currently performed. Before the service is moved, a service serializer serializes service state information and converts it into an XML form which is attachable to an electronic signature. An XML security manager creates an XML electronic signature for the Manifest file of the Java ARchive (JAR) file of a service bundle, attaches the serialized service state information to the XML electronic signature, and records it. A service installer transmits the signed JAR file to an Open Service Gateway initiative (OSGi) framework that has requested that the service be moved. | 11-06-2008 |
20080276094 | COMMUNICATION TERMINAL DEVICE, SERVER APPARATUS, DATA MANAGEMENT METHOD AND RECORDING MEDIUM - A response is made to delivery data received by a communication terminal (cellular phone or the like) through a network (public network), the delivery data and the response action are traced and the delivery data during a predetermined time including the time at which the response action occurs and the data representing the response action are extracted, which is recorded as the traced data (TD). The traced data is transferred to a server device (signature server) through the network, and the data with the signature is transferred to the communication terminal and stored as the signed data. | 11-06-2008 |
20080288778 | Method for Generating and Verifying an Electronic Signature - The present invention provides a secure, efficient, simple and operator-independent method for generating an electronic signature, for execution by a processing unit in a mobile terminal. The method comprises the steps of receiving an electronic message, fetching a basic key from a memory area, inputting a credential from a user, generating a dynamic key based on the basic key and the credential, and generating an electronic signature for the message using the dynamic key. The invention further comprises a corresponding method for verifying the electronic signature, for execution by a verification server. | 11-20-2008 |
20080294900 | Authenticity Verification of Articles Using a Database - A digital signature is obtained by digitising a set of data points obtained by scanning a coherent beam over a paper, cardboard or other article, and measuring the scatter. A thumbnail digital signature is also determined by digitising an amplitude spectrum of a Fourier transform of the set of data points. A database of digital signatures and their thumbnails can thus be built up. The authenticity of an article can later be verified by re-scanning the article to determine its digital signature and thumbnail, and then searching the database for a match. Searching is done on the basis of the Fourier transform thumbnail to improve search speed. Speed is improved, since, in a pseudo-random bit sequence, any bit shift only affects the phase spectrum, and not the amplitude spectrum of a Fourier transform represented in polar coordinates. The amplitude spectrum stored in the thumbnail can therefore be matched without any knowledge of the unknown bit shift caused by registry errors between the original scan and the re-scan. | 11-27-2008 |
20080294901 | Media Storage Structures for Storing Content, Devices for Using Such Structures, Systems for Distributing Such Structures - Some embodiments of the invention provide a content-distribution system for distributing content under a variety of different basis. For instance, in some embodiments, the content-distribution system distributes device-restricted content and device-unrestricted content. Device-restricted content is content that can only be played on devices that the system associates with the particular user. Device-unrestricted content is content that can be played on any device without any restrictions. However, for at least one operation or service other than playback, device-unrestricted content has to be authenticated before this operation or service can be performed on the content. In some embodiments, the system facilitates this authentication by specifying a verification parameter for a piece of device-unrestricted content. The content-distribution system of some embodiments has a set of servers that supply (1) media storage structures that store content, (2) cryptographic keys that are needed to decrypt device-restricted content, and (3) verification parameters that are needed to verify device-unrestricted content. In some embodiments, the device that receives the media storage structure inserts the received cryptographic key or verification parameter in the received media storage structure. In some embodiments, the set of servers also supply cryptographic content keys for the device-unrestricted content. These keys are used to decrypt the content upon arrival, upon first playback, or at some other time. However, some embodiments do not store these cryptographic keys in the media storage structures for the device-unrestricted content. | 11-27-2008 |
20080294902 | METHOD AND SYSTEM FOR IMPROVING SECURITY OF THE KEY DEVICE - The present invention provides a method and a system for improving security of a key device in the information security filed. In order to solve the problem that the security performance of the key device is lower due to the possible tamper of the data needed for encryption and signature in prior art, the present invention provides the method, including steps in which the key device is connected to a computer, then is used to receive the data input by the user through a computer and display the same after a user makes a successful authentication; and to make digital signature or encryption of the data input after the user confirms the content displayed. The above-mentioned system comprises an authentication module, a data receiving module, a display module, a confirmation information receiving module, and a key module. The present invention makes relative display on the key device according to the data input by the user, and provides an input device or generates a random authentication code for confirmation and therefore prevents invalid digital signature or encryption, and improves the security of the key device greatly. | 11-27-2008 |
20080294903 | AUTHENTICITY ASSURANCE SYSTEM FOR SPREADSHEET DATA - A method is provided for applying a redactable signature method capable of verification even after deletion (blacking-out) of a part of a signed electronic document to spreadsheet data. | 11-27-2008 |
20080301447 | SECURE OFFLINE ACTIVATION PROCESS FOR LICENSED SOFTWARE APPLICATION PROGRAMS - A computer readable medium for activating a software application for execution on a designated computer, where the computer readable medium has stored thereon computer executable instructions for performing the following steps: computing an installation identifier reflective of the software application and the designated computer; receiving an activation code generated in accordance with the installation identifier and a blinding factor value; computing a first verification code as a function of the installation identifier; computing a trial blinding factor value; computing a decryption key as a function of the trial blinding factor value and the activation code; using the decryption key to decrypt a second verification code; verifying that the first verification code matches the second verification code; and, activating the software application for execution on the designated computer. | 12-04-2008 |
20080301448 | Security Against Corruption for Networked Storage - Systems and methods for security against corruption for networked storage are described. In one aspect, a destination device receives a linear combination of packets. The linear combination of packets represents digitally signed blocks of content and public information used to digitally sign segmented blocks of content. The destination device recombines the linear combination of packets to compute new valid signatures as linear combinations of received homomorphic digital signatures. The new valid signatures are for verifying by a requesting computing device recovering data associated with at least a subset of the linear combination of packets, integrity of the at least a subset. This provides the requesting node with security against corruption of data in networked storage. | 12-04-2008 |
20080301449 | Signature Apparatus, Verifying Apparatus, Proving Apparatus, Encrypting Apparatus, and Decrypting Apparatus - Provided are a signature apparatus, a verifying apparatus, a proving apparatus, an encrypting apparatus, and a decrypting apparatus capable of efficiently reducing a signature text counterfeit problem to a discrete logarithm problem. The commitment is a hash value of a set of a value to be committed. Data including a pair of elements of a cyclic group associated with a discrete logarithm problem is used as a public key, and a discrete logarithm of an order of the pair is used as a secret key. Accordingly, it is possible to summarize secret information of an attacker from the commitment without rewinding the attacker and to ensure a higher safety than that of a Schnorr signature scheme. In addition, one-time power residue calculation is performed in each of the signature and verification calculations, so that it is possible to lower an amount of calculation in the signature and verification calculations. | 12-04-2008 |
20080301450 | Modular signature verification architecture - It is difficult to provide a mechanism that is able to verify electronic signatures of different types in a simple and cost-effective manner. This is achieved by using a signature verification engine with an interface enabling signature modules to be removably plugged in. Each signature module has information about a particular signature type and functionality for verifying signatures of that type. The signature verification engine receives requests to verify signatures. It identifies a suitable signature module and works with that module to verify the signature. An enterprise who acquires equipment incorporating the signature verification engine is able to plug in its own signature module giving versatility whilst retaining security. | 12-04-2008 |
20080301451 | Verifying authenticity of an attribute value signature - A method and apparatus for verifying authenticity of a digital signature for an attribute value. In one embodiment, the method includes receiving a message including an attribute value of an attribute from a Lightweight Directory Access Protocol (LDAP) repository entry and a digital signature, and verifying that the digital signature authenticates the attribute value. | 12-04-2008 |
20080301452 | Systems and Methods for Watermarking Software and Other Media - Systems and methods are disclosed for embedding information in software and/or other electronic content such that the information is difficult for an unauthorized party to detect, remove, insert, forge, and/or corrupt. The embedded information can be used to protect electronic content by identifying the content's source, thus enabling unauthorized copies or derivatives to be reliably traced, and thus facilitating effective legal recourse by the content owner. Systems and methods are also disclosed for protecting, detecting, removing, and decoding information embedded in electronic content, and for using the embedded information to protect software or other media from unauthorized analysis, attack, and/or modification. | 12-04-2008 |
20080301453 | OFFICE MACHINE HAVING IDENTIFICATION UNIT AND DOCUMENT MANAGEMENT SYSTEM INCLUDING SUCH OFFICE MACHINE - The present invention relates to an office machine having an identity verification unit and a document management system including such an office machine. The office machine includes a processor and an identity verification unit. The processor is used for controlling operations of the office machine. The identity verification unit is included in the processor for verifying identity information of a user when an electronic document sent from the user is received by the office machine. The electronic document is verified according to an asymmetric cryptosystem, thereby ensuring security and user authenticity of the electronic document. | 12-04-2008 |
20080301454 | Information Management System - An information management system is described comprising one or more workstations running applications which allow a user of the workstation to connect to a network, such as the Internet. Each application has an analyzer, which monitors transmission data that the application is about to transmit to the network or has just received from the network, and which determines an appropriate action to take regarding that data. The analyzer may consult policy data containing a supervisor-defined policy to govern the workstations in order to determine what action to take. Such actions may be extracting data from the transmission data, such as passwords and usernames, digital certificates or eCommerce transaction details for storage and record keeping; ensuring that the transmission data is transmitted at an encryption strength appropriate to the contents of the transmission data; determining whether a check needs to be made as to whether a digital certificate received in transmission is valid; determining whether a transaction about to be made by a user of one of the workstations needs third party approval before it is made; and controlling the transmission of messages, such as e-mails according to a policy. | 12-04-2008 |
20080301455 | Authentication System And Authentication Object Device - To provide an authentication system for improving security, using fewer encryption keys. An authentication requesting device ( | 12-04-2008 |
20080301456 | Efficient Secure Forensic Watermarking - The invention relates to a watermark generation method for generating watermarks to be embedded in digital media, where said watermark is generated by combining at least two watermark patterns from a set of watermark patterns. The set of watermark patterns are divided into at least two subsets of watermark patterns, and the subsets are hierarchically related and the watermark patterns in said watermark are directly related watermark patterns. Directly related means that the watermark patterns are related like parent and child in a hierarchical structure e.g. a tree structure. Further, the invention relates to an apparatus adapted to generate watermarks to be embedded in media. | 12-04-2008 |
20080307227 | Digital-Invisible-Ink Data Hiding Schemes - A novel steganographic approach analogous to the real-world secret communication mechanism, in which messages to be concealed are written on white papers using invisible ink like lemon juice or milk and are revealed only after the papers are heated, is proposed. Carefully designed informed-embedders now play the role of “invisible ink”; some pre-negotiated attacks that can be provided by common content processing tools correspond to required “heating” process. Theoretic models and feasible implementations of the proposed digital-invisible-ink (DII) watermarking approach are provided. The proposed DII watermarking schemes can prevent the supervisor from interpreting secret messages even the watermark extractor, decryption tool, as well as session keys are available to the supervisor. Furthermore, under certain steganographic application scenarios, secret communication systems employing the DII watermarking schemes can aggressively mislead the channel supervisor with fake payloads and transmit genuine secrets at the same time. | 12-11-2008 |
20080307228 | WEDI: AN ENCRYPTION-BASED METHOD AND SYSTEM FOR THE IDENTIFICATION AND PROTECTION OF PRINTED DOCUMENTS OR THOSE BEING TRANSMITTED BY ELECTRONIC MEANS - WEDI it is both a method and a system that uses symmetric and asymmetric encryption algorithms which makes feasible the identification of printed documents or those being transmitted by electronic means, and allows to hold responsible any person who discloses the information they contain in an illegal way or without authorization. WEDI is the acronym for “Watermark Encryption Document Identification”. It is both a method and a system that makes feasible the identification of printed documents and the information they carry upon being distributed by electronic means through the generation and printing of a cryptographic key in a watermark format, which is generated by the use of symmetric and asymmetric encryption algorithms and Hashing's function based on various data related to documents, devices, and persons involved in the process. This makes possible the identification of the aforesaid documents concerning their origin, recipient, date and time of generation and dispatch, user's responsibility, and other information pertaining such documents through the analysis of just a portion of them that contains fragments of the cryptographic key in the form of a printed watermark, which is the ultimate goal of the invention now being presented. | 12-11-2008 |
20080307229 | Method And Apparatus For Certificate Roll-Over - A method and an electronic apparatus for rolling over from a first to second trusted certificate in the electronic apparatus. Information containing identification data for identifying the second trusted certificate is acquired in the electronic apparatus. Also, the second trusted certificate, which is preinstalled in the electronic apparatus, is activated based on said identification data. | 12-11-2008 |
20080307230 | CONTROL DEVICE, UPDATE METHOD AND CONTROL SOFTWARE - To update the program, the file is updated by verifying according to a digital signature attached to the file having the program converted whether the file is not dishonestly falsified. To verify the digital signature, a time for verifying the signature can be shortened by verifying not the entire file but only a particularly important part, and an area for temporarily storing the file can be made small. Thus, the control can be performed to update only when the file is valid. | 12-11-2008 |
20080307231 | Secure Handling of Stored-Value Data Objects - An approach to managing stored-value data objects, such as electronic tickets, comprises secure systems and procedures for ticket issuing, storage, and redemption. With these systems and procedures in place, stored-value data objects may be securely transferred to remote systems, such as a user's personal electronic device, for subsequent secure redemption, thus allowing the user to gain access to the desired goods or service upon redeeming the data object. Techniques provide secure delivery of the requested data object to the requesting device, and provide secure redemption and disposal of the data object. Ticket issuing systems may be Internet-accessible systems, and users may purchase and redeem tickets using mobile terminals or other devices adapted for wireless communication. Standardized WPKI and Internet access procedures may be employed in ticket issuance and redemption. Techniques further provide temporary and rapid verification data objects useful where rapid ticket verification is essential, such as mass transit systems. | 12-11-2008 |
20080313465 | SIGNATURE SCHEMES USING BILINEAR MAPPINGS - Methods and systems are provided for generating and verifying signatures of digital messages communicated between signers and verifiers. Using bilinear mappings, such as Weil or Tate pairings, these methods and systems enable generation and verification of efficient multisignatures, identity-based ring signatures, hierarchical proxy signatures, and hierarchical online/offline signatures. | 12-18-2008 |
20080313466 | METHOD AND APPARATUS FOR DIGITALLY SIGNING ELECTRONIC MAIL THAT ORIGINATES FROM A BROWSER - One embodiment of the present invention provides a system for digitally signing electronic mail that originates from a browser. The system operates by first receiving a message from a browser at a mail server. The mail server formats the message and returns the formatted message to the browser so that the browser can sign the message. The mail server then receives the signature for the formatted message from the browser and encapsulates the formatted message and the signature into a secure message. Next, the mail server forwards the secure message to the intended recipients for the message. | 12-18-2008 |
20080313467 | Authentication Processor Using a Signature Encoded in a Number of Data Portions - A method of authenticating an object using a processor, the object being associated with a surface having disposed thereon or therein coded data having a number of coded data portions, each coded data portion encoding: an identity of the object; and, a fragment of a signature, the signature being a digital signature of at least part of the identity. The method including, in the processor: receiving from a sensing device, indicating data, the indicating data being generated in response to sensing of a plurality of coded data portions, the indicating data being indicative of: the identity of the object; and, a plurality of signature fragments; determining, from the indicating data, a received identity and a plurality of received signature fragments; determining, using the plurality of signature fragments and a secret key, a determined identity; comparing the determined identity to the received identity; and, authenticating the object using the results of the comparison. | 12-18-2008 |
20080320309 | METHOD OF AUTHENTICATING PRINT MEDIUM USING PRINTING MOBILE DEVICE - A method of using a mobile device to authenticate a print medium offline before completing printing onto the print medium, the mobile device including processing means, a printhead and a sensor, the print medium comprising a laminar substrate, the method comprising the steps of: using the sensor to sense coded data provided on a surface of the substrate; using the processing means: determining, from the sensed coded data: an identity of the print medium; and at least part of a signature, the signature being a digital signature of at least part of the identity; determining, using the at least part of the signature, a determined signature; generating, using the determined signature and a public key stored in the mobile device, a generated identity; comparing the identity to the generated identity; and authenticating the print medium using the results of the comparison; and in the event the authentication step is successful, using the printhead to print onto the print medium. | 12-25-2008 |
20090006852 | Method and Apparatus for Securing Unlock Password Generation and Distribution - A process may be utilized for securing unlock password generation and distribution. A first set of exclusive responsibilities, assigned to a trusted authority, includes random generation and encryption of an unlock password to compose a randomly generated encrypted unlock password. Further, a second set of exclusive responsibilities, assigned to a security agent, includes sending information associated with the unlock password and a digital signature of information associated with the unlock password to a communication device configured for a network in order to mate the unlock password to the communication device, and sending the randomly generated and encrypted unlock password along with mating data to a password processing center. In addition, a third set of exclusive responsibilities, assigned to a password processing center, includes decrypting the randomly generated and encrypted unlock password. | 01-01-2009 |
20090006853 | Security protocols for hybrid peer-to-peer file sharing networks - In a hybrid peer-to-peer file sharing network including a receiver peer and a provider peer, the receiver sends the provider a ticket [ | 01-01-2009 |
20090013188 | Search for a Watermark in a Data Signal - The invention relates to a method of searching for a watermark in a data signal, and to a watermark detector, such as a copy-control watermark detector. The search is conducted in order to find a watermark in content which possibly has been attacked and/or altered. The search is conducted by the steps of determining or setting a search space for the data signal, selecting a subspace of the search space, and searching for the presence of the watermark in the subspace. The subspace may be selected from a multitude of regions, the selection e.g. being based on a deterministic or probabilistic function. | 01-08-2009 |
20090013189 | Method and devices for video processing rights enforcement - A system for protection against unauthorized modifications of digital content, in particular image content, in which a content processing system retrieves content, a fingerprint for the content and at least one modification limit expressing authorized modifications to the content. The content may then be modified, but before saving or exportation is allowed, a second fingerprint is calculated, and the difference between the fingerprints is compared with the at least one modification limit. If the difference is within the allowed bounds, then saving or exportation is allowed; if not, it is prevented. Also provided are a method and a content consumer device performing essentially the same steps before allowing rendering of the content. | 01-08-2009 |
20090019286 | Watermark Detection - A detector ( | 01-15-2009 |
20090019287 | CONTENTS SERVER, CONTENTS RECEIVING APPARATUS AND NETWORK SYSTEM FOR ADDING INFORMATION TO DIGITAL CONTENTS - Method and system for embedding a unique and different digital watermark in digital contents for each access without increasing the overhear or load at the contents server. The contents server has a digital watermark-embedded contents storage unit for storing a plurality of digital contents where a different digital watermark is embedded, and a fingerprint performing unit for, adding to the digital contents the information specified using a bit row that is formed by a digital watermark being embedded for each part of the digital contents. | 01-15-2009 |
20090024851 | SYSTEMS AND METHODS FOR MUTUALLY AUTHENTICATED TRANSACTION COORDINATION MESSAGES OVER INSECURE CONNECTIONS - Systems and methods are provided that enable authentication of transaction coordination messages sent via insecure connections. Also provided are systems and methods for controlling transaction coordination and recovery. In many embodiments, there is an exchange between a coordinator and a sub-coordinator, such that the coordinator provides the sub-coordinator with a coordinator token, and the sub-coordinator provides the coordinator with a sub-coordinator token. The coordinator and sub-coordinator tokens are used to authenticate transaction coordination messages sent over one or more insecure connections between the coordinator and the sub-coordinator. | 01-22-2009 |
20090031132 | Apparatus And Method For Incorporating Signature Into Electronic Documents - There is presented a method and apparatus for incorporating digital signature to within a document for paper-less office. The method comprises generating the document to be signed on a computer and transferring it and displaying it on a device for incorporating digital signature wherein the device comprises a screen, signature means such as electronic pen or fingerprint capturing device, and et least one smart card reader. Then, the document is being digitally signed. The digitally signed document is being encrypted and transferred to the computer so as to prevent restoration of the digital signature. From the customer side, the procedure is based on “what you see is what you sign”. | 01-29-2009 |
20090031133 | METHOD AND SYSTEM FOR SCREENING AND AUTHORIZING CONTENT - Apparatus and method are disclosed for preventing the use of disapproved received electronic content on a Mobile Station. The apparatus and method may include modules for extracting and comparing fingerprints of the received content on the Mobile Station to fingerprints of disapproved content, and for the activation of an authorization process based on the results of the comparison, as well as on the decisions of the user whether to purchase authorization when it is required. A cryptography-based check-in procedure is introduced to assure that all content has passed the verification phase. | 01-29-2009 |
20090031134 | Digital watermarking with variable orientation and protocols - A method of digital watermarking selects a mapping of a digital watermark to audio or video content and an embedding gain to produce uniquely watermarked copies for distribution. The embedding method is implemented at points of distribution, including content servers or receivers. By applying varying mapping protocols and random gain, the digital watermark uniquely serializes copies. It also has a structure and embedding configuration that minimizes the effectiveness of collusion, averaging and over-embedding attacks. | 01-29-2009 |
20090031135 | Tamper Proof Seal For An Electronic Document - A method of generating a tamper proof seal | 01-29-2009 |
20090031136 | HASH-BASED SYSTEMS AND METHODS FOR DETECTING AND PREVENTING TRANSMISSION OF UNWANTED E-MAIL | 01-29-2009 |
20090037739 | METHOD FOR IDENTIFYING A COUNTERFEIT SECURITY DOCUMENT - A method of determining a counterfeit security document which includes a number of coded data portions indicative of an identity of the security document; and at least part of a digital signature of at least part of the identity. The method includes using a sensing device to sense at least one coded data portion and generate indicating data. The indicating data is used by a processor to obtain a determined identity and at least one determined signature part, which are then used to determine if the security document is a counterfeit document. | 02-05-2009 |
20090037740 | Optimization methods for the insertion, protection, and detection of digital watermarks in digital data - Disclosed herein are methods and systems for encoding digital watermarks into content signals. Also disclosed are systems and methods for detecting and/or verifying digital watermarks in content signals. According to one embodiment, a system for encoding of digital watermark information includes: a window identifier for identifying a sample window in the signal; an interval calculator for determining a quantization interval of the sample window; and a sampler for normalizing the sample window to provide normalized samples. According to another embodiment, a system for pre-analyzing a digital signal for encoding at least one digital watermark using a digital filter is disclosed. According to another embodiment, a method for pre-analyzing a digital signal for encoding digital watermarks comprises: (1) providing a digital signal; (2) providing a digital filter to be applied to the digital signal; and (3) identifying an area of the digital signal that will be affected by the digital filter based on at least one measurable difference between the digital signal and a counterpart of the digital signal selected from the group consisting of the digital signal as transmitted, the digital signal as stored in a medium, and the digital signal as played backed. According to another embodiment, a method for encoding a watermark in a content signal includes the steps of (1) splitting a watermark bit stream; and (2) encoding at least half of the watermark bit stream in the content signal using inverted instances of the watermark bit stream. Other methods and systems for encoding/decoding digital watermarks are also disclosed. | 02-05-2009 |
20090044016 | PROTECTING A DSP ALGORITHM - A software implementation of a digital signal processing function is protected by selecting a subset of parameters ( | 02-12-2009 |
20090044017 | SIGNATURE AND VERIFYING METHOD, AND SIGNATURE AND VERIFYING DEVICE - An RSA signature method is provided in which the length of a signature does not depend on the number of signature devices when multiple signature devices are related to the creation of the signature. A signature device i_{m} includes first conversion means SS | 02-12-2009 |
20090044018 | Section Inclusion and Section Order Authentication Method for Computer Electronic Documents - This invention creates an electronic “document authentication chain” providing authentication capability of certain document characteristics. Certain operational scenarios require that a primary or third party can prove the section inclusion and section “inclusion order” of document entries. A minimally intrusive and chained watermarking technique is invented facilitating the authentication of these document characteristics using asymmetric or symmetric key digital signatures. | 02-12-2009 |
20090044019 | SYSTEM AND METHOD FOR DIGITALLY SIGNING ELECTRONIC DOCUMENTS - A system for digitally signing electronic documents is disclosed. The system includes a mobile device, an application server and a database, the mobile device includes a requesting module and a digest encrypting module, the application server includes an obtaining module, a digest generating module and a merging module. The requesting module is configured for sending a request for a digital signature of an electronic document to the application server; the obtaining module is configured for obtaining the electronic document from the database; the digest generating module is configured for generating a digest of the electronic document, and sending the digest to the mobile device; the digest encrypting module is configured for encrypting the digest, generating an encrypted value, and sending the encrypted value to the application server; the merging module is configured for merging the encrypted value and the electronic document. A related computer-based method is also disclosed. | 02-12-2009 |
20090044020 | Method and System for Modular Authentication and Session Management - Modular authentication and session management involves the use of discrete modules to perform specific tasks in a networked computing environment. There may be a separate authentication server that verifies the identity of the user and an authorization client that grants various levels of access to users. There may also be an authentication client that receives an initial request from a requesting application and forwards the request to the authentication server to verify the identity of the use. The authorization client may then be invoked to provide the necessary level of access. The use of discrete modules allows multiple business applications to use the same modules to perform user authentication tasks, thus alleviating the unnecessary multiplication of code. | 02-12-2009 |
20090049298 | System for remote electronic notarization and signatory verification and authentication/ interface/ interlinked with an advanced steganographic cryptographic protocol - A method for remote electronic verification and authentication and screening of potential signatories for remote electronic notary transactions via remote pc encrypted platform to a broadband digitally or WIFI cellular/PDA device or portable pc device. The system implements the following electronic components, but not limited to, electronic signature device, digital certificates, electronic document, electronic biometric devices, electronic audio/visual software/hardware, and electronic payment systems and devices, all electronically synchronized to afford capable notary publics in executing remote electronic notary transactions via a satellite kiosk network or on-line virtual kiosk application. | 02-19-2009 |
20090049299 | Data Integrity and Non-Repudiation System - A system is disclosed for establishing data integrity and non-repudiation without hashing and without performing a bit to bit comparison of the message. The system includes necessary hardware and/or software to generate a random symmetric key for use with a symmetric encryption algorithm; generate a random sequence having a plurality of elements; separate a message into a plurality of blocks, wherein each block has a size less than or equal to the block size of the symmetric algorithm less the size of a digital signature of one of the plurality of elements; generate a signature for each of the plurality of elements; encrypt a concatenation of each of the plurality of blocks of the message with a corresponding signature, the encryption being performed using the symmetric encryption algorithm and the random symmetric key; and communicating the encrypted concatenation from the gaming server to a gaming device. | 02-19-2009 |
20090049300 | Method and system for user attestation-signatures with attributes - The present invention discloses a method for generating and verifying a user attestation-signature value (DAA′) and issuing an attestation value (cert) for the generation of the user attestation-signature value (DAA′). Further, the invention is related to a system for using a user attestation-signature value (DAA′) that corresponds to at least one attribute (A, B, C, D), each with an attribute value (w, x, y, z), none, one or more of the attribute values (x, y) remaining anonymous for transactions, the system comprising: a user device ( | 02-19-2009 |
20090049301 | Method of Providing Assured Transactions by Watermarked File Display Verification - Electronic transactions employing prior art approaches of digital certificates and authentification are subject to attacks resulting in fraudulent transactions and abuse of identity information. Disclosed is a method of improving electronic security by establishing a secure trusted path between a user and an institution seeking an electronic signature to verify a transaction before any request for signature and completing electronic transaction activities occurs. The secure trusted path providing the user with a predetermined portion of the request from the institution for a signature upon a personalized device that cannot be intercepted or manipulated by malware to verify that the request as displayed upon the user's primary computing device is valid. | 02-19-2009 |
20090049302 | System And Method For Processing Conent For Later Insertion Of Digital Watermark And Other Data - A method and system for processing content are described including generating a dummy value, inserting the dummy value into encoded content, selecting a position in the encoded content where the dummy value in the encoded content is to be replaced by a real value, generating the real value and replacing the dummy value with the real value in the encoded content. | 02-19-2009 |
20090049303 | METHOD AND SYSTEM FOR DATA DELIVERY AND REPRODUCTION - Methods and apparatus for processing title data watermarked with a code. At least a portion of the title data may be watermarked at a plurality of locations within the title data with customer information data, so that the title data provided to a customer includes the watermark information. To obtain the code from the watermarked title data, watermarking information associated with the watermarked title data is first received. The watermarking information identifies a plurality of locations and a number to frequency modulation relationship at each of the locations. A different modulation scheme may be used at each location. The watermarked title data is demodulated at each of the plurality of placement locations based on the number to frequency modulation relationship. The code is then generated from the demodulated watermarked title data. A verification indication is output based in part on the generated code. | 02-19-2009 |
20090049304 | DIGITAL WATERMARK EMBEDDING APPARATUS AND METHOD, AND DIGITAL WATERMARK ANALYSIS APPARATUS, METHOD AND PROGRAM - A digital watermark embedding apparatus comprises below units. A first generation unit generates a plurality of symbol sequences each of which includes a plurality of symbols including ranks, each of the ranks being uniquely numbered among each of the symbol sequences, each of the symbol sequences uniquely corresponding to each of a plurality of identification information items to be embedded as digital watermark information into each of copies of digital contents. A second generation generates a plurality of to-be-embedded codes corresponding to each of the symbols in each of the symbol sequences. An embedding unit embeds the to-be-embedded codes in each of the copies. | 02-19-2009 |
20090055650 | CONTENT PLAYBACK DEVICE, CONTENT PLAYBACK METHOD, CONTENT PLAYBACK PROGRAM, AND INTEGRATED CIRCUIT - When a plurality of types of copyright information are detected on a disk or the like, a content playback device and method can appropriately control playback of content in accordance with the copyright information. As the content playback device, a digital watermark detection device attempts to detect watermark information in blocks that make up the content, and a result storage subunit ( | 02-26-2009 |
20090055651 | AUTHENTICATED MEDIA COMMUNICATION SYSTEM AND APPROACH - Media authentication is facilitated. In connection with an example embodiment, media is authenticated using an encoded projection of the media that is decoded using the media as an input. A condition of authenticity of the media is determined based upon an indication of distortion of the media characterized by a decoding of the encoded projection. | 02-26-2009 |
20090055652 | SYSTEM AND METHOD FOR SECURING ONLINE CHAT CONVERSATIONS - A system, method and program product for securing online chat conversations. The disclosed method includes the steps of capturing a chat conversation into an image file; adding a watermark to the image file; extracting the watermark from the watermarked image file; and validating the watermark. | 02-26-2009 |
20090063864 | CRYPTOGRAPHIC AUTHENTICATION WITH EPHEMERAL MODULES - A method enabling a personal computer to be authenticated by a server is provided. The method comprises the step, which includes for the user in launching the execution of a log-on procedure software, introducing personal identifiers providing access to a signature private key for long-term use relative to the duration of the session. The log-on procedure software produces: identification data of the session Id, a public ephemeral module, a public exponent and at least a pair of ephemeral pubic numbers and ephemeral private numbers related by a generic equation of the type: G=Q | 03-05-2009 |
20090070587 | Advanced Watermarking System and Method - A method, computer program product, and computing device for obtaining an uncompressed digital media data file. One or more default watermarks is inserted into the uncompressed digital media data file to form a watermarked uncompressed digital media data file. The watermarked uncompressed digital media data file is compressed to form a first watermarked compressed digital media data file. The first watermarked compressed media data file is stored on a storage device. The first watermarked compressed media data file is retrieved from the storage device. The first watermarked compressed digital media data file is modified to associate the first watermarked compressed digital media data file with a transaction identifier to form a second watermarked compressed digital media data file. | 03-12-2009 |
20090070588 | RENEWABLE WATERMARK FOR THEATRICAL CONTENT - The present invention relates to a method for a content provider of renewing the watermarking of theatrical content and for updating consumer devices to detect said renewed watermark, wherein a watermark is embedded in said theatrical content using at least a first watermark noise pattern. Renewing is performed by said content provider distributing at least a second watermark noise pattern, which is used for embedding and detecting said watermark in said theatrical content, to said consumer devices using a broadcast encryption technology. The invention further relates to a content provider system adapted to be used for renewing the watermarking of theatrical content and for updating consumer devices to detect said renewed watermark. | 03-12-2009 |
20090077385 | Authenticating An Object - A method of authenticating an object is disclosed. The method starts by receiving indicating data. The indicating data was generated in response to sensing of a coded data portion provided on or in a surface associated with the object. The indicating data is indicative of an identity, a position of the coded data portion, and a fragment of a signature. The signature is a digital signature of at least the identity, and comprises a plurality of signature fragments. The method then proceeds by determining from the indicating data, a received identity, a received signature fragment and the position of the coded data portion. Using the position, a received signature fragment identifier is then determined. Next, using the received identity, a determined signature is determined. A determined signature fragment is also determined using the determined signature and the received signature fragment identifier. Finally, the determined signature fragment is compared to the received signature fragment, and the object is authenticated using the result of the comparison. | 03-19-2009 |
20090077386 | NOTARY ENFORCEMENT - FRAUD PREVENTION - A system for electronically signing a document and verifying the signor's identity includes a computer having a processor, an input device, and a memory. A biometric scanner is in electronic communication with the computer for scanning at least one biometric feature of a signor. An instruction set is stored within the memory for execution by the processor wherein execution of at least a portion of the instruction set operates to create an electronic signature and integrates at least one biometric characteristic of the biometric feature within the electronic signature. | 03-19-2009 |
20090083543 | Broadband certified mail - The present invention provides a system and method for providing certified voice and/or multimedia mail messages in a broadband signed communication system which uses packetized digital information. Cryptography is used to authenticate a message that has been compiled from streaming voice or multimedia packets. A certificate of the originator's identity and electronic signature authenticates the message. A broadband communication system user may be provisioned for certified voice and/or multimedia mail by registering with a certified mail service provider and thereby receiving certification. The called system user's CPE electronically signs the bits in received communication packets and returns the message with an electronic signature of the called system user to the calling party, along with the system user's certificate obtained from the service provider/ certifying authority during registration. The electronic signature is a cryptographic key of the called party. | 03-26-2009 |
20090089584 | SYSTEMS, DEVICES, AND METHODS FOR OUTPUTTING ALERTS TO INDICATE THE USE OF A WEAK HASH FUNCTION - Systems, devices, and methods for outputting an alert on a mobile device to indicate the use of a weak hash function are disclosed herein. In one example embodiment, the method comprises receiving data (e.g. from a server) that identifies at least one first hash function, identifying a hash digest generated using a second hash function, determining if the second hash function is weak using the received data, and outputting an alert indicating that the second hash function is weak if it is determined that the second hash function is weak. | 04-02-2009 |
20090089585 | DIGITAL WATERMARK EMBEDDING APPARATUS AND DIGITAL WATERMARK DETECTING APPARATUS - A digital watermark embedding apparatus includes: an extractor configured to extract a specific frequency component from each of N kinds of scaled images about an input image signal to generate N kinds of extracted signals; a generator configured to compress the amplitude of the respective extracted signals on the basis of N kinds of to-be-embedded information corresponding to the N kinds of extracted signals to generate watermark image signals by shifting the predetermined phases; and a superimposer configured to add the N kinds of watermark image signals to the input image signal to generate an output image signal. | 04-02-2009 |
20090089586 | Methods, Apparatus and Programs for Generating and Utilizing Content Signatures - The presently claimed invention generally relates to deriving and/or utilizing content signatures (e.g., so-called “fingerprints”). One claim recites a method of generating a fingerprint associated with a content item including: pseudo-randomly selecting a segment of the content item; and utilizing a processor or electronic processing circuitry, fingerprinting the selected segment of content item as at least an identifier of the content item. Of course, other claims and combination are provided as well. | 04-02-2009 |
20090089587 | Methods, Apparatus and Programs for Generating and Utilizing Content Signatures - The presently claimed invention generally relates to deriving and/or utilizing content signatures (e.g., so-called “fingerprints”). One claim recites a method comprising: obtaining a sequence of content identifiers, the sequence of content identifiers corresponding to one or more segments of a media signal; and utilizing at least a processor or electronic processing circuitry, carrying out a convolution operation based on the sequence of content identifiers and content signatures housed or stored in a database to identify the media signal. Of course, other claims and combination are provided as well. | 04-02-2009 |
20090100267 | Signatures with confidential message recovery - A portion of the signed message in an ECPVS is kept truly confidential by dividing the message being signed into at least three parts, wherein one portion is visible, another portion is recoverable by any entity and carries the necessary redundancy for verification, and at least one additional portion is kept confidential. The additional portion is kept confidential by encrypting such portion using a key generated from information specific to that verifying entity. In this way, any entity with access to the signer's public key can verify the signature by checking for a specific characteristic, such as a certain amount of redundancy in the one recovered portion, but cannot recover the confidential portion, only the specific entity can do so. Message recovery is also provided in an elliptic curve signature using a modification of the well analyzed ECDSA signing equation instead of, e.g. the Schnorr equation used in traditional PV signature schemes. | 04-16-2009 |
20090106554 | E-MAIL RELAY APPARATUS AND E-MAIL RELAY METHOD - An e-mail relay apparatus notifies a user of which e-mail could not be transmitted if a transmission error has occurred, without consuming a memory capacity. When an e-mail transmission instruction is received and after header information of the received e-mail is stored, a digital signature is added to the e-mail, and the e-mail text is encrypted. Then, after the digital signature is added, the encrypted e-mail is stored, and after the original e-mail is deleted, the transmission of the e-mail is started. If an error has occurred during the e-mail transmission and the transmission has failed, an error-notifying mail addressed to a transmission source is generated. After a header file of the e-mail is attached to the error-notifying mail, the error-notifying mail to which the header file is attached is stored in a mail box for the user of the transmission source. | 04-23-2009 |
20090106555 | System and Method For Control Of Security Configurations - Systems and methods are disclosed for using cryptographic techniques to configure data processing systems. A configuration manager cryptographically controls the configuration of a system by ensuring that only authorized users or applications can change the configuration. For example, requests to change configuration information may include authenticated and/or encrypted data. These cryptographic techniques are employed to enable and/or disable functions, features and capabilities of a system. For example, a system may be reconfigured to provide strong or weak encryption based on parameters in the configuration information. | 04-23-2009 |
20090106556 | Method of providing assured transactions using secure transaction appliance and watermark verification - Disclosed is a method of improving electronic security by establishing a path between a user and a secure transaction appliance. The secure transaction appliance receiving information destined for the user which includes a tagged portion, said tagged portion triggering the secure transaction appliance to forward the information to the computer from which the request was issued, and to seeking an electronic signature to verify the content or transaction by transmitting a watermark, tagged portion of the content, or similar electronic content. The secure trusted path providing the user with the tagged portion incorporating additional elements such as a watermark, or in some embodiments only the additional elements, upon a personalized security device associated with the user making interception or manipulation more complex and difficult. | 04-23-2009 |
20090113207 | SECURE OVERLAY MANAGER PROTECTION - A method for protection of data includes maintaining a control parameter indicative of a current version of the data. The data is partitioned into multiple segments. Respective signatures of the segments are computed, responsively to the control parameter, the segments and respective signatures forming respective signed input segments, which are stored in a memory. After the signed input segments are stored, a signed output segment is fetched from the memory. The signature of the signed output segment is verified responsively to the control parameter, and the data in the signed output segment is processed responsively to verifying the signature. | 04-30-2009 |
20090125722 | CROSS-PLATFORM DIGITAL RIGHTS MANAGEMENT PROVIDING MULTI-LEVEL SECURITY INFORMATION FLOW TRACKING - A method and system for generating and controlling access to copy-protected digital media files. Digital media content is obtained and encoded in electronic file using a media codec. The encoded media content is encrypted in the electronic file and a multi-format renderer configured to render the encoded, encrypted electronic file is embedded in the electronic file. When the digital file is accessed, the multi-format renderer generates an invocation code identifying an operation-type in response to a requested operation. A transaction ID storing a user-access policy and associated with the electronic file is retrieved and compared to the invocation code. Based on a result of the comparison of the invocation code and the user-access policy, the multi-format renderer selectively allows the invocation code. | 05-14-2009 |
20090125723 | AUTHENTICATION OF AN OBJECT - A method of authenticating an object is disclosed. Coded data portions are provided on a surface of the object. Each coded data portion encodes a position of coded data portion on the surface, an identity associated with the object and a signature fragment. The signature fragment is a fragment of a digital signature of at least part of the identity associated with the object. Next, indicating data is received from a sensing device in response to the sensing device sensing coded data portions. The indicating data is representative of the data encoded in the coded data portions sensed by the sensing device. From the indicating data the identity associate with the object, a plurality of signature fragments encoded in respective coded data portions, and the position of respective coded data portions are determined. A signature fragment identifier for respective signature fragments is determined from the respective positions. Also, a determined signature is determined by arranging the signature fragments according to their respective signature fragment identifiers. The determined signature is decrypted to obtain a determined identity. The object is authenticated by comparing the identity to the determined identity. | 05-14-2009 |
20090125724 | OBJECT AUTHENTICATION - An apparatus for authenticating an object is disclosed. The apparatus receives from a sensing device indicating data. The indicating data is formed by the sensing device in response to sensing a plurality of coded data portions on a surface of the object. Each coded data portion encodes a position of coded data portion on the surface, an identity associated with the object and a signature fragment, the signature fragment being a fragment of a digital signature of at least part of the identity associated with the object. A processor then determines from the indicating data the identity associated with the object, a plurality of signature fragments encoded in respective coded data portions, and the position of respective coded data portions, determines a signature fragment identifier for respective signature fragments from the respective positions, determines a determined signature by arranging the plurality of signature fragments according to their respective signature fragment identifiers, decrypts the determined signature to obtain a determined identity, compares the identity to the determined identity, and then authenticates the object using the result of the comparison. | 05-14-2009 |
20090132825 | APPARATUS AND METHOD FOR TRANSMITTING SECURE AND/OR COPYRIGHTED DIGITAL VIDEO BROADCASTING DATA OVER INTERNET PROTOCOL NETWORK - A content distribution method for video copyright authentication and security comprising the steps of invisibly watermarking digital video data input from a video data source to create watermarked data; encrypting the watermarked digital video data using an encryption key to create encrypted video data; sending the encrypted watermarked digital data and a decryption key to a distribution network; decrypting the encrypted watermarked digital data to generate video data and adding visible watermarking data to the video data to generate visibly encrypted watermarked data compressing the visibly encrypted watermarked data to create compressed data; sending said compressed data and to an end user receiver; decompressing the compressed data at the receiver to generate decompressed data; and displaying the decompressed data to an end user. | 05-21-2009 |
20090138718 | Method of generating a signature with "tight" security proof, associated verification method and signature scheme based on the diffie-hellman model - The invention relates to a method of electronically signing a message m, characterized in that it uses: p a prime integer, q a prime integer divider of (p−1), g, an element of order q of the set Z | 05-28-2009 |
20090138719 | Method, Apparatus, Computer Program, Data Storage Medium and Computer Program Product For Preventing Reception of Media Data From a Multicast Service by an Unauthorized Apparatus - The method for the transmission of media data from a multicast service by a first apparatus to a plurality of second apparatuses is suitable for preventing reception of the media data by an unauthorized second apparatus using a security process. A first apparatus is provided which can be used to provide the media data protected by a security process. A third apparatus is provided which can be used to perform the security process with the first apparatus, performance of the security process between the first apparatus and the third apparatus and, on the basis of this, interchange of at least security data between the first apparatus and the third apparatus in order to provide the media data. A second apparatus is selected which can be used to perform at least one reception process for receiving the media data. A first data transmission link is selected which can be used to couple the first apparatus and the second apparatus at least for the purpose of transmitting the media data. The provided media data is received using the second apparatus via the first data transmission link. | 05-28-2009 |
20090138720 | METHOD AND APPARATUS FOR DETECTING MOVEMENT OF DOWNLOADABLE CONDITIONAL ACCESS SYSTEM HOST IN DCAS NETWORK - A method of operating a Secure Micro (SM) of a host in a Conditional Access (CA) system is provided. The method includes: receiving, by the SM, a SecurityAnnounce message including a certificate of an AP server connected with a host; determining, by the SM, whether a public key stored in a memory in advance exists, and setting a flag as a first state when the public key stored in advance exists; verifying, by the SM, a digital signature with respect to the SecurityAnnounce message using the public key stored in advance; and acquiring, by the SM, another public key of the AP server by parsing the certificate and setting the flag as a second state based on whether the flag corresponds to the first state when the SM is unable to verify the digital signature. | 05-28-2009 |
20090138721 | Small Memory Footprint Fast Elliptic Encryption - A method of generating a digital signature includes generating a first random number from a finite field of numbers, and generating field elements defining a first point on an elliptic curve defined over the finite field of numbers by performing elliptic curve arithmetic on the first random number and an initial public point on the elliptic curve. The method continues by generating a product from a field element, a private key, and a second random number received from a challenger seeking verification of a digital signature, and generating a signature component by summing the product and the first random number. The signature component is reduced using one or more modular reduction operations, using a modulus equal to an order of the elliptic curve, and then the reduced signature component and the field elements are sent to the challenger as a digital signature for verification by the challenger. | 05-28-2009 |
20090150676 | METHOD AND SYSTEM FOR ROBUST WATERMARK INSERTION AND EXTRACTION FOR DIGITAL SET-TOP BOXES - Methods and systems for robust watermark insertion and extraction for digital set-top boxes are disclosed and may include descrambling, detecting watermarking messages in a received video signal utilizing a watermark message parser, and immediately watermarking the descrambled video signal utilizing an embedded CPU. The embedded CPU may utilize code that may be signed by an authorized key, encrypted externally to the chip, decrypted, and stored in memory in a region off-limits to other processors. The video signal may be watermarked in a decompressed domain. The enabling of the watermarking may be verified utilizing a watchdog timer. The descriptors corresponding to the watermarking may be stored in memory that may be inaccessible by the main CPU. The watermark may comprise unique identifier data specific to the chip and a time stamp, and may be encrypted utilizing an on-chip combinatorial function. | 06-11-2009 |
20090158043 | SECURE DIGITAL SIGNATURE SYSTEM - The illustrative embodiments provide a computer implemented method, apparatus, and computer program product for receiving a request from a client to instantiate an electronic document. After successful completion of mutual authentication between a web application server and the client, the web application server provides the electronic document to the client. The web application server may then receive a set of changes associated with the electronic document to form a modified document. After receiving a request from the client for a digital signature to be generated for the modified document, the web application server generates a digital signature using a private key of the web application server and an identity of an end-user associated with the client. The web application server then signs the modified document with the digital signature. | 06-18-2009 |
20090158044 | OPTICAL DNA BASED ON NON-DETERMINISTIC ERRORS - The claimed subject matter relates to architectures and/or mechanisms that can facilitate issuing, embedding and verification of an optical DNA (o-DNA) signature. A first mechanism is provided for obtaining a set of manufacturing errors inherent in an optical media instance. These errors can be non-deterministic and can be encoded into the o-DNA that can be cryptographically signed with a private key, and then embedded into the source optical media instance. A second mechanism is provided that can decrypt the o-DNA with a public key and compare the authenticated errors to the observed errors to ascertain whether the optical media instance is authentic as opposed to a forgery or counterfeit. | 06-18-2009 |
20090164789 | AUTHENTICATED MEMORY AND CONTROLLER SLAVE - Systems and methods that can facilitate the utilization of a memory as a slave to a host are presented. The host and memory can provide authentication information to each other and respective rights can be granted based in part on the respective authentication information. The host can determine the available functionality of the memory. The host can activate the desired functionality in the memory and can request memory to perform the desired function(s) with regard to data stored in the memory. An optimized controller component in the memory can facilitate performing the desired function(s) associated with the data to generate a result. The result can be provided to the host, while the data and associated information utilized to generate the result can remain in the memory and are cannot be accessed by the host. | 06-25-2009 |
20090164790 | METHOD AND SYSTEM FOR STORAGE OF UNSTRUCTURED DATA FOR ELECTRONIC DISCOVERY IN EXTERNAL DATA STORES - A method and system for storage of unstructured data in external data storage uses low-cost, minimally-functional external data stores (EDS) to store immutable, unstructured content. An external storage layer (ESL) interposed between an e-discovery management application (EMA), and the EDS constitutes an intermediary allowing access to external storage from the EMA and adding functionality unavailable on EDSs, offsetting the functional sacrifice incurred by using the EDS and preserving cost advantage. Caching content on the ESL during propagation to the EDS eliminates latency during file propagation. The ESL creates metadata and maintains an index of the data, allowing the data owner to search and retrieve from the EDS. The ESL compresses, decompresses, encrypts and decrypts data. An ESL vendor can service a number of clients on a fee or subscription basis. The ESL can distribute client data across EDSs and mirror data stored on a first ESL on another ESL. | 06-25-2009 |
20090164791 | SYSTEM AND METHOD FOR DIGITALLY SIGNING AN ELECTRONIC DOCUMENT - A method for digitally signing an electronic document is disclosed. The method includes generating an electronic document to be signed and notifying an authorized signer to sign the electronic document. The method includes validating if the user is the authorized signer for the electronic document by comparing the received identification and the password with a digital certificate of the authorized signer stored in a database. Additionally, the method includes obtaining an image including a digital signature of the authorized signer from a database and resizing the image and inserting the resized image into the signature area of the electronic document if the user is the authorized signer. | 06-25-2009 |
20090164792 | DATA CARD VERIFICATION SYSTEM - A method of verifying a pair of correspondents in electronic transaction, the correspondents each including first and second signature schemes and wherein the first signature scheme is computationally more difficult in signing than verifying and the second signature scheme is computationally more difficult in verifying than signing. The method comprises the step of the first correspondent signing information according to the first signature scheme and transmitting the first signature to the second correspondent, the second correspondent verifying the first signature received from the first correspondent, wherein the verification is performed according to the first signature scheme. The second correspondent then signs information according to the second signature scheme and transmits the second signature to the first correspondent, the first correspondent verifies the second signature received from the second correspondent, wherein the verification is performed according to the second signature algorithm; the transaction is rejected if either verification fails. The method thereby allows one of the correspondents to participate with relatively little computing power while maintaining security of the transaction. | 06-25-2009 |
20090172404 | Method and Apparatus for Hybrid Watermarking - A hybrid watermark insertion method includes the steps of dividing the digital image into a low frequency region and a high frequency region using an edge map of the digital image; inserting a watermark into the low frequency region of the image by employing a watermarking method using a human visual system (HVS); and inserting the watermark into the high frequency region of the image by employing a quantization index modulation (QIM) method. A hybrid watermark extraction method includes the steps of estimating a reference value used when inserting a watermark, and searching a maximum value of correlation coefficients in an image of the watermark image while changing the estimated reference value within a designated range, to thereby find out the watermark insertion method. Accordingly, the watermark insertion method can be easily identified, thereby enabling the watermark extraction in a more readily manner. | 07-02-2009 |
20090172405 | AUDIO DATA PROCESSING APPARATUS AND AUDIO DATA PROCESSING METHOD - According to one embodiment, an audio data processing apparatus of this invention comprises a decryption unit which selects audio data to be reproduced under copyright protection, an HDMI unit which outputs the audio data selected by the decryption unit in the form of a bitstream to an AV amplifier connected via a dedicated cable, and a system control unit which acquires specification identification data from the AV amplifier before the bitstream output of the audio data and recognizes a watermark detection function of the AV amplifier on the basis of the specification identification data. | 07-02-2009 |
20090177890 | Method and Device for Forming a Signature - A device and a method are for forming a signature for use in a transmitter unit or a receiver unit of a communication system. To speed up the formation of a signature and thus the data transfer between a computer unit (e.g., a microcontroller) and a communication controller of the transmitter unit or the receiver unit, the device is arranged as hardware and the device forms the signature for data which are to be transferred from a computer unit of the transmitter unit to a communication controller of the transmitter unit for the purpose of data transmission via a communication medium of the communication system or which are to be transferred from a communication controller of the receiver unit to a computer unit of the receiver unit for further processing. | 07-09-2009 |
20090183006 | METHOD AND APPARATUS FOR APPLYING DIGITAL SIGNATURES TO TRANSLATED CONTENT | 07-16-2009 |
20090183007 | Method, Computer Program Product and Apparatus for Authenticating Electronic Documents - An apparatus for enabling secure control over electronic seals and signatures may include a processing element. The processing element may be configured to select a design drawing file for generation of a corresponding design drawing document, apply a digitized signature and seal and a uniform resource locator (URL) to the design drawing file to generate the design drawing document including the digitized signature and seal and the URL, and store the generated design drawing document at an access-restricted location accessible via the URL, the location being associated with a signer of the digitized signature. | 07-16-2009 |
20090187765 | Method and apparatus for determining whether or not a reference pattern is present in a received and possibly watermarked signal - Many watermarking systems make use of correlation for calculating a detection metric, which means that several reference patterns are generated at encoder side and one or more of them are embedded inside the content signal, dependent on the message to be embedded. To decode the embedded message, it is necessary to discover which reference pattern was embedded at encoder side. This is determined by correlating the known reference patterns with the content signal. A watermark detector decides, depending on the size of the correlation result values, whether or not a given pseudo-random sequence was embedded. However, this does not provide correct decisions if watermarked audio is emitted by a loudspeaker and then captured with a microphone. According to the invention, it is taken advantage of the received signal echoes instead of treating them as noise. The watermark detection result is improved by integrating the correlation values resulting from echoes into the main correlation peak, thereby using correlation result amplitude values located within a predetermined neighborhood of a correlation result peak amplitude value and exceeding a predetermined threshold. | 07-23-2009 |
20090187766 | System and Method for Digital Signatures and Authentication - A system and method for authentication and digital signatures on memory-only supports, comprising a read-once memory unit storing secret arrays, whose contents are destroyed upon reading, a standard memory unit storing encrypted arrays, tree data authenticating the encrypted arrays to one single public key, and a certificate of the public key issued by a certificate authority. The memory support sends its public key and certificate to a verifier, receives a challenge which is signed by elements from secret arrays in the read-once memory. The verifier system checks the authenticity of the data revealed from the read-once memory by encrypting it and comparing the result to one of the encrypted arrays, and verifies that the encrypted array authenticates to the public key using tree data. Finally, the verifier checks the authenticity of the public key using the certificate. | 07-23-2009 |
20090187767 | DATA-PROCESSING SYSTEM AND METHOD FOR CONTROLLING SAME, COMPUTER PROGRAM, AND COMPUTER-READABLE RECORDING MEDIUM - A data-processing system and method for controlling synthesizing digital-signature information. The system and method include holding first private-key information, inputting second private-key information, generating third private-key information based on the first private-key information and the second private-key information, holding the third private-key information, generating signature information based on information to be verified and the third private-key information, and outputting the information to be verified and the signature information. | 07-23-2009 |
20090193255 | Method and apparatus for determining and using the sampling frequency for decoding watermark information embedded in a received signal sampled with an original sampling frequency at encoder side - Many watermarking systems make use of correlation for calculating a detection metric, which means that reference patterns are generated at encoder side and are embedded inside the audio or video signal, dependent on the message to be embedded. The same reference patterns are generated at decoder side. The embedded message is decoded by correlating the reference patterns with the watermarked signal. The watermark detector decides, depending on the size of the correlation result values, whether or not a given reference pattern was embedded. However, decoding watermarked audio or video signals is difficult if the link between the watermark encoder and the watermark decoder is not a digital one, for example an acoustic path. According to the invention, a re-sampler control unit controls the sampling frequency of a re-sampler, in connection with a watermark decoder that outputs, in addition to the watermark information bits, a corresponding confidence value that is derived from the correlation result and that is used for synchronizing the re-sampler sampling frequency with the original sampling frequency of the watermarked signal. The synchronization processing includes a search mode and a synchronized mode. | 07-30-2009 |
20090193256 | ELECTRONIC SIGNATURE METHOD, APPARATUS, AND RECORDING MEDIUM HAVING ELECTRONIC SIGNATURE PROGRAM RECORDED THEREON - A computer divides a target electronic document into a plurality of document segments. Then, the computer generates a signature (s, t) that includes a set of two values having a signature value s forming a signature on the electronic document and a deletion signature value t used for deletion, the signature value s which serves as a body of the signature being formed by a superposition of signature information on the individual document segments. Then, in a case where one of the plurality of document segments obtained by the division is to be extracted, the computer superimposes deletion information of a document segment to be deleted on the deletion signature value t to generate a new signature value t′, and produces an updated signature (s, t′). | 07-30-2009 |
20090193257 | RIGHTS OBJECT AUTHENTICATION IN ANCHOR POINT-BASED DIGITAL RIGHTS MANAGEMENT - Digital lights management (DRM) can be effectively implemented through use of an anchor point and binding records in a user domain. Furthermore, authentication of a rights object defining the scope of access allowed for a digital property instance may be achieved through use of a signing key in the anchor point. The signing key may be used to assure no tampering has occurred with the rights object since acquisition of a digital property instance. A digital property owner may gain additional functionality and control through implementation of a play counter, rental duration limit, etc., using a signing key. | 07-30-2009 |
20090193258 | CONTROLLING THE DOWNLOADING AND RECORDING OF DIGITAL DATA - A method and apparatus for enabling a licensed end user to record digital data as described is particularly useful to the music industry as it enables them to make audio data available over the internet but to retain control of the uses to which that audio data can be put. Thus, upon completing a financial transaction to pay for the required audio tracks, the end user is enabled to download and decrypt encrypted music tracks and to play them on the end user's personal computer. The end user can also be allowed to burn a CD including the downloaded music tracks. However, the end user is only enabled to decrypt and record the music tracks onto the CD if the music tracks are recorded together with copy protection. | 07-30-2009 |
20090193259 | ELECTRONIC DOCUMENT AUTHENTICITY ASSURANCE METHOD AND ELECTRONIC DOCUMENT DISCLOSURE SYSTEM - An electronic document authenticity assurance technique and an information disclosure system both of which can compatibly realize the assurance of the authenticity of disclosure documents and the deletion of information inappropriate for disclosure. An electronic document is divided into constituent elements and an electronic signature is affixed to an arbitrary subset of a set including all the constituent elements. Otherwise, an electronic signature is affixed to data obtained by binding each of the constituent elements to information specifying the relationship between a respective one of the constituent elements and the structure of the electronic document. Otherwise, the hash values of the respective constituent elements are calculated and an electronic signature is affixed to data obtained by binding the calculated hash values together. Otherwise, random numbers generated for the respective constituent elements are bound together, then the hash values of the respective random-numbered constituent elements are calculated, and then an electronic signature is affixed to data obtained by binding the calculated hash values together. | 07-30-2009 |
20090199008 | Watermarking digital representations that have undergone lossy compression - Techniques for watermarking digital representations such as MPEG audio frames that spread the watermark information across the entire audio frame. The techniques work in conjunction with lossy compression techniques and are compatible with the perception models that are often used with lossy compression techniques. The watermark information is spread by means of transformations between the space/time domain and the frequency domain. When a MPEG audio frame is being watermarked, the compressed audio frame as it is produced by the quantizer is transformed from the frequency domain to the time domain; the time domain transformation is then randomized using a key and the randomized time domain transformation is transformed into the frequency domain. The watermark information is added at a predetermined frequency in the frequency domain transformation and the sequence of transformations is done in reverse order, with the randomization and derandomization serving to distribute the watermark information across the frequency domain representation of the watermarked audio frame. | 08-06-2009 |
20090199009 | Systems, methods and computer program products for authorising ad-hoc access - Methods, systems and computer program products for authorizing ad-hoc access are disclosed. A method for ad-hoc authorization comprising the steps of sending a pre-token via an unsecured communication channel to a device requesting ad-hoc authorization, sending a token associated with the pre-token via a secure communications channel to a proxy for the device, receiving evidence of access by the device to the token and determining the ad-hoc authorization based on the evidence. The systems and computer program products disclosed provide means for practicing the methods disclosed. | 08-06-2009 |
20090199010 | SIGNATURE DEVICE, VERIFICATION DEVICE, PROGRAM, SIGNATURE METHOD, VERIFICATION METHOD, AND SYSTEM - An efficient signature technology is provided, which is capable of arbitrary extraction and storage from a plurality of pieces of data and which can make a signature length relatively short. In a signature device ( | 08-06-2009 |
20090199011 | INFORMATION PROCESSING APPARATUS AND METHOD - An information processing apparatus includes a classifying unit configured to classify structural elements under predetermined attributes; a storage unit configured to store data, which describes which attribute among the attributes of the structural elements is a target of electronic signature verification, in association with the output destination of a structured document; an attaching unit configured to attach electronic signatures to the structural elements; and an inserting unit configured to refer to the stored data and data of the structured document, generate tree data which corresponds to the output destination of the structured document and indicates which structural element is a target of electronic signature verification among the structural elements to which electronic signatures have been attached, and insert the tree data in the data of the structured document. | 08-06-2009 |
20090199012 | CONTENTS TRANSMISSION METHOD AND CONTENTS TRANSMISSION SYSTEM - Mobile unit | 08-06-2009 |
20090199013 | AUTHENTICATION OF CONTENT DOWNLOAD - According to the invention, a method for authenticating download of a number of digital content files ordered from a web site is disclosed. In one step, a selection of the digital content files is received with the web site. Download manager software, media information, the digital content files, and first codes for each of the digital content files are sent to the client computer. The media information indicates a location of each of the number of digital content files. A first code is calculated for each of the digital content files. If the client computer determines that the first code doesn't match a second code for a particular digital content file, it is resent. | 08-06-2009 |
20090204818 | METHOD AND APPARATUS FOR GENERATING AND VERIFYING ELECTRONIC SIGNATURE OF SOFTWARE DATA, AND COMPUTER READABLE RECORDING MEDIUM THEREOF - Provided are methods of generating and verifying an electronic signature of software data, wherein software data is split into a plurality of blocks, electronic signatures corresponding to each of the blocks are generated, and some of the electronic signatures are randomly selected for verification. Accordingly, a time required for verifying an electronic signature can be reduced while maintaining the advantages of an electronic signature system. | 08-13-2009 |
20090210713 | METHOD AND A SYSTEM FOR SECURING AND AUTHENTICATING A MESSAGE - There is provided a method for securing and authenticating a message transmitted by a sending party to a receiving party, the method comprising: before transmission, inserting, in the message, security information comprising a secure message identifier allowing for uniquely identifying the message with respect to the communicating parties; storing, in a secure message database, secure message identification information comprising the secure message identifier, where the information asserts that a message having the secure message identifier is sent to the receiving party; providing the receiving party access to the secure message database for authenticating a suspect secure message identifier received in association with a suspect message, where the authenticating comprises accessing and inquiring the secure message database for comparing the suspect secure message identifier with secure message identifiers stored in connection with authentic messages transmitted from the sending party to the receiving party, and notifying the receiving party of a successful authentication if a match is found. There is also provided a system for securing a message to transmit by a transmitting party to a destination party and a system for authenticating a message transmitted by a transmitting party to a receiving party. | 08-20-2009 |
20090210714 | Method for electronically signing electronic documents and method for verifying an electronic signature - A medical professional registers himself with the trust centre (TC) or trusted registry (TR) acting on behalf of and/or operated by the mobile communication service provider. According to an embodiment of the present invention, the trust centre or trusted registry generates a pair of keys (“private key, public key”) and associates the private key with the mobile-phone identity (IMEI, SIM-chip-number or phone number) in a secret table stored at the TC or TR. The TC or TR also associates the public key with the medical author's name (plus office address) as an entry into a directory. | 08-20-2009 |
20090210715 | Document verification apparatus, document verification method, and computer product - In verifying a digital document, an input of a digital document is received and the digital document is divided into arbitrary constituent parts. A normal random number or a pseudo random number is assigned to each of the constituent parts according to the order in which the constituent parts appear in the digital document. Thus, verification of the authenticity of a digital document is enabled even when an alteration, such as a change of the order of the partial documents or a copy thereof, has been made to the digital document. | 08-20-2009 |
20090210716 | Direct anonymous attestation using bilinear maps - Direct Anonymous Attestation, DAA, involves a Signer entity using a credential supplied by an Issuer to attest its possession of a particular characteristic to a Verifier without the identity of the Signer being revealed. Security and performance improvements are disclosed where DAA is performed using a non-degenerate, computable, bilinear map with the credential being a CL-LRSW signature on a secret known only to the Signer. | 08-20-2009 |
20090210717 | IMAGE PROCESSING APPARATUS, AUTHENTICATION PACKAGE INSTALLATION METHOD, AND COMPUTER-READABLE RECORDING MEDIUM - An image processing apparatus is disclosed that includes an installation unit that installs an authentication package providing a function related to authentication; a signature confirmation unit that confirms whether an issuance source of the authentication package is an authenticated issuance source based on an electronic signature attached to the authentication package; and an authentication package confirmation unit that confirms the authentication package based on attribute information of the authentication package confirmed to be the authenticated issuance source by the signature confirmation unit. In the image processing apparatus, the installation unit installs the authentication package confirmed by the authentication package confirmation unit. | 08-20-2009 |
20090210718 | SYSTEM AND METHOD FOR UPDATING MESSAGE TRUST STATUS - Systems and methods for processing encoded messages within a wireless communications system are disclosed. A server within the wireless communications system performs signature verification of an encoded message and provides, together with the message, an indication to the mobile device that the message has been verified. In addition, the server provides supplemental information, such as, for example, a hash of the certificate or certificate chain used to verify the message, to the device, to enable the device to perform additional checks on the certificate, such as, for example, validity checks, trust checks, strength checks, or the like. | 08-20-2009 |
20090217048 | WIRELESS DEVICE AUTHENTICATION BETWEEN DIFFERENT NETWORKS - A method and system for roaming between heterogeneous networks. The method involves authenticating a mobile communication device on a first network, providing the device with a single-use token that can be used to sign-on to a second network without requiring conventional re-authentication over the second network. The method and system allows a token or set of tokens to be sent to a mobile device over a secure and trusted channel. The token can then be sent over another network, operating over a different protocol to an authentication system where its contents are verified and authorization to access the new network is generated such that the token does not need to be processed by the new network. Hence the mobile device does not need to re-authenticate to the new network. | 08-27-2009 |
20090217049 | METHOD FOR LINKING A DIGITAL CONTENT TO A PERSON - A process is proposed for linking digital content specific to the person. This is marked by the following steps: generation of a on-to-one key, generation of a first data record that contains the key and data space identifying the person, implementation of the key in the digital content. | 08-27-2009 |
20090217050 | SYSTEMS AND METHODS FOR OPTIMIZING SIGNATURE VERIFICATION TIME FOR A CRYPTOGRAPHIC CACHE - Embodiments provide systems and methods to optimize signature verification time for a cryptographic cache. Time is reduced by eliminating at least some of the duplicative application of cryptographic primitives. In some embodiments, systems and methods for signature verification comprise obtaining a signature which was previously generated using an asymmetrical cryptographic scheme, and determining whether an identical signature has previously been stored in a signature cache. If an identical signature has been previously stored in the signature cache, retrieving previously generated results corresponding to the previously stored identical signature, the results a consequence of application of cryptographic primitives of the asymmetrical cryptographic scheme corresponding to the identical signature. The results are forwarded to a signature verifier. In at least some embodiments, at least one of these functions occurs in a secure execution environment. | 08-27-2009 |
20090217051 | Method for distribution of multimedia tracks through computer networks - A method for distributing multimedia files through a computer network comprises the steps of selecting a multimedia track from an archive, encoded in a digital file according to a conventional encoding which comprises a header and a division into frames; converting a plurality of the conventionally encoded frames into encrypted frames; applying a digital signature in the header; generating an audio file which comprises a signed header, a plurality of frames with conventional encoding and a plurality of encrypted frames. | 08-27-2009 |
20090240945 | ANTICOUNTERFEITING MEANS FOR OPTICAL COMMUNICATION COMPONENTS - Methods and systems for detecting counterfeit optical communications products are described. An exemplary system includes a host device and a fiber optic component, such as an optical transceiver. The optical transceiver may include a TOSA, a ROSA, a controller circuit, and a memory module. The controller circuit may be operably connected to the TOSA, the ROSA, and the memory module. The host device may send a set of challenge data to the optical transceiver. The optical transceiver may respond with a data set encrypted by the controller circuit using a secret key stored in the memory module. The encrypted response data set may be evaluated to determine whether the optical transceiver is authenticate. | 09-24-2009 |
20090240946 | DYNAMIC IDENTIFIER FOR USE IN IDENTIFICATION OF A DEVICE - A method for execution by a device, which comprises: generating a first signature by encrypting an identifier of the device together with first additional data; generating a second signature by encrypting the identifier of the device together with second additional data that is different from the first additional data; releasing the first signature to identify the device on a first occasion; and releasing the second signature to identify the device on a second occasion. Also, a device, which comprises: a memory storing an identifier of the device; a processing entity configured to generate a plurality of different signatures encoding the identifier and to store the signatures in the memory; and a transmit/receive entity configured to identify the device on respective occasions by releasing individual ones of the signatures. | 09-24-2009 |
20090240947 | SYSTEM AND METHOD FOR SECURELY ACCESSING MOBILE DATA - The present invention provides a system and method for maintaining secure information on mobile devices and that balances security and convenience in the provision of mobile data access. Security is maintained by extending the use of industry-accepted two-factor authentication methods, and convenience is enhanced by utilizing a user's existing mobile device accessories as an authentication factor. As a result, the present invention provides a strong authentication system and method without the cost or burden of requiring the user to acquire additional hardware for security purposes. | 09-24-2009 |
20090249074 | WIRELESS COMMUNICATION USING COMPACT CERTIFICATES - A method and communications system for generating and using compact digital certificates for secure wireless communication. Each compact certificate includes a digital signature and only a portion of the data used in generating the signature. The remaining certificate data is pre-stored on one or more wireless devices for which secure communication is desired. Upon receiving a compact certificate, the wireless device authenticates the certificate using its digital signature along with both the data contained in the certificate and the data pre-stored on the wireless device. This approach permits secure connections to be established between wireless devices using relatively small digital certificates. | 10-01-2009 |
20090249075 | SYSTEM AND METHOD OF AUTHORIZING EXECUTION OF SOFTWARE CODE IN A DEVICE BASED ON ENTITLEMENTS GRANTED TO A CARRIER - Embodiments include systems and methods for authorizing software code to be executed or access capabilities in secure operating environments based on at least one carrier profile. Carrier profiles may be issued by trusted entities to extend trust to other entities to allow those other entities to provide or control execution of applications in a secure operating environment such as on particular computing devices. The carrier profiles allow entities to add software code to a device without reauthorizing each distribution by the trusted authority, or to limited groups of devices controlled or authorized by the other entities. | 10-01-2009 |
20090254752 | WATERMARKING COMPUTER PROGRAM CODE - A method of embedding information in a computer program code, including a plurality of program statements. The method comprises: inserting a conditional program statement in the computer program code, the conditional program statement including a condition and a plurality of alternative program statements, the conditional program statement being adapted to cause a data processing system to evaluate said condition and, responsive to a result of said evaluating step, to selectively execute one of said plurality of alternative program statements; wherein said condition is indicative of at least a part of said information; and wherein the plurality of alternative program statements are adapted to cause the computer program code to produce the same program output irrespective of which of said alternative program statements is executed. | 10-08-2009 |
20090254753 | SYSTEM AND METHOD OF AUTHORIZING EXECUTION OF SOFTWARE CODE BASED ON ACCESSIBLE ENTITLEMENTS - Embodiments include systems and methods for authorizing software code to be executed or access capabilities in secure operating environments. Profiles may be issued by trusted entities to extend trust to other entities to allow those other entities to provide or control execution of applications in a secure operating environment such as on particular computing devices. A request in a first program may be received from a second program. A profile is then identified. The profile includes at least one entitlement associated with the second program. The profile is authenticated based on a first digest indicative of the profile and the second program is authenticated based on a second digest indicative of the second program. The request is then executed based on the entitlement. | 10-08-2009 |
20090254754 | LIGHTWEIGHT GEOGRAPHIC TRAJECTORY AUTHENTICATION VIA ONE-TIME SIGNATURES - A system and method for a vehicle-to-vehicle communications system that provide active safety applications employing lightweight geographic authentication using one-time signatures. The system and method require each vehicle to construct a discretized representation of its trajectory, which captures its kinematical history to a tunable degree of accuracy and to a tunable extent in the past. This trajectory information is then signed using a one-time signature. Thus, with every periodic message, the sending vehicle transmits the usual application payload, a signed version of the trajectory as described, and the digital signature over all of the fields. | 10-08-2009 |
20090254755 | Object Authentication From A Signature Part - A method of authenticating an object in which a computer system receives indicating data from a sensing device. The indicating data is generated in response to sensing of coded data provided on or in a surface associated with the object and is indicative of an identity of the object and at least part of a signature. The signature is in turn a digital signature of at least part of the identity. The computer system uses the indicating to determine a received identity and a received signature part, before using the using the received identity to determine at least a determined signature part. The determined signature part is then compared to the received signature part to authenticate the object. | 10-08-2009 |
20090259852 | RELIABLE STORAGE MEDIUM ACCESS CONTROL METHOD AND DEVICE - A method of and device for granting access to content on a storage medium, including obtaining cryptographic data from a property, such as a wobble, of the storage medium, reading helper data from the storage medium, and granting the access based on an application of a delta-contracting function to the cryptographic data and the helper data. The delta-contracting function allows the choice of an appropriate value of the helper data, such that any value of the cryptographic data which sufficiently resembles the original primary input value leads to the same output value. Substantially different values of the cryptographic data lead to different values of the output. | 10-15-2009 |
20090259853 | DYNAMIC MULTIMEDIA FINGERPRINTING SYSTEM - A dynamic multimedia fingerprinting system is provided. A user requests multimedia content from a Web cache server that verifies that the user is authorized to download the content. A custom fingerprint specific to the user is generated and dynamically inserted into the content as the content is delivered to the user. The custom fingerprint can be generated on the Web cache server or at the content provider's server. The system allows a content provider to specify where the custom fingerprint is inserted into the content or where the fingerprint is to replace a placeholder within the content. | 10-15-2009 |
20090265557 | PREVENTING UNAUTHORIZED DISTRIBUTION OF MEDIA CONTENT WITHIN A GLOBAL NETWORK - One embodiment of the invention is a method for providing media content while preventing its unauthorized distribution. The method includes transmitting from a client to an administrative node a request for delivery of an instance of media content (IMC); determining which content source (CS) of a plurality of CSs to provide delivery of the IMC, provided the client is authorized to receive the IMC; transmitting to the client an access key and a location of the IMC; transmitting from the client to the CS a second request and the access key; in response to receiving the second request and the access key, transferring the IMC from the CS to the client; transmitting from the client to the administrative node an indicator indicating a successful transfer of the IMC; and generating a transaction applicable to the client and associated with the transfer of the IMC to the client. | 10-22-2009 |
20090265558 | DOCUMENT VERIFYING APPARATUS, DOCUMENT VERIFYING METHOD, AND COMPUTER PRODUCT - A computer-readable recording medium stores therein a document verifying program. The document verifying program causes a computer to execute receiving input of an electronic document; dividing the electronic document received into arbitrary components; calculating a hash value for each of the components; correlating, for each component, the hash value calculated for the component and a random number allocated to the component according to an appearance position of the component in the electronic document; creating for each component and based on the hash value and the random number correlated for the component at the correlating, a first digital signature and a second digital signature that are different from each other; and appending to each component, the first digital signature and the second digital signature created for the component at the creating. | 10-22-2009 |
20090271630 | AUTHENTICATION SYSTEM, AUTHENTICATION METHOD AND TERMINAL DEVICE - Provided are an authentication method, authentication system and a terminal device in which the authentication of a non-participating third node is can be simplified and can be executed in the case of multicast by using an authentication ticket in a distributed processing network system, the non-participating third node being intended to access each of the nodes, including a first and a second node, constituting a workgroup. The first node that has already participated in the workgroup authenticates the third node intended to participate in the workgroup and issues the authentication ticket including the signatures of both nodes, and when the authentication ticket is submitted to the second node, the second node permits the third node to access, without password-based-authentication, by authenticating the first node and the second node which have signed the authentication ticket. | 10-29-2009 |
20090271631 | ELECTRONIC SIGNATURE SYSTEM AND ELECTRONIC SIGNATURE VERIFYING METHOD - A key creating device creates a first public key and a first secret key of the electronic signature method satisfying the noncounterfeitability and a second public key and the first secret key of the chameleon commitment method. The signature device generates a commitment, a first random number according to the Com algorithm, and a first signature by using the first secret key. The signature device further generates a second random number according to the Cam algorithm by using the message written by adding a first signature to an object message, and creates an electronic signature by combining the first signature and the second random number. A verifying device receives the signed message written by adding the first signature included in the electronic signature to the object message, creates a commitment according to the ComVer algorithm, and performs verification by using the commitment and the first signature. | 10-29-2009 |
20090276630 | Group Signature System And Information Processing Method - In a group signature system of the present invention, user device | 11-05-2009 |
20090276631 | Certificate revocation system - A method of managing certificates in a communication system having a certifying authority and a directory. Preferably, the method begins by having the certifying authority generate certificates by digitally signing a given piece of data. At a later point time, the certifying authority may produce a string that proves whether a particular certificate is currently valid without also proving the validity of at least some other certificates. The technique obviates use of certification revocation lists communicated between the certifying authority and the directory. | 11-05-2009 |
20090276632 | Systems, Methods, and Media for Providing Secure Content Information - Systems, methods, and media for providing secure content information are provided. In some embodiments, systems for providing secure content information are provided, the systems comprising: a processor that creates a payload, creates a validation value, securely stores the validation value in association with a content distribution, and stores the payload in association with the content distribution. In some embodiments, systems for providing secure content information are provided, the systems comprising: a processor that receives a payload associated with a content distribution, creates a first validation value for the payload, recovers a second validation value associated with the content distribution, compares the first validation value and the second validation value, and determines if the payload has been tampered with. | 11-05-2009 |
20090276633 | Retrieving Content Via A Coded Surface - A method of retrieving a content using a print medium is disclosed. The method starts by determining a print media identifier from the print medium using a sensor module of a mobile telecommunications device. The print media identifier is linked to the content. The method then retrieves, using the mobile telecommunications device, the content. | 11-05-2009 |
20090276634 | CONTENT DISTRIBUTION SYSTEM, CONTENT DISTRIBUTION METHOD, AND CLIENT TERMINAL - The user of any one portable terminal sends a content information request including a user ID to a distribution server. In response, the distribution server distributes a stream data of content that can be used on the user's terminal. If the user of a first portable terminal intends to let a second portable terminal try out a certain content, the user sends to the distribution server the trial permission information including the user's own user ID, a content ID of the content of interest, and a digital signature. The distribution server authenticates the received information before distributing a streaming data of a trial-oriented content with the content ID and user ID attached to it as search keys. This allows the content that can be used on a given user terminal to be tried out on another user terminal without the latter user having recourse to the steps of searching for the content in question. | 11-05-2009 |
20090282255 | Bundle Verification - Systems, devices, and methods for modifying a signed bundle and verifying the modified bundle are disclosed. A signed bundle may be modified by removing a file specified in a server file list from a plurality of files in the bundle. The signed bundle comprises a catalog of files in the signed bundle and their associated hashes. The modified bundle includes the remaining files of the signed bundle that are not specified in the server file list and the catalog file of the signed bundle, the catalog signature of the signed bundle. The modified bundle may be verified by verifying the catalog signature of the modified signed bundle, and checking that the files specified in the catalog are either in the modified signed bundle or specified in the server file list. The hashes of the files in the modified signed bundle may also be checked to verify the modified signed bundle. | 11-12-2009 |
20090282256 | SECURE PUSH MESSAGES - A device may receive a secure push message from an administrator device. In addition, the device may generate a first key by combining an administrator code, a client device identifier that identifies a client device, and subscriber information that is associated with a service to which a user subscribes. In addition, the device may hash the first key to generate a second key, and use the second key to sign a data block within the secure push message to produce an electronic signature. Further, the device may validate the secure push message based on the electronic signature. | 11-12-2009 |
20090287933 | SYSTEM AND METHOD THAT USES CRYPTOGRAPHIC CERTIFICATES TO DEFINE GROUPS OF ENTITIES - A system and method for issuing a cryptographic certificate comprises describing one or more prerequisite condition on the cryptographic certificate. The one or more prerequisite conditions comprise membership in one or more prerequisite group of entities. An entity may be a participant, a resource or a privilege, etc. The present invention also requires naming one or more target groups of entities on the cryptographic certificate. One or more prerequisite group stakeholder that authorizes an entity in the one or more prerequisite group of entities to be added as members in another group of entities sign the cryptographic certificate. The cryptographic certificate is also signed by one or more target group stakeholders that authorizes an entity to be added as a member of the one or more target groups. Exemplary prerequisite conditions relate to one or more of a membership in another group of entities, a physical characteristic, a temporal characteristic, a location characteristic or a position characteristic, among others. | 11-19-2009 |
20090287934 | INFORMATION PROCESSING APPARATUS, INFORMATION RECORDING MEDIUM, INFORMATION PROCESSING METHOD, AND INFORMATION PROCESSING PROGRAM - An information processing apparatus includes: a reproducing unit that reads, from a disc, a content and a content code file storing a content code that includes at least any one of a program or conversion data applied to a content reproducing process, to execute the content reproducing process; and a signature verification unit that verifies a digital signature set for the content code file. The signature verification unit verifies the signature using different pieces of set signature target data between a signature verification process executed in reproducing the content recorded in a ROM disc and a signature verification process executed in reproducing the content recorded in a non-ROM disc other than the ROM disc. The reproducing unit, when signature verification is successfully executed by the signature verification unit, applies the content code stored in the content code file, for which signature verification is successful, to reproduce the content. | 11-19-2009 |
20090292924 | MECHANISM FOR DETECTING HUMAN PRESENCE USING AUTHENTICATED INPUT ACTIVITY - When a service request associated with an initiated online service transaction is received, an attestation identifying a human-input activity is requested. Upon receiving a signature attesting the human-input activity, the previously initiated service transaction is authenticated based at least in part on the signature. | 11-26-2009 |
20090292925 | METHOD FOR PROVIDING WEB APPLICATION SECURITY - A method for an HTTP server to decide whether a remote client is victim of a phishing ttack, comprising: —receiving a first HTTP request from the remote client on said HTTP Server; —responding to said first HTTP request, wherein a token is added to the response submitted to said remote client; —receiving a second HTTP request on said HTTP server; —judging whether the second HTTP request includes said token; —judging whether the token originates from said remote client; —processing the HTTP request when said remote client has really issued the second HTTP request. | 11-26-2009 |
20090292926 | System and method for controlling features on a device - Trust between entities participating in an upgrade or enablement/disablement process is established and, to facilitate this remotely and securely, a highly tamper resistant point of trust in the system that is being produced is used. This point of trust enables a more efficient distribution system to be used. Through either a provisioning process or at later stages, i.e. subsequent to installation, manufacture, assembly, sale, etc.; the point of trust embodied as a feature controller on the device or system being modified is given a feature set (or updated feature set) that, when validated, is used to enable or disable entire features or to activate portions of the feature. | 11-26-2009 |
20090300362 | PASSWORD SELF ENCRYPTION METHOD AND SYSTEM AND ENCRYPTION BY KEYS GENERATED FROM PERSONAL SECRET INFORMATION - A public key cryptographic system and method is provided for a password or any other predefined personal secret information that defeats key factoring and spoofing attacks. The method adopts a new technique of encrypting a password or any predefined secret information by a numeric function of itself, replacing the fixed public key of the conventional RSA encryption. The whole process involving key generation, encryption, decryption and password handling is discussed in detail. Mathematical and cryptanalytical proofs of defeating factoring and spoofing attacks are furnished. | 12-03-2009 |
20090319794 | SEMANTIC DIGITAL SIGNATURES - A method is provided for adding intended meaning to digital signatures. A message, being base content, is received to be signed. Assertions, ontologies, and description of a reasoner are adjoined to the message. Ontologies are a formal specification of vocabulary and rules used to state the assertions. The reasoner validates the assertions against the corresponding ontologies. A compound message is formed including the message, the assertions, the ontologies, and the reasoner. The compound message is signed using a cryptographic digital signature, where the assertions indicate an intended meaning of the digital signature. During verification of semantic signatures, a digital signature is received for a compound message, where the compound message includes assertions, ontologies, and reasoner. The digital signature is verified, and the compound message structure is checked for semantic signature conformance. In response to proper verification, the reasoner is utilized to verify a conformance of the assertions to the ontologies. | 12-24-2009 |
20090319795 | DIGITALLY SIGNING DOCUMENTS USING IDENTITY CONTEXT INFORMATION - Creating a token for use by an entity when digitally signing documents. In a computing environment, a digital identity representation for an entity is accessed. The digital identity representation includes information identifying identity attributes about the entity and capabilities of an identity provider that provides tokens for use by the entity. Context information is accessed. The context information includes information about one or more of which, how or where the attributes for the entity identified in the digital identity representation will be used. A security token is created from the information in the digital identity representation and the context information. The security token makes assertions by the identity provider. The assertions are based on the information in the digital identity representation. The token further includes information related to at least a portion of the context information. | 12-24-2009 |
20090319796 | Gaming machine certificate creation and management - Methods and systems for creating and managing certificates for gaming machines in a gaming network using a portable memory device are described. A gaming machine creates a certificate signing request which is stored on a portable memory device at the machine by an operator. The memory device is handed over to a certificate authority (CA) security officer at the casino and is coupled with an appropriate CA server. A certificate batch utility program on the server downloads and processes the CSRs. A certificate services program on the server issues gaming machine certificates according to the CSRs. In one embodiment, the certificates are uploaded onto the memory device, along with copies of certificate authority server certificates, including a root CA certificate. The CA security officer hands the memory device to the casino floor operator. At the machine, the operator inserts or couples the device and software on the machine identifies and downloads its certificate based on the certificate file name. The machine also downloads copies of the CA server certificates which it may use in a certificate chain validation procedure. In another embodiment, the certificates are placed in a shared file on the CA server and retrieved by the gaming machines over a gaming network. | 12-24-2009 |
20090319797 | METHOD AND COMPUTER SYSTEM FOR ENSURING AUTHENTICITY OF AN ELECTRONIC TRANSACTION - At least one embodiment of the present invention relates to a method for ensuring authenticity of an electronic transaction performed during a transaction session. The method includes receiving, over a first network, a request from a user for the completion of an electronic transaction; receiving, over the first network, an authentication code from the user which has been provided to the user over a second network separated from the first network, thereby authenticating the user, completing the electronic transaction; and storing information associated with the electronic transaction and the transaction session. The method further includes generating a one-way hash value based on information comprised in the electronic transaction and information associated with the transaction session, and providing the one-way hash value to the user, wherein the one-way hash value is usable for ensuring the authenticity of the electronic transaction. The procedure enables authentication, integrity, non-repudiation, and time stamping in a cost efficient way. An enhanced security level can be achieved as the network used for providing the authentication code to the user is separate from the network where the user returns the authentication code. At least one embodiment of the present invention also relates to a corresponding computer system adapted for ensuring the authenticity of an electronic transaction. | 12-24-2009 |
20090327732 | Long-term secure digital signatures - The present invention relates to digitally signing of electronic documents which are to be kept secure for a very long time, thereby taking into account future cryptographic developments which could render current cryptographic key-lengths insufficient. In accordance with the invention a double signature is issued for each document. A first digital signature (DTS) ensures the long time security, whilst a second digital signature (DUS) ensures the involvement of an individual user. Thereby, the second digital signature is less computationally intensive in its generation than the first digital signature. | 12-31-2009 |
20090327733 | Data Security Method and System - A method of verifying integrity of a digital file includes receiving the digital file subsequent to exposure to a foreign environment and validating the digital file. The received digital file has an appended signature label that includes one or both of a first hash value and a digital signature. Validating the digital file includes hashing the digital file to obtain a second hash value, retrieving the first hash value from the signature label, and comparing the first hash value and second hash value. | 12-31-2009 |
20090327734 | MATCHING A WATERMARK TO A HOST SAMPLING RATE - The invention deals with matching of a watermark to a host sampling rate of a multimedia signal. A watermark sampled at a first sampling rate is matched to multimedia host signal sampled at a second sampling rate, in a process where the watermark sampled at the first sampling rate is received, a scaling factor between the first sampling rate and the second sampling rate is determined, and re-scale widths of the watermark symbols are set. A modified watermark is generated wherein the watermark symbols of the modified watermark being of re-scale widths, so as to substantially match the modified watermark sequences to the second sampling rate. | 12-31-2009 |
20100005305 | APPARATUSES, AND METHODS FOR INSERTING USER DATA INTO DIGITAL MULTIMEDIA SIGNALS - Apparatuses, and methods for inserting user data into digital multimedia signals are provided in which user data is inserted into the digital multimedia signals in a substantially imperceptible fashion. In one embodiment of the invention, digital watermarking techniques are used to embed user data into the digital multimedia signal, such that user data is later helpful in indexing the digital multimedia signal. User data can be in any generic form such as text, audio or video signals. In another embodiment of the invention, user data is superimposed on the digital multimedia signal at a location which contains the least amount of information. In yet another embodiment of the invention, user data is inserted at a location chosen by the user. The color in which user data is superimposed can also be chosen by the user by using either a color palette or by pointing to an area in the digital image or video. | 01-07-2010 |
20100005306 | STORAGE MEDIA STORING ELECTRONIC DOCUMENT MANAGEMENT PROGRAM, ELECTRONIC DOCUMENT MANAGEMENT APPARATUS, AND METHOD TO MANAGE ELECTRONIC DOCUMENT - An electronic document management apparatus acquires an electronic document comprised of a plurality of components for each of which a first digital signature and a second digital signature are uniquely specified. The electronic document is linked to an aggregate digital signature which aggregates the first digital signatures. After that the apparatus accepts designation of a component to be “hiding prohibited” within the electronic document. Whether or not the component designated to be “hiding prohibited” is at that time in a state of “hiding allowed and deletion allowed” is judged. When the judgment reveals that the state is “hiding allowed and deletion allowed”, the second digital signature specified for the component designated to be “hiding prohibited” is deleted. Then the state of the component subject to be “hiding prohibited” is changed from “hiding allowed and deletion allowed” to “hiding prohibited and deletion allowed”. | 01-07-2010 |
20100005307 | SECURE APPROACH TO SEND DATA FROM ONE SYSTEM TO ANOTHER - A secure approach for sending a original message from a sender to a receiver. The sender may encrypt the original message by performing an XOR (or XNOR) operation of the original message and a first random message (same size as original message) on a bit by basis to generate a second message. The receiver may also perform an XOR of the second message with a locally generated second random message. The resulting message is sent to the sender system. The sender system may again perform XOR operation of the received message and the first random message, and send the resulting message to receiver. The receiver may perform XOR operation on the received output to generate the original message sent by the sender. Other technologies such as digital signatures and key pairs (public key infrastructure) may be used in each communication between the sender and receiver to further enhance security. | 01-07-2010 |
20100005308 | Optimization methods for the insertion, protection, and detection of digital watermarks in digital data - Disclosed herein are methods and systems for encoding digital watermarks into content signals. Also disclosed are systems and methods for detecting and/or verifying digital watermarks in content signals. According to one embodiment, a system for encoding of digital watermark information includes: a window identifier for identifying a sample window in the signal; an interval calculator for determining a quantization interval of the sample window; and a sampler for normalizing the sample window to provide normalized samples. According to another embodiment, a system for pre-analyzing a digital signal for encoding at least one digital watermark using a digital filter is disclosed. According to another embodiment, a method for pre-analyzing a digital signal for encoding digital watermarks comprises: (1) providing a digital signal; (2) providing a digital filter to be applied to the digital signal; and (3) identifying an area of the digital signal that will be affected by the digital filter based on at least one measurable difference between the digital signal and a counterpart of the digital signal selected from the group consisting of the digital signal as transmitted, the digital signal as stored in a medium, and the digital signal as played backed. According to another embodiment, a method for encoding a watermark in a content signal includes the steps of (1) splitting a watermark bit stream; and (2) encoding at least half of the watermark bit stream in the content signal using inverted instances of the watermark bit stream. Other methods and systems for encoding/decoding digital watermarks are also disclosed. | 01-07-2010 |
20100005309 | METHOD AND APPARATUS FOR AUTHENTICATION OF DATA STREAMS WITH ADAPTIVELY CONTROLLED LOSSES - Methods, components, and systems for efficient authentication, either through a digital signature or message authentication codes, and verification of a digital stream sent from a source to a receiver via zero or more intermediaries, such that the source or intermediary (or both) can remove certain portions of the data stream without inhibiting the ability of the ultimate receiver to verify the authenticity and integrity of the data received. According to the invention, a source may sign an entire data stream once, but may permit either itself or an intermediary to efficiently remove certain portions of the stream before transmitting the stream to the ultimate recipient, without having to re-sign the entire stream. Applications may include the signing of media streams which often need to be further processed to accommodate the resource requirements of a particular environment. Another application allows an intermediary to choose an advertisement to include in a given slot. | 01-07-2010 |
20100005310 | METHOD AND APPARATUS FOR AUTHENICATION OF DATA STREAMS WITH ADAPTIVELY CONTROLLED LOSSES - Methods, components, and systems for efficient authentication, either through a digital signature or message authentication codes, and verification of a digital stream sent from a source to a receiver via zero or more intermediaries, such that the source or intermediary (or both) can remove certain portions of the data stream without inhibiting the ability of the ultimate receiver to verify the authenticity and integrity of the data received. According to the invention, a source may sign an entire data stream once, but may permit either itself or an intermediary to efficiently remove certain portions of the stream before transmitting the stream to the ultimate recipient, without having to re-sign the entire stream. Applications may include the signing of media streams which often need to be further processed to accommodate the resource requirements of a particular environment. Another application allows an intermediary to choose an advertisement to include in a given slot. | 01-07-2010 |
20100005311 | Electronic-data authentication method, Elctronic-data authentication program, and electronic-data, authentication system - An electronic-data authentication method is for authenticating electronic data provided by a virtual person anonymously used on a network, performed by a virtual-person management system including a user terminal, a user management device, and a virtual-person management device. The method includes receiving, by the virtual-person management device, the electronic data, a first electronic signature generated by encrypting the electronic data with a first signature-creation key, and an virtual person ID for uniquely identifying the virtual person from the user terminal; authenticating, by the user management device, the first electronic signature received at the receiving by using a first signature-authentication key corresponding to the first signature-creation key; generating, by the virtual-person management device, a second electronic signature by encrypting the electronic data received at the receiving with a second signature-creation key issued for the virtual person; and transmitting, by the virtual-person management device, the second electronic signature to the user terminal. | 01-07-2010 |
20100011215 | Securing dynamic authorization messages - To fortify trust in a roaming environment, a token is introduced in transactions between an authoritative entity (e.g., a Home AAA in RADIUS) and a service providing entity (e.g., a NAS in RADIUS). A Token-Information is sent from the authoritative entity to the service providing entity during the initial authentication. Subsequent transactions include a token computed from the Token-Information. The service providing entity discards messages that it receives that do not contain the correct token. The Token-Information is transported in an encrypted fashion. The token provides secure transactions when messages between the authoritative entity and the service providing entity are routed through proxy servers. | 01-14-2010 |
20100011216 | Method of providing secure tamper-proof acquired data from process instruments - Field devices used to measure process parameters can also function as a data historian by storing process data and associated time stamps. In response to a request for stored process data, the field device uses a cipher and a secret method to generate an encrypted validation string that is provided along with unencrypted information including the process data and time stamps. A validation service that maintains a secure database of field devices and their associated ciphers and secret methods can validate the unencrypted information by using the validation string. | 01-14-2010 |
20100011217 | WATERMARK SIGNAL GENERATING APPARATUS - An apparatus | 01-14-2010 |
20100011218 | SYSTEM AND METHOD FOR SECURE AUTHENTICATION OF A "SMART" BATTERY BY A HOST - Systems and methods for providing a battery module | 01-14-2010 |
20100017614 | ENCODING AND DETECTING APPARATUS - An encoding data processing apparatus generates a video material item marked copy by embedding a payload data word into the video material item. The video material item includes plural video frames. A code word generator generates a water mark code word from the payload data word and reads data representing the water mark code word into a shuffle data store. A shuffle processor generates pseudo randomly at least one address within an address space of the shuffle data store for each video frame and reads data representing part or parts of the water mark code word out from the data store at locations identified by the pseudo randomly generated address. A data embedding processor receives the video material item and embeds the data representing the part or parts of the water mark code word read out from the shuffle data store for each frame into a corresponding frame of the video material item. | 01-21-2010 |
20100017615 | DIGITAL DATA AUTHENTICATION - A method for protecting a digital document and user data typed into a digital document is presented. The method comprises computation of an authentication tag when the document is sent from a server. A similar authentication tag is computed when the document is shown on a client. When another document referenced in the document is requested by the client from the server, the authentication tag computed by the client is attached to the request for that other document. The server receiving the request compares the authentication tag it computed with the one it received to verify if the request came from an authentic copy of the document. The method is suitable for protection of online banking, online investment, online shopping, and other electronic applications. | 01-21-2010 |
20100023773 | SIGNATURE VERIFICATION APPARATUS, METHOD FOR CONTROLLING SIGNATURE VERIFICATION APPARATUS, SIGNING APPARATUS, METHOD FOR CONTROLLING SIGNING APPARATUS, PROGRAM, AND STORAGE MEDIUM - A signature verification apparatus includes a determining unit configured to determine a type of a signature affixed to a document file, a first generating unit configured to, when the determining unit determines that the signature is of a first type, check the validity of a certificate contained in the signature, detect whether the document file has been tampered with based on the signature, and generate a first verification result indicating whether the signature is valid based on the check and the detection, and a second generating unit configured to, when the determining unit determines that the signature is of a second type, without checking the validity of a certificate contained in the signature, detect whether the document file has been tampered with based on the signature, and generate a second verification result indicating whether the signature is valid based on the detection. | 01-28-2010 |
20100023774 | INFORMATION SECURITY DEVICE - An information security device is provided that, when information is circulated through a chain, permits changing of a usage rule for the information or collection (deletion) of the information after the circulation. | 01-28-2010 |
20100023775 | COMPRESSED ECDSA SIGNATURES - An improved compression scheme for compressing an ECDSA signature is provided. The scheme substitutes the integer s in a signature (r, s) by a smaller value c. The value c is derived from s and another value d, d being small enough such that c is smaller than s. The compressed signature (r, c) is verified by computing a value using r and e, e being a hash of a message m, and using this value with a value R recovered from r to derive the value d. The value s can then be recovered and the full signature then recovered and verified. | 01-28-2010 |
20100023776 | Method and System for Storing a Key in a Remote Security Module - The invention concerns a method for obtaining assurance that a content control key is securely stored in a remote security module for further secure communications between a content provider and said security. A security module manufacturer, which has a pre-established trustful relation with the security module, imports a symmetric transport key into the security module, wherein the symmetric transport key is unique to the security module. The content provider shares the symmetric transport key with the security module manufacturer and exchanges messages with the security module through a security module communication manager in order to get the proof that the security module stores the content control key. At least a portion of the messages exchanged between the content provider and the security module are protected using the symmetric transport key. | 01-28-2010 |
20100031047 | ATTESTATION ARCHITECTURE AND SYSTEM - An architecture and system are provided for flexible, composable attestation systems. Systems built according to this attestation architecture can be composed to accomplish complex attestation scenarios. The system is designed around composable components to permit flexible recombination. A system, method, and computer program product are provided for proving attestations to an appraiser regarding a target system. In an embodiment, an attestation request is sent from an appraiser to a target system, wherein the attestation request includes queries regarding properties of the target system needed by the appraiser to make trust decisions regarding the target system. The attestation request is forwarded from the target system to an attester which collects the requested data. The attester sends an attestation response to the appraiser, wherein the response includes at least information regarding properties of the target system requested by the appraiser in order to make a trust decision regarding the target system. | 02-04-2010 |
20100031048 | DATA AUTHENTICATOR - A user encoded result is operable to be used to authenticate target data. The user encoded result is determined from a signature for the target data. The signature is formatted and encoded to create the user encoded result. The user encoded result is stored and is operable to be retrieved to authenticate the target data in response to the target data being accessed. | 02-04-2010 |
20100031049 | TIME INFORMATION DISTRIBUTION SYSTEM, TIME DISTRIBUTING STATION, TERMINAL, TIME INFORMATION DISTRIBUTION METHOD, AND PROGRAM - In a time information distribution system for distributing time information from a time distributing station to terminals, the time distributing station gives the electronic signature of the time distributing station to time information to be distributed and distributes the time information to which the electronic signature has been appended to the terminals. The terminals verify the electronic signature given to the time information distributed from the time distributing station and, if a determination has been made that the electronic signature has already been given by the time distributing station, store the time information to which the electronic signature is given in a hardware security module installed in the terminals. | 02-04-2010 |
20100031050 | PERMANENT DISPLAY AND AUTHENTICATION OF STATUS INFORMATION OF A TECHNICAL DEVICE - The invention relates to an arrangement and a method for the acquisition and verification of at least one aspect of status information of a technical device, in particular for checking the software version. In order to make it possible to simply and reliably check the current software version the technical device comprises a storage device, a processing unit and a display, wherein the storage device comprises at least one software required for operating the technical device, a software version number and security data for calculating an identification characteristic to be graphically displayed. The security data is deposited in an encrypted region of the storage device. With the use of the processing unit the identification characteristic can be calculated on behalf of the software version number and the security data. The display displays information even in a current-free state without the use of an external energy source. | 02-04-2010 |
20100037058 | COLLABORATIVE SECURITY AND DECISION MAKING IN A SERVICE-ORIENTED ENVIRONMENT - A method of providing collaborative security and collaborative decision making in a service-oriented environment. The method includes validating request(s) by application(s) for service(s) in the environment, and providing each service for which an application request is validated. The method also includes monitoring a situational state exposed by services being provided in the environment. Based on the monitored state, the validating of one or more service requests is influenced. | 02-11-2010 |
20100037059 | SYSTEM AND METHOD FOR FORENSIC ANALYSIS OF MEDIA WORKS - A method and system for identifying a source of a copied work that in one embodiment includes obtaining at least some portions of a reference work, collecting at least some portions of the suspect work, matching the suspect work with the reference work, wherein the matching includes temporally aligning one or more frames of the reference work and the suspect work, spatially aligning frames of the reference work and the suspect work, and detecting forensic marks in the suspect work by spatiotemporal matching with the reference work. | 02-11-2010 |
20100037060 | FILE SYSTEM AUTHENTICATION - The present invention relates to file system authentication and, in particular, authentication of users for accessing files stored on a serverless distributed or peer-to-peer file system. Its objective is to preserve the anonymity of the users and to provide secure and private storage of data for users on a serverless distributed file system. It provides a method of authenticating access to a distributed file system comprising the steps of; receiving a user identifier; retrieving an encrypted validation record identified by the user identifier; decrypting the encrypted validation record so as to provide decrypted information; and authenticating access to data in the distributed file system using the decrypted information. | 02-11-2010 |
20100037061 | SYSTEM FOR CONTROLLING THE DISTRIBUTION AND USE OF RENDERED DIGITAL WORKS THROUGH WATERMARKING - A trusted rendering system for use in a system for controlling the distribution and use of digital works. A trusted rendering system facilitates the protection of rendered digital works which have been rendered on a system which controls the distribution and use of digital works through the use of dynamically generated watermark information that is embedded in the rendered output. The watermark data typically provides information relating to the owner of the digital work, the rights associated with the rendered copy of the digital work and when and where the digital work was rendered. This information will typically aid in deterring or preventing unauthorized copying of the rendered work to be made. The system for controlling distribution and use of digital works provides for attaching persistent usage rights to a digital work. Digital works are transferred between repositories which are used to request and grant access to digital works. Such repositories are also coupled to credit servers which provide for payment of any fees incurred as a result of accessing a digital work. | 02-11-2010 |
20100037062 | SIGNED DIGITAL DOCUMENTS - In one embodiment, a method includes adding data associated with a description of an attribute of a data set to a digital document and generating a digital signature based on the digital document. The data associated with description of the attribute is included in the generating. The data set is not included in the generating. The data set is capable of being included in the digital document. In some embodiments, a data set is a textual string. In some embodiments, an attribute is a pattern such as, for example, a pattern of characters in a textual string. | 02-11-2010 |
20100042842 | LIGHT WEIGHT AUTHENTICATION AND SECRET RETRIEVAL - A method for authenticating a message in a network is provided. The method includes a step of generating, in a sink device, a private key and a public key. The private key includes a plurality of sub-private keys. The method further includes a step of generating, in the sink device, a signature for the message. The signature includes a sub-private key and an authentication path associated with the sub-private key in a hash tree. The hash tree is constructed during the generation of the sub-public keys. | 02-18-2010 |
20100042843 | Benchmarks for Digital Watermarking - The presently claimed invention relates generally to digital watermarking of data, e.g., representing video or audio. One claim recites a method including: obtaining data representing video or audio; using a multi-purpose electronic processor programmed for: transforming the data into a transform domain, analyzing the transformed data to identify a plurality of transform coefficients according to predetermined criteria, and altering the identified plurality of transform coefficients to carry a digital watermark; and analyzing the data to determine a baseline state for the digital watermark. Of course, other combinations and claims are provided too. | 02-18-2010 |
20100042844 | METHOD, BASE STATION, RELAY STATION AND RELAY COMMUNICATION SYSTEM FOR IMPLEMENTING MESSAGE AUTHENTICATION - A method for implementing message authentication is provided. The method includes the following steps. A path by which a destination address of a message to be sent can be reached is determined. A signature processing is performed on the message to be sent according to a private key corresponding to the path, so as to obtain an authentication code. The message to be sent and the authentication code are sent through the path. | 02-18-2010 |
20100049982 | DNSSEC BASE ROLLOUT - The invention relates to a method for accessing via a first device a predetermined piece of information duplicated in several server devices, each server device implementing a sub-assembly of safety mechanisms from a predetermined set of safety mechanisms in order to provide a predetermined safety level for accessing the predetermined piece of information, wherein said method comprises the following steps: a) transmission ( | 02-25-2010 |
20100049983 | METHOD OF AUTHENTICATING DIGITAL SIGNATURE - A method of authenticating a digital signature is provided. The method includes sending a request from a first entity to a second entity, at least some of the request being digitally signed with a base key by the first entity, receiving, at the first entity, a digital signature and a bit-pattern from the second entity, the digital signature having been generated by the second entity using a variant key to digitally sign at least part of data indicative of a value stored in the second entity which is to be authenticated, the variant key being based on the result of applying a one way function to the base key and the bit-pattern, receiving the data at the first entity, generating, at the first entity, the variant key from the bit-pattern and the base key, and authenticating, at the first entity, the digital signature using the generated variant key. Only the first entity includes the base key and the second entity includes the variant key and the bit-pattern. | 02-25-2010 |
20100058064 | LOGIN AUTHENTICATION USING A TRUSTED DEVICE - A user working on a client computer is allowed to remotely login to a server over a computer network. A first secure connection is established between the client and the server. Communications with a trusted device which is in the user's control is established via a communication channel between the trusted device and the client, where this channel is not part of the network. A second secure connection is established between the trusted device and the server through the client, where this second secure connection is tunneled within the first secure connection. The user remotely logs into the server over the second secure connection using the trusted device. | 03-04-2010 |
20100058065 | EXTRACTING AUXILIARY DATA FROM A HOST SIGNAL - The invention relates to extracting and embedding auxiliary data from and to a host signal. In an embodiment, the auxiliary data relates to remotely control of an application or a device, such as an interactive toy. Auxiliary data are extracted from a host signal, by periodically ( | 03-04-2010 |
20100064139 | SYSTEM AND METHOD OF EXTENDING MARKING INFORMATION IN CONTENT DISTRIBUTION - In one embodiment the present invention includes a method of generating tracking information for steganographic insertion in content. The method includes splitting a tracking message into submessages, which are then inserted steganographically into the content and later extracted for tracking purposes. In this manner, the amount of information communicated in the tracking messages may be increased without requiring a redesign of every message insertion device in a distribution chain. | 03-11-2010 |
20100064140 | Optimization methods for the insertion, protection, and detection of digital watermarks in digital data - Disclosed herein are methods and systems for encoding digital watermarks into content signals. Also disclosed are systems and methods for detecting and/or verifying digital watermarks in content signals. According to one embodiment, a system for encoding of digital watermark information includes: a window identifier for identifying a sample window in the signal; an interval calculator for determining a quantization interval of the sample window; and a sampler for normalizing the sample window to provide normalized samples. According to another embodiment, a system for pre-analyzing a digital signal for encoding at least one digital watermark using a digital filter is disclosed. According to another embodiment, a method for pre-analyzing a digital signal for encoding digital watermarks comprises: (1) providing a digital signal; (2) providing a digital filter to be applied to the digital signal; and (3) identifying an area of the digital signal that will be affected by the digital filter based on at least one measurable difference between the digital signal and a counterpart of the digital signal selected from the group consisting of the digital signal as transmitted, the digital signal as stored in a medium, and the digital signal as played backed. According to another embodiment, a method for encoding a watermark in a content signal includes the steps of (1) splitting a watermark bit stream; and (2) encoding at least half of the watermark bit stream in the content signal using inverted instances of the watermark bit stream. Other methods and systems for encoding/decoding digital watermarks are also disclosed. | 03-11-2010 |
20100070770 | SYSTEMS AND METHODS, APPARATUS, AND COMPUTER READABLE MEDIA FOR INTERCEPTING AND MODIFYING HMAC SIGNED MESSAGES - Systems, methods, apparatus and computer-executable instructions stored on computer-readable media for communicating a modified hash message authentication code (HMAC) signed message between two endpoints are provided. The HMAC signature of the message may include a plurality of components. In some cases, the HMAC signature is a Server Message Block (SMB) signature. The first and/or second endpoint may be a client, server, or host. Some embodiments of the present application utilize a proxy, such as a CIFS proxy. In one embodiment, HMAC signature information sent from the first endpoint to the second endpoint may be intercepted. A value for a component of the HMAC signature may be determined by, for example, using the intercepted HMAC signature information. The intercepted message may be modified, resigned using the intercepted HMAC signature information, and transmitted to a receiving endpoint. | 03-18-2010 |
20100070771 | AUTHENTICATION OF ACCESS POINTS IN WIRELESS LOCAL AREA NETWORKS - A method is provided for authenticating an identity of an operator ( | 03-18-2010 |
20100070772 | NAVIGATION APPARATUS AND INFORMATION DISTRIBUTION SYSTEM - A CPU of a navigation apparatus stores public keys to which priorities are set and which are published by an information distribution center in a public key storage section. The CPU of the navigation apparatus extracts an electronic signature of distribution data which is distributed from the information distribution center and verifies the electronic signature by using only ‘valid’ public keys among the public keys in order of the priorities. The CPU of the navigation apparatus determines that the distribution data is valid information which is distributed from the information distribution center when the electronic signature passes verification. | 03-18-2010 |
20100070773 | Digital contents receiving apparatus - A television set is capable of receiving both broadcast program from television station and corresponding digital file of the same contents from a server station through internet. The television set keeps information of time limit for the server station to surely provide the file. The television set automatically downloads the file when the time limit comes close or the time limit information is failed to be kept. The television set keeps URL for the moving image program enjoyed upon turning-off of the television set until the next turning-on for instantly enjoying the moving image content provided at the URL. User who turning-on the television set or changing the channel with any program not in mind to feel interest in the program on display by chance can enjoy the program from the beginning by means of downloading corresponding digital file of the same contents through internet by an automatic link. | 03-18-2010 |
20100070774 | INTEROPERABLE SYSTEMS AND METHODS FOR PEER-TO-PEER SERVICE ORCHESTRATION - Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL. In a preferred embodiment, a media services framework is provided that enables nodes to find one another, interact, exchange value, and cooperate across tiers of networks from WANs to PANs. | 03-18-2010 |
20100077218 | SYSTEM AND METHOD FOR ELECTRONIC DOCUMENT MANAGEMENT, ORGANIZATION, COLLABORATION, AND SUBMISSION IN CLINICAL TRIALS - According to the present invention, there is provided a system and method for the management, organization, collaboration, and submission of electronic files and documents associated with a clinical trial. The system of the present invention enables users to create and easily access a central document repository. The system of the present invention includes various tools for the management, organization, collaboration, and editing of the documents and files stored within the system, as well as tools which enable automated regulatory submissions of required documents and files. | 03-25-2010 |
20100077219 | Optimization methods for the insertion, protection, and detection of digital watermarks in digital data - Disclosed herein are methods and systems for encoding digital watermarks into content signals. Also disclosed are systems and methods for detecting and/or verifying digital watermarks in content signals. According to one embodiment, a system for encoding of digital watermark information includes: a window identifier for identifying a sample window in the signal; an interval calculator for determining a quantization interval of the sample window; and a sampler for normalizing the sample window to provide normalized samples. According to another embodiment, a system for pre-analyzing a digital signal for encoding at least one digital watermark using a digital filter is disclosed. According to another embodiment, a method for pre-analyzing a digital signal for encoding digital watermarks comprises: (1) providing a digital signal; (2) providing a digital filter to be applied to the digital signal; and (3) identifying an area of the digital signal that will be affected by the digital filter based on at least one measurable difference between the digital signal and a counterpart of the digital signal selected from the group consisting of the digital signal as transmitted, the digital signal as stored in a medium, and the digital signal as played backed. According to another embodiment, a method for encoding a watermark in a content signal includes the steps of (1) splitting a watermark bit stream; and (2) encoding at least half of the watermark bit stream in the content signal using inverted instances of the watermark bit stream. Other methods and systems for encoding/decoding digital watermarks are also disclosed. | 03-25-2010 |
20100077220 | Optimization methods for the insertion, protection, and detection of digital watermarks in digital data - Disclosed herein are methods and systems for encoding digital watermarks into content signals. Also disclosed are systems and methods for detecting and/or verifying digital watermarks in content signals. According to one embodiment, a system for encoding of digital watermark information includes: a window identifier for identifying a sample window in the signal; an interval calculator for determining a quantization interval of the sample window; and a sampler for normalizing the sample window to provide normalized samples. According to another embodiment, a system for pre-analyzing a digital signal for encoding at least one digital watermark using a digital filter is disclosed. According to another embodiment, a method for pre-analyzing a digital signal for encoding digital watermarks comprises: (1) providing a digital signal; (2) providing a digital filter to be applied to the digital signal; and (3) identifying an area of the digital signal that will be affected by the digital filter based on at least one measurable difference between the digital signal and a counterpart of the digital signal selected from the group consisting of the digital signal as transmitted, the digital signal as stored in a medium, and the digital signal as played backed. According to another embodiment, a method for encoding a watermark in a content signal includes the steps of (1) splitting a watermark bit stream; and (2) encoding at least half of the watermark bit stream in the content signal using inverted instances of the watermark bit stream. Other methods and systems for encoding/decoding digital watermarks are also disclosed. | 03-25-2010 |
20100082989 | Storing Composite Services on Untrusted Hosts - A method of storing a composite service on an untrusted host without enabling the untrusted host to access resources called by the composite service is described. In an embodiment, the delegator provides a delegatee with credentials to enable verification of the composite service and to enable access to the resources. The credential which is provided to enable access to the resources may be a credential which can be used to decrypt access credentials for each of the resources. These access credentials are stored in encrypted form in a credential store. The delegatee downloads the composite service and the encrypted access credentials and executes the composite service once it has been verified. | 04-01-2010 |
20100082990 | ESTABLISHMENT OF A RELATIONSHIP BETWEEN WIRELESS DEVICES - Embodiments related to the establishment of a relationship between wireless devices are disclosed. In one disclosed embodiment, a wireless device includes an image capture device, a wireless transmitter and receiver, a logic subsystem, and memory comprising instructions executable by the logic subsystem to capture a first image via the image capture device, identify authentication features of the first image, and receive authentication data from a remote media device via the wireless receiver that comprises authentication features of a second image. The instruction further cause the logic subsystem to compare the authentication features of the second image to the authentication features of the first image to establish a trusted relationship with the remote media device if the authentication features of the second image exhibit a pre-determined relationship to the authentication features of the first image. | 04-01-2010 |
20100082991 | TRUSTED KEY MANAGEMENT FOR VIRTUALIZED PLATFORMS - To provide a secure service to an application virtual machine running in a first domain of a virtualized computing platform, a second domain is arranged to run a corresponding service driver exclusively for the application virtual machine. As part of the secure service, the service driver effects a key-based cryptographic operation; to do so, the service driver has to obtain the appropriate key from a key manager. The key manager is arranged to store the key and to release it to the service driver only upon receiving evidence of its identity and being satisfied of compliance with release policies associated with the key. These policies include receipt of valid integrity metrics, signed by trusted-device functionality of the virtualized computing platform, for the service driver and the code on which it depends. | 04-01-2010 |
20100082992 | Cryptographic Applications of Efficiently Evaluating Large Degree Isogenies - Techniques are disclosed for representing and evaluating large prime degree isogenies for use in cryptographic signature and encryption schemes. An isogeny of prime degree 1 may be represented as an ideal in the form (1, A*alpha+B), where 1 comprises the degree of a prime number, the prime number is split into integers a and b, and alpha is a known endomorphism. For a given degree 1, integers a and b define a unique isogeny, allowing the isogeny to be stored with 3 log(1) bits of information. Techniques are also disclosed to evaluate the isogeny at a given point by decomposing the isogeny into an integer and a plurality of smaller degree isogenies, evaluating the smaller degree isogenies at the point with traditional means, and multiplying the results of the evaluations together and with the integer. | 04-01-2010 |
20100082993 | COMPUTER-IMPLEMENTED METHODS, SYSTEMS AND COMPUTER PROGRAM PRODUCTS FOR GENERATING AND VERIFYING SIGNATURES - The present description refers in particular to a computer-implemented method, a computer program product, and a computer system for automatically generating a digital signature for a message, the message being representable in a hierarchical tree structure and to a computer-implemented method, a computer program product, and a computer system for automatically verifying a digital signature of a message, the message being representable in a hierarchical tree structure. The computer-implemented method for automatically generating a digital signature for a message, the message being representable in a hierarchical tree structure may comprise:
| 04-01-2010 |
20100082994 | Method and apparatus for implementing electronic seal - A method for implementing electronic seal is disclosed. The method includes: storing seal data of an electronic seal, a digital certificate, electronic signature program and a private key of a sealer in an external portable apparatus; performing a Hash conversion to a file to be sealed and the seal data of the electronic seal to generate a data digest, wherein the file to be sealed is a layout file; sealing, in the portable apparatus, the data digest using the private key of the sealer and the electronic signature program to generate an electronic signature result; and combining the file to be sealed, the seal data of the electronic seal, the digital certificate and the electronic signature result to generate a seal combination file. | 04-01-2010 |
20100088519 | CLIENT DEVICE, KEY DEVICE, SERVICE PROVIDING APPARATUS, USER AUTHENTICATION SYSTEM, USER AUTHENTICATION METHOD, PROGRAM, AND RECORDING MEDIUM - In a user authentication system according to the present invention, at user registration, a client device obtains a signature for a user ID, a password, and a public key by using a private key corresponding to the public key, and sends user information that includes the signature and the above-described information items to a service providing apparatus. The service providing apparatus verifies the signature by using the public key and stores the user information by which the password and the public key are associated with each other. When a request for a service is made, the client device allows authentication processing by sending to the service providing apparatus an authentication response that includes the user ID together with password authentication information, a signature for a challenge sent from the service providing apparatus, or a signature for the password and the challenge, irrespective of whether the authentication method for the service is password authentication, public key authentication, or public-key-and-password combination authentication. | 04-08-2010 |
20100095126 | Scanned Image Disclosure Apparatus, Method and Storage Medium; Electronic Mail Transmission Apparatus, Method and Storage Medium; and Internet Facsimile Transmission Apparatus - A scanned image disclosure apparatus has a disclosure unit that encrypts and discloses to a disclosure destination a scanned image by using a public key or a private key relating to a public key certificate that has been verified to be valid, a re-verification unit that judges whether or not re-verification of the validity of the public key certificate is necessary during execution for the disclosure unit and performs re-verification if it is judged to be necessary, a termination unit that terminates the execution for the disclosure unit if the public key certificate was judged to be invalid by the re-verification unit. | 04-15-2010 |
20100100742 | Transport Stream Watermarking - Methods and apparatuses for processing and watermarking a transport stream with a message. A processed transport stream that includes processed content packets, associated carrier packets, and a watermark descriptor for a group of the associated carrier packets is created from the transport stream. The processed content data represent a first watermark value and are bounded by transport sector boundaries. The associated carrier packets include replacement watermark data that represent a second watermark value and are bounded by transport sector boundaries. These associated carrier packets are paired with processed content packets. The watermark descriptor includes synchronization data. A watermarked transport stream is created by interleaving selected processed content packets and associated carrier packets according to a watermark message. | 04-22-2010 |
20100100743 | Natural Visualization And Routing Of Digital Signatures - Embodiments are provided for securely visualizing and routing digital signatures in an electronic document generated by an application program executing on a computer system. The application program may generate an electronic document for receiving a signature graphic, and calculate a hash value from the electronic document and the signature graphic, and create a cryptographic signature from the hash value using a cryptographic encryption method. The electronic document is digitally signed by embedding the cryptographic signature therein. The application program may further collect and route digital signatures by automatically collecting signatures from individual signers, one-by-one, and identify the appropriate signature line for each signer to sign. The application program may further generate a user interface for creating and collecting digital signatures. | 04-22-2010 |
20100100744 | VIRTUAL IMAGE MANAGEMENT - Apparatus, systems, and methods may operate to create a virtual image, define usage privileges associated with the virtual image in a description file, and associate a coded summary of an encrypted version of the description file with the virtual image. Other activities may include receiving a request to access the virtual image, authenticating a transmitted version of the coded summary to determine validity of the encrypted version, and processing the encrypted version to determine whether the request to access will be granted. Additional apparatus, systems, and methods are disclosed. | 04-22-2010 |
20100100745 | METHOD OF COMMUNICATING A DIGITAL SIGNATURE TO CERTIFY A TRANSMISSION, ASSOCIATED SYSTEM AND AIRCRAFT - This invention relates to a communication method intended to ensure the receipt of digital data by at least one remote entity, and an associated system, in particular in the context of data transfer with an aircraft. | 04-22-2010 |
20100106973 | Method and Device for Safeguarding of a Document with Inserted Signature image and Biometric Data in a Computer System - A method for safeguarding an electronic document includes inserting at least one digital signature image into the electronic document and generating a first check sum for the electronic document, with or without optionally-inserted biometric signature data, using a first hash function. A second check sum is then generated using a second hash function. The first check sum and the biometric data, if provided, are then symmetrically encrypted using a key that is the sum of the second check sum and a generated random value. The symmetrically-encrypted first check sum is attached to the document. The random value is then asymmetrically encrypted using a first public key of a first key pair and the asymmetrically-encrypted random value is added to the document. | 04-29-2010 |
20100115282 | METHOD FOR WATERMARK HIDING IN DESIGNATED APPLICATIONS - A method, service, and product for hiding a watermark existing in a digital media within a software application, comprising creating a set pattern of pixels represented by coordinates which represent a red, a green, a blue, and an alpha level of color, where the set pattern of pixels covers a set of original pixels within the digital media. The method including determining whether the transparency level of color should be removed from the set pattern of pixels based on a known pixel transparency removal parameter; and modifying the set pattern of pixels to remove the transparency level of color coordinates, wherein an original pixel color can be seen because the set pattern of pixels are made transparent; or not modifying the set of pixels to remove the transparency level of color coordinates, wherein the original pixel color cannot be seen because the set of original pixels is made transparent. | 05-06-2010 |
20100115283 | SYSTEMS AND METHODS FOR USING CRYPTOGRAPHY TO PROTECT SECURE AND INSECURE COMPUTING ENVIRONMENTS - Computation environments are protected from bogus or rogue load modules, executables, and other data elements through use of digital signatures, seals, and certificates issued by a verifying authority. A verifying authority—which may be a trusted independent third party—tests the load modules and/or other items to verify that their corresponding specifications are accurate and complete, and then digitally signs them based on a tamper resistance work factor classification. Secure computation environments with different tamper resistance work factors use different digital signature authentication techniques (e.g., different signature algorithms and/or signature verification keys), allowing one tamper resistance work factor environment to protect itself against load modules from another tamper resistance work factor environment. The verifying authority can provide an application intended for insecure environments with a credential having multiple elements covering different parts of the application. To verify the application, a trusted element can issue challenges based on different parts of the authenticated credential that the trusted element selects in an unpredictable (e.g., random) way, and deny service (or take other appropriate action) if the responses do not match the authenticated credential. | 05-06-2010 |
20100122092 | COMMUNITY-BASED IMAGE CATALOG - A community-based image catalog is provided. An example system to provide a community-based image catalog comprises a communications module to receive a submitted digital image at a server system, a detector to determine that the submitted digital image is to be made available for use by community members, a community image generator to add an interactive watermark to the submitted digital image thereby generating a community image, and a database interface module to provide the community image to a repository of images. An interactive watermark may be designed to be indicative of the community image being available for use by community members and being indicative of an interactive nature of the interactive watermark. | 05-13-2010 |
20100125737 | PAYMENT TRANSACTION PROCESSING USING OUT OF BAND AUTHENTICATION - Systems, apparatuses, and methods for increasing the security of electronic payment transactions, such as eCommerce transactions conducted over the Internet. A transaction approval or authorization mechanism uses an out of band process to provide authentication or identification data that has previously been registered by a user and associated with the user's payment device or account. The out of band authentication data may be provided in response to a message sent to a user's mobile phone, where the message is generated in response to entering the user's phone number into a form that is provided when the user engages in an electronic payment transaction using a desktop computer. The data may include a digital signature and associated digital certificate that is used to authenticate the user. | 05-20-2010 |
20100131767 | Methods for Audio Watermarking and Decoding - The presently claimed invention relates generally to encoding and decoding audio signals to include auxiliary information. One example encoding technique includes steganography. One method recites: using a microphone, obtaining an audio signal carried by sound waves; utilizing an analog-to-digital converter to convert the audio signal into a digital audio signal; utilizing a programmed electronic processor, extracting auxiliary data from a series of segments of the digital audio signal, the segments conveying the same auxiliary data, yet the segments represent the auxiliary data differently as code signals carrying the same auxiliary data change over the blocks, the auxiliary data being steganographically hidden in the digital audio signal; and utilizing a programmed electronic processor, utilizing the auxiliary data from the series of segments to increase confidence of accurate extraction of the auxiliary data, the auxiliary data being separately decoded from the segments and combined to increase the confidence of extraction of the auxiliary data. Of course, other combination and claims are provided as well. | 05-27-2010 |
20100131768 | Method and apparatus for digital watermarking - A method for embedding digital watermark data in digital data contents includes the steps of obtaining a frequency coefficient of block data of digital data contents, obtaining a complexity of the block data, obtaining an amount of transformation of the frequency coefficient from the complexity and the digital watermark data, and embedding the digital watermark data by transforming the frequency coefficient. In addition, a method for reading digital watermark data includes the steps of calculating a probability of reading ‘1’ or ‘0’ in a read bit sequence by using a test method on the basis of binary distribution, determining the presence or absence of digital watermark data according to the probability, and reconstituting digital watermark data. Another method includes the steps of performing soft decision in code theory by assigning weights to the digital watermark sequence with a weighting function, and reconstituting digital watermark data. | 05-27-2010 |
20100131769 | DELIVERY CONFIRMATION SYSTEM, PORTABLE TERMINAL, AND COMPUTER PROGRAM PRODUCT - A portable terminal, which is connected to a server, includes: a communication section to send and receive data to and from the server; a time obtaining section to obtain current time; a location obtaining section to obtain a current location of the portable terminal; an input section to input receipt confirmation information indicating that a recipient of a shipment has received the shipment; and a control section to cause a digital signature to be attached to electronic form data, and to cause the communication section to send the electronic form data with the digital signature to the server. The electronic form data includes the receipt confirmation information input through the input section when the shipment is received; the current time obtained by the time obtaining section when the shipment is received; and the current location obtained by the location obtaining section when the shipment is received. | 05-27-2010 |
20100131770 | COMPUTER-IMPLEMENTED METHOD AND SYSTEM FOR EMBEDDING AND AUTHENTICATING ANCILLARY INFORMATION IN DIGITALLY SIGNED CONTENT - A computer-implemented system and method for embedding and authenticating ancillary information in digitally signed content are disclosed. The method and system include loading digital content containing a digitally signed executable into memory for execution, while checking for the integrity of a digital signature and the contents of the executable; and erasing any non-authenticated regions of the digital content by zeroing out or value-filling memory locations corresponding to the non-authenticated regions. | 05-27-2010 |
20100146282 | DYNAMIC IMAGE CONTENT TAMPER DETECTING DEVICE AND SYSTEM - Regularity information such as time codes embedded preliminarily through an electronic watermark is detected from a predetermined number of pieces of continuous frame data of video content through the electronic watermark. In the case where the electronic watermark is not detected from the predetermined number of pieces of continuous frame data, a non-detection count is calculated, and falsification of the predetermined number of pieces of frame data is determined on the basis of the detected regularity information and the non-detection count. Accordingly, falsification such as deletion, addition, and replacement of video content is detected with high accuracy using the electronic watermark. | 06-10-2010 |
20100146283 | ENTERTAINMENT DEVICE - An entertainment device comprises communication means operable to receive media data from a media data source, storage means operable to store the received media data, in which the storage means limits the duration of access to the media data which was received from the media data source. | 06-10-2010 |
20100146284 | SYSTEM FOR EMBEDDING DATA - A method and system for embedding data in video frames is described, the method comprising receiving marking information, representing the marking information as a 2-coordinate vector, denoted | 06-10-2010 |
20100146285 | Digital Watermarks - The present invention relates generally to digital watermarking and steganographic data hiding. In one embodiment a method of rendering content to a user is provided. The rendered content includes a digital watermark embedded therein. In another embodiment, digital watermarking is utilized to facilitate purchase or lease of audio or video content over a network or with a remote computer. In still another embodiment, a compression characteristic is determined, and subsequent steganographic embedding is influenced based on the characteristic. Other embodiments are provided as well. | 06-10-2010 |
20100146286 | Pre-Processed Information Embedding System - Methods are provided for embedding auxiliary information in a host content signal which reduce the memory, bandwidth and computational complexity of the embedding and transmission systems. In one embodiment, a first reduced-scale signal is produced which corresponds to the host content embedded with a first logical value and producing a second reduced-scale signal corresponding to the host content embedded with a second logical value. A first set of segments from the first reduced-scale signal may be combined with a second set of segments from the second reduced-scale signal in a pre-defined manner to produce a composite embedded host content. Thus the storage and transmission requirements of the watermarking system are reduced to having to deal with only the original content plus two reduced-scale signals. | 06-10-2010 |
20100153732 | CACHE-BASED METHOD OF HASH-TREE MANAGEMENT FOR PROTECTING DATA INTEGRITY - The present disclosure relates to accessing data stored in a secure manner in an unsecure memory, based on signatures forming an integrity check tree comprising a root signature stored in a secure storage space, and lower-level signatures stored in the unsecure memory. One embodiment calculates a first-level signature from the data in a group comprising a changed datum, and temporarily stores the signature calculated in a secure memory. The embodiment calculates a signature to check the integrity of a lower-level signature by using the signature to be checked and a second signature belonging to a same group as the signature to be checked, read as a priority in the secure memory and in the unsecure memory if it has different values in the secure and unsecure memories. | 06-17-2010 |
20100153733 | METHOD AND SYSTEM FOR AUTHENTICATING INTERNET USER IDENTITY - A method and system for authenticating an Internet user identity by cross-referencing and comparing at least two independent sources of information. A first geographical location of computer signature of an internet user is identified and the geographical location of a communication voice device of said internet user is identified to determine a second location. The first and second locations are compared for geographical proximity to confirm the identity of the internet user. Based upon geographical proximity of said locations, a score is assigned to the internet user, and access to a website is allowed or limited based upon said score. Alternatively, additional authentication information can be required or access can be terminated. | 06-17-2010 |
20100161991 | APPARATUS AND METHOD FOR CONTROLLING USE OF BROADCASTING PROGRAM USING SIGNATURE IN PROGRAM INFORMATION - Disclosed is a broadcasting signal receiving apparatus for controlling use of a broadcasting program using a signature in program information and a method thereof. The broadcasting signal receiving apparatus includes a communicating unit for receiving a broadcasting signal, an extracting unit for extracting a broadcasting program and program information from the received broadcasting signal, and a determining unit configured to generate a temporal signature for confirmation (confirmation signature) which determines whether the program information is changed or not from the original program information and determine validity of the program information by comparing a signature included in the extracted program information with the confirmation signature. | 06-24-2010 |
20100161992 | Device and method for protecting data, computer program, computer program product - A device and method for protecting data in which preset data (m) are stored in a first memory in a control unit; the data (m) are signed with a signature (σ_i) by a subscriber (i) belonging to a group of subscribers ( | 06-24-2010 |
20100169649 | Image encryption for print-and-scan channels using pixel position permutation - An image encryption method that includes receiving image data based on an image, wherein the image data comprises a plurality of pixel values, and permuting a plurality of, and preferably all of, the pixel values using at least a secret key to create permuted image data. Also, an image decryption method that includes scanning a printed image to create scanned image data. The printed image is generated from permuted image data that is generated by permuting a plurality of first pixel values of first image data using at least a secret key, obtaining a plurality of second pixel values from the scanned image data, and reverse-permuting a plurality of the second pixel values using at least the secret key to create reverse-permuted scanned image data. | 07-01-2010 |
20100169650 | STORAGE MINIMIZATION TECHNIQUE FOR DIRECT ANONYMOUS ATTESTATION KEYS - A storage minimization technique for direct anonymous attestation (DAA) keys is presented. In one embodiment, the method includes deriving a random portion of a (DAA) private key from a device's fuse key, computing a point on an elliptical curve from the derived random portion and a master private key, and storing only one coordinate of the point in fuses within the device. Other embodiments are described and claimed. | 07-01-2010 |
20100169651 | Electronically Signing a Document - An electronic signature device includes a processor, a memory, a user input device including a first biometric input device, and a device interface, all communicatively connected by at least one bus. A method of personalizing the electronic signature device to a user includes receiving a digitized biometric signature of the user via the first biometric input device. A cryptographic key is generated. A biometric electronic template is generated based on the digitized biometric signature. The cryptographic key and the biometric electronic template are stored in the memory. | 07-01-2010 |
20100169652 | DIGITAL WATERMARKING SYSTEMS AND METHODS - Systems and methods for protecting digital content using digital watermarks and for distributing that protected digital content are described. The digital watermark contains watermark information, fingerprint information, and any other information desired by the provider of the digital content. To insert the digital watermark in the digital content, a section of the digital content is selected, whether it is a random section or a desired section (such as the first or last section), and then that section is broken into a given number of individual slides. The digital watermark is created as an additional slide or frame and then placed between the slides of that section. These individual slides, which now contain the watermark, are re-combined and then re-attached to the remainder of the digital content when desired, such as on the fly or at the time of the user's purchase of the digital content. The user (or other viewer) receives only a single packet of information for the digital content, rather than numerous packets of information, preventing compression and decompression processes from avoiding the watermark since any such compression would not only diminish the slide with the watermark on it, but also the content and render the digital content unusable. Other embodiments are described. | 07-01-2010 |
20100169653 | APPARATUS, METHOD, AND PROGRAM FOR DIGITAL SIGNATURE - A digital signature method to generate a signature for an electronic document, the method including: initializing a signature t of each of the document segments of electronic document and twice raising the signature t to the power of a hash value of each of the document segments and digitally signing the raised signature to produce a signature s serving as the signature of the electronic document; and revising a document segment; wherein, in the revising, to delete a document segment, the signature t is raised twice to the power of the hash value of the document segment unless the document segment is sanitization prohibited, or the signature t is raised to the power of the hash value of the document if the document segment is sanitization prohibited, and the document segment is deleted; to sanitize a document segment, the document segment is replaced with the hash value thereof. | 07-01-2010 |
20100169654 | METHOD FOR AUTHOR VERIFICATION AND SOFTWARE AUTHORIZATION - Embodiments of the present invention are directed to a computer-implemented method for author verification and authorization of object code. In one embodiment, program object code is linked with a plurality of data blocks to create linked object code and a MAP file. Thereafter, author verification is performed by executing a plurality of comparisons between the linked object code and the MAP file. In another embodiment, a digital signing procedure is performed on linked object code by creating a signature data block. The signature data block is then encrypted and written to the linked object code to create digitally-signed object code. In another embodiment, an application program embodied in linked object code generates a data packet. The data packet is then compared to a previously-generated signature data packet from the linked object code to determine if the linked object code is authorized. | 07-01-2010 |
20100169655 | BLOCKING OF UNLICENSED AUDIO CONTENT IN VIDEO FILES ON A VIDEO HOSTING WEBSITE - A system, method and various software tools enable a video hosting website to automatically identified unlicensed audio content in video files uploaded by users, and initiate a process by which the user can replace the unlicensed content with licensed audio content. An audio replacement tool is provided that enables the user to permanently mute the original, unlicensed audio content of a video file, or select a licensed audio file from a collection of licensed audio, and insert the selected in place of the original audio. Where a video file includes unlicensed audio, the video hosting website provides access to video files to a client device, along with an indication to the client device to mute the audio during playback of the video. | 07-01-2010 |
20100174910 | Public Key Encryption with Digital Signature Scheme - An improved encryption and digital signature system and method in accordance with the invention reuses an encryption ephemeral key pair from an encryption process in a digital signature process. The reuse of the encryption ephemeral key pair in the digital signature process advantageously results in reduced byte size of the digital signature and reduction of costly computation overhead. In a preferred embodiment, the invention is based on the El Gamal encryption scheme and the Nyberg-Rueppel signature scheme. The present invention is particularly useful for operation in conjunction with small communication devices having limited processing and storage, wherein such devices may communicate via bandwidth sensitive RF links. | 07-08-2010 |
20100180122 | Method and Device for Detecting an Attempt to Substitute an Original Casing Portion of an Electronic System with a Replacement Casing Portion - The invention relates to an electronic system comprising a casing consisting of at least first and second casing portions and containing a device for detecting the substitution of the first casing portion. The device comprises a first integrated circuit intended to be fixed to the first casing portion and a second integrated circuit intended to be fixed to the second casing portion. The second circuit is adapted to transmit to the first integrated circuit successive random or pseudo-random digital signals (R). The first integrated circuit is adapted to return to the second integrated circuit, for each digital signal, the first encrypted signature (S) from said digital signal. The second integrated circuit is adapted to determine a second encrypted signature (S′) from said digital signal and to detect a substitution of the first casing portion if the first and second encrypted signatures are different. | 07-15-2010 |
20100180123 | PROCEDURE AND ARCHITECTURE FOR THE PROTECTION OF REAL TIME DATA - The object of the present invention is to safeguard the authenticity and integrity of real-time data in a distributed real-time computer system. The present invention considers other requirements of real-time data processing, such as the timeliness of real-time data transmission and limited resource availability. Frequent modification of an asymmetric key pair hinders intruders from cracking a key before its validity has expired. The present method can also be extended to safeguard the confidentiality of real-time data. It can be implemented efficiently on a multiprocessor system-on-chip (MPSoC). | 07-15-2010 |
20100180124 | VERIFICATION APPARATUS AND PROGRAM - According to one embodiment of the present invention, the first authentication context includes the template certificate indicative of the validity of a template and the first apparatus evaluation certificate indicative of the validity of the first apparatus evaluating information whilst the second authentication context includes the second apparatus evaluating certificate indicative of the validity of the second apparatus evaluating information. And the template certificate and the first and second evaluation certificates are verified when verifying the first and second authentication contexts. Thus, the validity of the template used for authentication or the apparatus evaluating information included in the authentication context can be verified. | 07-15-2010 |
20100180125 | INFORMATION SERVICE METHOD, INFORMATION SERVICE UNIT, RECORDING OR REPRODUCING CONTROLLING METHOD, AND RECORDING AND/OR REPRODUCING UNIT - Unique identification information is prerecorded on a disc. The identification information is registered to a server along with user's license when he or she buys the disc. When an terminal unit reproduces data from the disc, identification information is read and transmitted to the server through the Internet. The server creates a key that controls to reproduce data from the disc in accordance with the license identified by the identification information and transmits the key to the terminal unit along with the user's license information for the disc. The terminal unit controls to reproduce contents of the disc in accordance with key and license information transmitted from the server. The license for each disc is managed in accordance with the identification information. Thus, different services can be provided for individual discs. | 07-15-2010 |
20100185865 | GENERATION OF COMMUNICATION DEVICE SIGNATURES FOR USE IN SECURING NOMADIC ELECTRONIC TRANSACTIONS - A method for execution in a communication device, which comprises accessing an identifier stored in a memory; receiving a first data set and a second data set over a first communication path; generating a first signature from the identifier and the first data set; generating a second signature from the identifier and the second data set; responding to a first request by releasing a first response including the first signature over a local communication path different from the first communication path; and responding to a subsequent request by releasing a second response including the second signature over the local communication path. | 07-22-2010 |
20100185866 | METHOD AND SYSTEM FOR CATEGORIZING CONTENTS - The present invention discloses a method and system for categorizing contents and relates to network and communication technologies. The content categorizing method includes: categorizing a content for which a category is requested and determining the content category; generating a digital signature according to the content and the content category; and returning the content category and the digital signature. The content screening method includes: receiving a pre-categorized content that carries a content, a content category and a digital signature; performing trust verification on the pre-categorized content according to the digital signature and when the trust verification is successful, screening the content according to the content category carried in the pre-categorized content. The present invention also discloses a content categorizing apparatus, a content screening apparatus, and a system for implementing a trust model. With the present invention, when a pre-categorized content is consumed, the correct mapping between the content and content category carried in the pre-categorized content is verified and the identity of the content categorizer is authenticated to guarantee the legal source of data. | 07-22-2010 |
20100185867 | DIGITAL SIGNATURE METHOD, PROGRAM, AND APPARATUS - A method for generating a digital signature with respect to an electronic document, the method including: inputting a target electronic document and a corresponding digital signature σ; dividing the target electronic document into a plurality of partial documents mi; and when a revision of the partial documents is to be performed, in a case where deletion of the one partial document is to be performed, when sanitization is not prohibited, exponentiating the digital signature σ twice with a hash value Gi, when sanitization is prohibited, exponentiating σ with the Gi; in a case where sanitization is to be performed, replacing a partial document by Gi; in a case where deletion is to be prohibited, exponentiating σ with a hash value Hi; in a case where the sanitization is to be prohibited, exponentiating σ with Gi; and updating σ. | 07-22-2010 |
20100185868 | PERSONILIZED DIGITAL MEDIA ACCESS SYSTEM - The invention is an apparatus that facilitates access to encrypted digital media to accept verification and authentication from an excelsior enabler using at least one token and at least one electronic identification. The at least one electronic identification could be a device serial number, a networking MAC address, or a membership ID reference from a web service. Access to the product is also managed with a plurality of secondary enablers using the at least one electronic identification reference. | 07-22-2010 |
20100191973 | SYSTEM AND METHOD FOR ESTABLISHING A SECURE CONNECTION WITH A MOBILE DEVICE - Methods and apparatus are provided for establishing a secure connection with a mobile device that is configured to store a first private key that mathematically corresponds to a first public key. The method comprises receiving a quasi-public key from a trusted entity, wherein the quasi-public key mathematically corresponds to a quasi-private key that is stored on the mobile device, receiving a first digital certificate from the mobile device, the first digital certificate comprising the first public key and a first digital signature generated with the quasi-private key, and authenticating the first digital certificate using the first digital signature and the quasi-public key. | 07-29-2010 |
20100191974 | SOFTWARE APPLICATION VERIFICATION - Various embodiments for software application verification are disclosed. Software application verification applies digital rights management to applications that run protected content on a playback device. In this way, protected content may be provided to approved applications and withheld from applications that have not been approved to run the protected content. | 07-29-2010 |
20100191975 | PRIVACY-PRESERVING COMMUNICATION - Anonymous information sharing systems and methods enable communication of information to parties in a privacy-preserving manner such that no one other than the designated parties can know the source, recipient, and content of the information. Furthermore, the communication can be accomplished without requiring trial decryption, and protection can be provided against of sharing of privileges. | 07-29-2010 |
20100191976 | METHOD FOR INSTALLING RIGHTS OBJECT FOR CONTENT IN MEMORY CARD - A method, device and system for stably issuing a rights object (RO) to a memory, namely, an SRM, via a terminal. When RO has been issued to the memory card, namely, to the SRM, by using the stable procedure, the RO can be compatible with a different terminal that does not support the stable procedure, whereby the RO can be completely used by the different terminal. | 07-29-2010 |
20100191977 | DATA CERTIFICATION METHOD AND APPARATUS - Apparatus for certifying electronic data supplied by a user receives data to be signed, supplied by the user from a source device, at a certifying apparatus including at least a signature server providing a signing function. An encrypted password is received at that server from the source device via a first communication path, the password being generated by an authentication system providing an authentication function separate from the signing function and the password being transmitted to the source device via a second communication path, the signature server and the authentication system have different communication paths with the source device. A version of the encrypted password is communicated between the signature server and the authentication system via a third communication path, different to the first and second paths, for authenticating the user. A result of the authenticating of the user is determined at the signature server by the communication between the authentication system and the signature server, that result being determined by verification of the version of the encrypted password, that verification being performed without the signature server verifying the actual plaintext password. The data to be signed is signed using elements of information secure to the signature server if the result of the authentication indicates that the user is authenticated. The signed data from the certifying apparatus is then passed to a recipient device so that the elements of secure information certify that the data supplier is the user. A method of certifying the data is also disclosed. | 07-29-2010 |
20100199096 | INTEGRATED CIRCUIT AND MEMORY DATA PROTECTION APPARATUS AND METHODS THEREOF - A memory data protection apparatus including a storage device, a cipher, and a validator is provided. The storage device is embedded in a chip electrically coupled to an external memory for storing an offset value, a signature and a key. The cipher electrically coupled to the storage device and the external memory to receive the key includes an encrypter and a decrypter. The encrypter is capable of executing an encryption to output an encrypted data and an encrypted certified data. The decrypter is capable of executing a decryption to output a decrypted data. The validator electrically coupled to the storage device receives the signature, the offset value and the certified data and determines an access limit of the external memory by validating the certified data with the signature and the offset value. The memory data protection apparatus accesses an original data in the external memory according to the access limit. | 08-05-2010 |
20100199097 | NON-REPUDIABLE TRANSLATION OF ELECTRONIC DOCUMENTS - A method for non-repudiable translation of documents is disclosed, whereby a computer application determines a storage location for a first document, generates a first digital signature for the first document, determines a storage location for a plurality of translation instructions, generates a second digital signature for the plurality of translation instructions, translates the first document, assembles a second document including the storage location for the first document, the storage location for the plurality of translation instructions, the first digital signature, the second digital signature, the translation, and at least one encryption key associated with the first document and the plurality of translation instructions, and digitally signs the second document. The signed document includes sufficient information to demonstrate non-repudiable translation of the first document. | 08-05-2010 |
20100205444 | Software Program for Encrypting and Decrypting, Digital Media; Photograph and Video and encoding an expiration date in them. - The digital media, photograph and video encryption and decryption software will encrypt the photograph or video and a provision is provided to put an expiration date on the photograph or video, after the expiration date the Software program will give a message saying the photograph or video has expired and not decrypt the photograph or video for viewing. The encryption key can be stored on an online web account, which can be modified by the user and lets the user; change the expiration date of a particular photograph or video. All the information; encryption key, expiration date; will be stored inside the encrypted media, photograph or video as a digital watermark or in a separate file based on user preference. | 08-12-2010 |
20100205445 | WATERMARK SYSTEMS AND METHODS - Various improvements relating to digital watermarking and related technologies are detailed, including methods that enhance security and functionality, and new articles including watermarked puzzles and marked DNA. | 08-12-2010 |
20100211792 | COMMUNICATION CHANNEL ACCESS BASED ON CHANNEL IDENTIFIER AND USE POLICY - A communication channel has an associated channel authenticator that includes a channel identifier, a use policy identifying how an owner of the communication channel indicates the communication channel is used, and a digital signature over the channel identifier and use policy. The identifier of the communication channel and the use policy can be verified by a computing device, and a check made as to whether a current security policy of the computing device is satisfied by the use policy. An access that the computing device is allowed to have to the communication channel is determined based at least in part on both whether the current security policy is satisfied by the use policy and whether the identifier of the communication channel and the use policy are verified. | 08-19-2010 |
20100211793 | SECURE SIGNING METHOD, SECURE AUTHENTICATION METHOD AND IPTV SYSTEM - A secure signing method, a secure authentication method, and an IPTV system are disclosed. The secure signing method includes preparing digital signature header fields and setting an attribute, calculating a hash digest of content using a hashing algorithm, storing the calculated hash value in a message digest field of the digital signature header, encrypting the message digest using a secret key and inserting the encrypted message digest in a signature field of the digital signature header, and associating the digital signature header with the content by prefixing the digital signature header to the content. The secure authentication method includes checking whether a format and value of a digital signature header of content are appropriate, calculating a hash digest of the content using a hashing algorithm, comparing the calculated hash value with a message digest field of the digital signature header, decrypting the hash value of the signature field of the digital signature header using a public key extracted from a certificate field, and comparing the decrypted hash value with the message digest. | 08-19-2010 |
20100211794 | Extraction of Video Fingerprints and Identification of Multimedia Using Video Fingerprinting - A video fingerprinting algorithm extracts characteristic features from regions of interest in a media object, such as a video signal. The regions of interest contain the perceptually important parts of the video signal. A fingerprint may be extracted from a target media object, and the fingerprint the target media content may then be matched against multiple regions of interest of known reference fingerprints. This matching may allow identification of complex scenes, inserts, and different versions of the same content presented in, for example, different formats of the media object. | 08-19-2010 |
20100211795 | SYSTEM AND METHOD FOR VERIFYING DIGITAL SIGNATURES ON CERTIFICATES - A system and method for verifying a digital signature on a certificate, which may be used in the processing of encoded messages. In one embodiment, when a digital signature is successfully verified in a signature verification operation, the public key used to verify that digital signature is cached. When a subsequent attempt to verify the digital signature is made, the public key to be used to verify the digital signature is compared to the cached key. If the keys match, the digital signature can be successfully verified without requiring that a signature verification operation in which some data is decoded using the public key be performed. | 08-19-2010 |
20100217990 | COMMUNICATION METHOD, RELAY SERVER DEVICE, PROGRAM, AND RECORDING MEDIUM - A first connection between a first terminal | 08-26-2010 |
20100217991 | SURGERY ROBOT SYSTEM OF SERVER AND CLIENT TYPE - A server-client type surgical robot system is disclosed. One aspect of the present invention provides a surgical robot system that includes a plurality of control clients, which generate control signals, and a surgical server, which is manipulated in correspondence with the control signals received from authenticated control clients. The server-client type surgical robot system can include a plurality of control clients for manipulating one surgical server, and incorporates security technology in server-client based robot surgery, to allow greater safety in performing surgery. | 08-26-2010 |
20100217992 | COMPOUNDING SECURITY WITH A SECURITY DONGLE - Exposure of a security mechanism, over time and/or in particular markets, increases the likelihood that the security mechanism will be compromised. A security dongle, however, can resist/delay being comprised by compounding one or more security techniques with the security dongle security mechanism (e.g., a unique identifier of the dongle stored in a secure area of the dongle, a cryptographic token with a private key that cannot be retrieved from the memory of the security dongle, etc.). A dynamic element (e.g., a changing key) and/or an unexposed element (e.g., a private key secured by an owner) can be used in conjunction with a security dongle to buttress against being compromised. Using the dynamic element and/or the unexposed element, the security dongle can be cryptographically bound to at least an identifier of a piece of software enabled by the security dongle. | 08-26-2010 |
20100217993 | DISPLAY WINDOW CONTROL SYSTEM AND METHOD - An embodiment of a method for rendering an item of media content includes obtaining a media presentation having a media-content portion and a display-window-configuration component. The display-window-configuration component is recovered from the media presentation and causes a defined display window to be presented contemporaneously with rendering the media content of the media-content portion. And an embodiment of a method for rendering an item of media content having an action-indicator associated with an action includes analyzing the media content to detect the action-indicator and executing the associated action. For example, the action-indicator may be a watermark, which may be visible while an image portion of the media content is displayed. | 08-26-2010 |
20100217994 | Trusted Infrastructure Support Systems, Methods and Techniques for Secure Electronic Commerce, Electronic Transactions, Commerce Process Control and Automation, Distributed Computing, And Rights Management - An integrated, modular array of administrative and support services are provided for electronic commerce and electronic rights and transaction management. These administrative and support services supply a secure foundation for conducting transaction-related capabilities functioning over electronic networks can also be adapted to the specific needs of electronic commerce value chains. In one embodiment, a Distributed Commerce Utility having a secure, programmable, distributed architecture provides administrative and support services. The Distributed Commerce Utility may comprise a number of Commerce Utility Systems. These Commerce Utility Systems provide a web of infrastructure support available to, and reusable by, the entire electronic community and/or many of its participants. Different support functions can be collected together in hierarchical and/or networked relationships to suit various business models or other objectives. Modular support functions can be combined in different arrays to form different Commerce Utility Systems for different design implementations and purposes. | 08-26-2010 |
20100223471 | Cookie Verification Methods And Apparatus For Use In Providing Application Services To Communication Devices - In one illustrative example, a method in a communication device adapted for communications using Hypertext Transport Protocol (HTTP) involves setting, at the communication device, an HTTP cookie which includes a user identification of a user of the communication device and a message portion which is signed with a digital signature of the user. The communication device sends, to an application server site via the communication network, a request message which includes the HTTP cookie. If verification of the digital signature at the application server site is successful, the communication device will receive access to an application service of the application server site. In one variation, the HTTP cookie is alternatively set with a group identification of a group with which the user is associated, and the message portion is signed with a digital signature of the group. The group may be a plurality of users associated with a service provider which provides the communication device access to a communication service in the communication network. In this case, the HTTP cookie may be set with a token retrieved from the service provider, where the token includes the digital signature of the service provider. | 09-02-2010 |
20100223472 | METHOD AND SYSTEM FOR LEGALLY SHARING FILES - The invention relates to a method and a system for distributing a content item, which has been divided into a plurality of blocks of data. A control unit creates at least one watermark block. This watermark block is unique for the client and the content item to be distributed and is stored in a watermark unit. Before the content item is distributed to the client the client will need a ticket in order to verify himself when connecting to other clients. The clients can, if they have valid tickets, connect to each other and transfer the blocks of data to and from each other. In order for a client to receive a complete content item it also needs to connect to the watermark unit in order to obtain the at least one watermark block that makes the content item complete. | 09-02-2010 |
20100228983 | Third-party watermarking - A “third-party watermark” is inserted into a file or files uploaded by a client to a “storing party” such as a file backup server. The third-party watermark may contain information about the upload itself, such as time and date of the upload and the identity of the client. The third-party watermark may also contain authentication information received from the client or elsewhere that establishes that the client is in proper possession of the file, e.g., it is not a “bootlegged” copy. | 09-09-2010 |
20100228984 | FULL-RIGHTS LOCAL PLAYBACK OF DIGITAL CONTENT - A method of playing a digital content item includes downloading the digital content item from a removable data-holding medium to a local data-holding medium of a media playing system, and sending a licensing request to a network-accessible, digital-content service. The method further includes receiving a full-rights license for the digital content item from the digital-content service, where the full-rights license grants a right to play the digital content item from the local data-holding medium of the media playing system without the removable data-holding medium being present. The method further includes receiving a request to play the digital content item, and verifying the full-rights license for the digital content item. The method further includes playing the digital content item from the local data-holding medium if the full-rights license verifies, without the removable data-holding medium being present. | 09-09-2010 |
20100228985 | CONTENT MANAGEMENT METHOD AND APPARATUS IN INTELLIGENT ROBOT SERVICE SYSTEM - A content management method in an intelligent robot service system includes: generating a key to distribute the key to a content generation node and a content execution node; generating a signature for a content using the distributed key in the content generation node; providing the content and the signature to the content execution node; and verifying a validity of the content in the content execution node to execute the verified content. | 09-09-2010 |
20100235643 | AUTHENTICATION OF AN OBJECT - A system for authenticating an object is disclosed. The system includes an optical sensing device and a processor. The optical sensing device senses coded data provided on a surface associated with the object. The coded data is indicative of a position on the surface, an identity associated with the object, and a part of a signature. The signature is a digital signature of the identity. The processor determines, using the sensed coded data, a sensed identity and a sensed signature part, determines, using the position, a sensed signature part identity, determines, using the sensed identity, at least a determined signature, determines, using the determined signature and the sensed signature part identity, a determined signature part, compares the determined signature part to the sensed signature part, and authenticates the object using the result of the comparison. | 09-16-2010 |
20100241863 | DEVICE FOR REPRODUCING DIGITAL CONTENT, SECURE ELECTRONIC ENTITY, SYSTEM COMPRISING SAID ELEMENTS AND METHOD FOR REPRODUCING DIGITAL CONTENT - The invention concerns a method for reproducing digital content including the following steps: receiving (E | 09-23-2010 |
20100250949 | GENERATION, REQUESTING, AND/OR RECEPTION, AT LEAST IN PART, OF TOKEN - An embodiment may include circuitry to at least one of generate at least in part, receive at least in part, and request at least in part, a token. The token may identify, at least in part, a device to an entity. The token, as received by the entity, may be encrypted, at least in part, based at least in part upon the entity's public key. The token may be generated by an authorized provider of the token based at least in part upon an identifier of the device and a signature. The signature may be generated based at least in part upon the provider's private key and the identifier. The token, as received by the entity, may be capable of being decrypted at least in part, based at least in part upon the entity's private key. The entity's private key may be maintained in secrecy from the device and provider. | 09-30-2010 |
20100250950 | COMMUNICATION APPARATUS - A communication apparatus includes: a first storage unit storing a received electronic mail; a verification unit executing a first verification about an electronic signature attached to the received electronic mail; a printing unit printing the received electronic mail if a verification result of the first verification is positive; a deletion unit deleting the printed electronic mail from the first storage unit; and a storage control unit controlling a second storage unit to store the mail information about the received electronic mail in the second storage unit if the verification result of the first verification is negative. The verification unit again executes the first verification about a specific electronic signature attached to a specific electronic mail which mail information is stored in the second storage unit. The printing unit prints the specific electronic mail if a verification result by again executing the first verification about the specific electronic signature is positive. | 09-30-2010 |
20100250951 | COMMON KEY SETTING METHOD, RELAY APPARATUS, AND PROGRAM - A secret key of a second apparatus is stored in a relay apparatus. A first apparatus specifies secret information used to identify a common key, generates encrypted secret information by encrypting the secret information by using a public key of the second apparatus, and transmits the encrypted secret information to the relay apparatus. Then, the relay apparatus decrypts the encrypted secret information by using the secret key of the second apparatus to extract the secret information. The relay apparatus transmits the encrypted secret information to the second apparatus. The second apparatus decrypts the encrypted secret information by using the secret key of the second apparatus to extract the secret information. Finished messages corresponding to communication log information and the secret information are exchanged between the first apparatus and the relay apparatus and between the second apparatus and the relay apparatus. | 09-30-2010 |
20100250952 | TWO-WAY ACCESS AUTHENTICATION METHOD - A two-way access authentication method comprises: According to the system parameters pre-established by the third entity, the first entity sends the access authentication request packet to the second entity, then the second entity validates whether the signature of first entity is correct, and if yes, the share master key of second entity is calculated; the second entity generates the access authentication response packet and sends it to the first entity, then the first entity validates whether the signature of access authentication response packet and the message integrity check code are correct; if yes, the share master key of first entity is calculated; the first entity sends the access authentication acknowledge packet to the second entity, then the second entity validates the integrity of the access authentication acknowledge packet, if passing the validation, the share master key of first entity is consistent with that of the second entity, and the access authentication is achieved. For improving the security, after received the access authentication request packet sent by the first entity, the second entity may perform the identity validity validation and generates the access authentication response packet after passing the validation. | 09-30-2010 |
20100262831 | Method and Apparatus for Providing Secure Linking to a User Identity in a Digital Rights Management System - Disclosed is a DRM device and method for providing secure linking to a user identity. A first request is sent to a subscriber identity module. A message is received from the subscriber identity module via a secure authenticated channel. The message comprises at least a a master key identifier, a random number, and a derived key. In response to the message, a second request is sent to a DRM server. The second request comprises at least a master key identifier, the device identifier, and a random number. Also disclosed is a DRM server and method for providing secure linking to a user identity. A first request is received from a DRM device. The first request comprises at least master key identifier, a device identifier, and a random number. The DRM device is authenticated. A second request for an application specific key is sent to a trusted key management server. The second request comprises at least a master key identifier. At least a key is received from the trusted key management server. A derived key is determined from the key received from the trusted key management server based at least on the device identifier and the random number. A challenge/response scheme is used to determine whether the derived key of the DRM server matches a derived key of the DRM device. | 10-14-2010 |
20100262832 | ENTITY BIDIRECTIONAL AUTHENTICATION METHOD AND SYSTEM - An entity bidirectional authentication method and system, the method involves: the first entity sends the first message; the second entity sends the second message to the credible third party after receiving the said first message; the said credible third party returns the third message after receiving the second message; the said second entity sends the fourth message after receiving the third message and verifying it; the said first entity receives the said fourth message and verifies it, completes the authentication. Compared with the conventional authentication mechanism, the invention defines an on-line retrieval and authentication mechanism of a public key, realizes the centralized management for it, simplifies the operating condition of the protocol, and facilitates the application and implement. | 10-14-2010 |
20100268956 | Efficient and secure data currentness systems - Indicating data currentness includes, on any date of a sequence of dates, issuing a proof indicating the currentness status of the data during a particular time interval. The proof may be a digital signature. The time interval may be in the form of a current date and an amount of time. The proof may include a digital signature of the time interval. The proof may include a digital signature of the time interval and the data. The proof may include a digital signature of the time interval and a compact form of the data, such as a hash. Indicating data currentness may also include distributing the proofs to a plurality of unsecure units that respond to requests by users for the proofs. Indicating data currentness may also include gathering a plurality of separate pieces of data and providing a single proof for the separate pieces of data. The data may be electronic documents. | 10-21-2010 |
20100268957 | SIGNATURE GENERATING APPARATUS, SIGNATURE VERIFYING APPARATUS, AND METHODS AND PROGRAMS THEREFOR - A signature is generated by a scheme in which x denotes a secret key of a signature generating apparatus, m | 10-21-2010 |
20100268958 | Systems and Methods for Watermarking Software and Other Media - Systems and methods are disclosed for embedding information in software and/or other electronic content such that the information is difficult for an unauthorized party to detect, remove, insert, forge, and/or corrupt. The embedded information can be used to protect electronic content by identifying the content's source, thus enabling unauthorized copies or derivatives to be reliably traced, and thus facilitating effective legal recourse by the content owner. Systems and methods are also disclosed for protecting, detecting, removing, and decoding information embedded in electronic content, and for using the embedded information to protect software or other media from unauthorized analysis, attack, and/or modification. | 10-21-2010 |
20100268959 | Verifying Captured Objects Before Presentation - Objects can be extracted from data flows captured by a capture device. Each captured object can then be classified according to content. Meta-data about captured objects can be stored in a tag. In one embodiment, the present invention includes receiving a request to present a previously captured object to a user, accessing a tag associated with the requested object, the tag containing metadata related to the object, the metadata including an object signature, and verifying that the object has not been altered since capture using the object signature before presenting the object to the user. | 10-21-2010 |
20100275025 | METHOD AND APPARATUS FOR SECURE COMMUNICATION - In a device, method and/or computer-readable medium for secure communication between a client device and a server, the client device includes a browser for accessing a website provided by the server, the client device generates a key according to a key generating cryptographic routine; tags the key with a marker associating the key with the website; and stores the tagged key in a memory associated with the browser. | 10-28-2010 |
20100275026 | METHOD AND APPARATUS FOR IMPROVING CODE AND DATA SIGNING - Methods and computing devices enable code and/or data software on computer devices to be verified using methods and signatures which can be updated by a signing server after distribution. Updated verification methods and signatures may be provided in a second signature file. When a computing device unpacks an application for execution it may check whether a second signature file is associated with the application file. If not it may connect to a signing server to request a second signature file for the software. The signing server then may request information related to the software sufficient to determine if the software is trustworthy. If determined to be trustworthy, the signing server can send a second signature file to the computer device for use in verifying the software henceforth. The second signature file may include new or modified verification methods and a new signature. | 10-28-2010 |
20100275027 | RECEIVED MESSAGE VERIFICATION - A method of verifying the validity of a message received by a telecommunications terminal ( | 10-28-2010 |
20100275028 | VERIFICATION APPARATUS - In an integer partitioning process S | 10-28-2010 |
20100275029 | SYSTEM AND METHOD OF INSTALLING SOFTWARE APPLICATIONS ON ELECTRONIC DEVICES - In at least one embodiment, there is provided a mobile wireless device comprising: a microprocessor and memory, the memory comprising a set of control settings used to control a plurality of device operations; wherein the microprocessor is configured to: receive a first digital signature key for verifying digital signatures on software applications to be installed on the device; determine if any digital signature keys for verifying digital signatures on software applications to be installed on the device exist on the device, and if not, store the received first digital signature key in the memory; receive a software application for installation on the device; verify a digital signature on the received software application using the first digital signature key; and install the software application on the device if the digital signature on the received software application is successfully verified. | 10-28-2010 |
20100281263 | RECORDING DEVICE, SERVER DEVICE, RECORDING METHOD, RECORDING MEDIUM WITH COMPUTER PROGRAM RECORDED THEREIN AND INTEGRATED CIRCUIT - A recording device for recording one or more of a plurality of subcontents recorded on a first recording medium, onto a second recording medium, the first recording medium having further recorded thereon digest values of the subcontents, and a medium signature generated based on the digest values of the subcontents, the plurality of subcontents constituting one content, the recording device comprising: a subcontent acquisition unit operable to select and acquire one or more of subcontents permitted to be copied; an excluded digest value acquisition unit operable to acquire excluded digest values from the first recording medium, the excluded digest values being digest values of nonselected subcontents; a signature acquisition unit operable to acquire the medium signature from the first recording medium; and a write unit operable to write, onto the second recording medium, (i) the one or more selected subcontents, (ii) the excluded digest values, and (iii) the medium signature. | 11-04-2010 |
20100281264 | INFORMATION PROCESSING APPARATUS, KEY UPDATE METHOD, AND PROGRAM - An information processing apparatus includes: a signature generating section that generates an electronic signature σ by using a signature key KS associated with a verification key KV; and a substitute-key generating section that generates, with respect an electronic document m to which the electronic signature σ is attached by the signature generating section, a substitute verification key KV′ (KV′≠KV) that is capable of verifying a validity of the electronic signature σ and a substitute signature key KS′ (KS′≠KS) associated with the substitute verification key KV′. In a predetermined case, the verification key KV and the signature key KS are updated to the substitute verification key KV′ and the substitute signature key KS′. | 11-04-2010 |
20100281265 | INFORMATION DISTRIBUTION SYSTEM AND PROGRAM FOR THE SAME - The present invention is made to provide an information distribution system capable of securely storing digitized personal information in an encrypted state in a storage section and securely transferring/disclosing the stored digitized information only to a particular third person via a network. Communication of the information is securely performed in the encrypted state between information terminals connected to the communication network (between a client and a server or between peer-to-peer client terminals). An information terminal which has created information encrypts the original information by a common key generated upon communication and stores the information in a secure storage of one of the information terminals connected to the communication network while maintaining the encrypted state. Further, the system creates a mechanism for authenticating a person having a particular authority for viewing the encrypted information and index information having an encrypted common key and link information indicating the location of the information for supply to a user. | 11-04-2010 |
20100281266 | SYSTEM FOR SECURE INTERACTION WITH SECURE DOCUMENT - A system for secure interaction with a secure document is provided. The secure document has coded tags which each encode data associated with the document identity and a location of that tag on the document. The system has memory for recording a correspondence between the document identity and information relating to the document, a receiver for receiving data from a sensing device used to interact with the document, and a processor for verifying the interaction with the document using the received data and the recorded correspondence. The received data is generated by the sensing device through sensing of the data encoded by the coded tags to identify the document identity and a position of the sensing device relative to the document. | 11-04-2010 |
20100287376 | EXTERNAL SIGNATURE DEVICE FOR A PC WITH WIRELESS COMMUNICATION CAPACITY - External signature device for a PC, with capacity for wireless communication with the computer, which can be used immediately in electronic banking and electronic commerce or in any other system based on electronic signature requiring a high level of security with a relatively small amount of data for signature, said device including a communication interface with wireless connection to the PC, an alphanumeric display ( | 11-11-2010 |
20100287377 | Method and a system for a secure execution of workflow tasks of a workflow in a decentralized workflow system - A computer-implemented method is disclosed for a secure execution of workflow tasks of a workflow to be executed according to a given execution pattern in a decentralized workflow system with a central workflow engine (CWE) initiating the workflow and a plurality of task execution agents (A1, A2, . . . ), wherein task-based public-private key pairs are produced using a workflow signature scheme. The method starts at an i'th execution agent which is selected by at least one preceding execution agent in accord with the execution pattern to perform an i'th task of the workflow. The method includes receiving, from the at least one preceding execution agent via a secure channel, a task-based private key generated by the at least one preceding execution agent; signing workflow information of the workflow for at least one subsequent execution agent with a workflow signature, the workflow signature being computed using the workflow signature scheme by taking as input at least the task-based private key; selecting at least one appropriate subsequent execution agent; computing a task-based private key for the at least one subsequent execution agent wherein the task-based private key is computed using system parameters and a workflow identifier assigned to the subsequent execution agent; forwarding to the at least one subsequent execution agent the workflow information with its associated workflow signature, the system parameters and the task-based private key for the at least one subsequent execution agent through a secure channel. | 11-11-2010 |
20100287378 | SIGNATURES FOR MULTIPLE ENCODINGS - Signatures for multiple encodings is disclosed. In some embodiments, signatures for multiple encodings includes receiving a first signature of digitally signed data, wherein the first signature is a digital signature of data included in a first document having a first document encoding; receiving a second signature of digitally signed data, wherein the second signature is a digital signature of data included in the first document having a second document encoding, and wherein the first document encoding and the second document encoding are different document encodings; receiving a third signature of digitally signed data, wherein the third signature is a digital signature of data included in a canonicalized version of the first document having a canonical encoding, and wherein canonicalizing the first document includes providing a different order of data within the first document based on a canonical ordering; selecting a signature from the received first signature, the received second signature, and the received third signature, wherein the first signature, the second signature, and the third signature are associated with the first document to provide a digitally signed first document; and verifying the digitally signed data using the selected signature. | 11-11-2010 |
20100293383 | Storage device authentication - Systems and methods authenticate storage devices. In one implementation, a computer-implemented method is provided for authenticating a storage device. According to the method, a manifest that identifies a destination is receive. A transfer station reads a digital signature from the storage device. The digital signature is validated and, based on the validation of the digital signature, a transfer of one or more files from the storage device via the transfer station is authorized to the destination identified in the manifest. | 11-18-2010 |
20100293384 | Digital Signatures - Technologies are generally described for secure digital signatures that employ hardware public physically unclonable functions. Each unique digital signature generator can be implemented as hardware such that manufacturing variations provide measurable performance differences resulting in unique, unclonable devices or systems. For example, slight timing variations through a large number of logic gates may be used as a hardware public physically unclonable function of the digital signature unit. The hardware digital signature unit can be parameterized such that its physical characteristics may be publicly distributed to signature verifiers. The verifiers may then simulate randomly selected portions of the signature for verification. | 11-18-2010 |
20100293385 | HTTP-BASED AUTHENTICATION - A system and method for authenticating an HTTP message. A relying party may respond to a request from a requester by sending an HTTP message with authentication specifications to the requester. The requester responds with a new request that adheres to a scheme specified by the relying party. A framework allows for a security token to be located in an HTTP header or a message body, with various options such as fragmenting the token available. An option allows for cryptographically binding the security token to the body of a message. An authentication framework provides for an implementation by an HTTP stack or by an application. | 11-18-2010 |
20100293386 | DISTRIBUTION AND PRINTING OF TRAVEL DOCUMENTS - A system for generating and printing travel documents for a customer associated with a journey having one or more parts, the system comprising: a travel documentation distribution module capable of generating travel documentation for the customer and capable of passing the documents for storage on a customer device at the request of the customer; and a printer located in the vicinity of a starting point of one of the parts of the journey which is capable of responding to a short range communication from the customer device to print the travel documents for said part of the journey for the customer. | 11-18-2010 |
20100293387 | Method and system for digital watermarking - A method for applying a digital watermark to a content signal is disclosed. In accordance with such a method, a watermarking key is identified. The watermarking key includes a binary sequence and information describing application of that binary sequence to the content signal. The digital watermark is then encoded within the content signal at one or more locations determined by the watermarking key. | 11-18-2010 |
20100299527 | NEAR FIELD COMMUNICATION (NFC) DEVICE AND METHOD FOR SELECTIVELY SECURING RECORDS IN A NEAR FIELD COMMUNICATION DATA EXCHANGE FORMAT (NDEF) MESSAGE - Methods for selectively securing records in a Near Field Communication Data Exchange Format (NDEF) message. A method includes placing a place marker signature record in the NDEF message. The place marker signature record is a modified signature Record Type Definition (RTD). A first set of records preceding the place marker signature record in the NDEF message is unsecured. The method also includes securing a second set of records following the place marker signature record. Another method includes placing a secured bytes field in the signature RTD. The secured byte field indicates a number of bytes of data to be secured preceding this field. The method also includes securing data in records preceding this field in the signature RTD, based on a value of the secured bytes field. | 11-25-2010 |
20100318804 | SCHEME OF APPLYING THE MODIFIED POLYNOMIAL-BASED HASH FUNCTION IN THE DIGITAL SIGNATURE ALGORITHM BASED ON THE DIVISION ALGORITHM - The present invention relates specifically to a modified digital signature algorithm together with a polynomial-based hash function, in which the last step of the calculation of the final hash value, the exponentiation, is omitted. Such a modification eliminates some of the potential attacks to which a basic hash function algorithm is susceptible. It further introduces several flexibilities to a digital signature scheme. For example, hashing and MAC-ing procedures omit an exponentiations step, whereby the security of data is increased as the possibility of successful attack is diminished. Furthermore, the present invention may be implemented either by way of hardware or software. It may also be capable of generating a digital signature for any set of parameters extracted from a message. Generation of a digital signature may occur without the step of a hashing or MAC-ing procedure. | 12-16-2010 |
20100318805 | PROTECTION AGAINST UNINTENTIONAL FILE CHANGING - Files are protected against intrusion. A first embodiment protects certain files against changes. A second embodiment encrypts the files that are stored using user's personal information. | 12-16-2010 |
20100318806 | MULTI-FACTOR AUTHENTICATION WITH RECOVERY MECHANISMS - A single sign on facility provides redundancy and recovery functions through the use of a plurality of identifiers. Users prove identity to relying parties by demonstrating control over each of the plurality of identifiers. A user can employ a subset of the identifiers recognized by an RP to change an identifier that has been lost or which the user has lost control over. | 12-16-2010 |
20100325439 | METHOD AND SYSTEM FOR THE SUPPLY OF DATA, TRANSACTIONS AND ELECTRONIC VOTING - A method and system for supply of data, including generating a first digital certificate referred (empowerment certificate) signed with a first signing entity's electronic signature. The empowerment certificate includes attributes of the described entity, information identifying the first signing entity, indication of data relating to the described entity, indication of a source of the data, and identification of a relying entity to which the data can be supplied. The relying entity forwards the empowerment certificate to a source supplying the data indicated in the empowerment certificate. The data may be supplied to the relying entity by a second digital certificate (custom certificate), signed with a second signing entity's electronic signature. Custom certificates may appear in custom certificate revocation lists. A system and method for transfer of ownership of electronic property from a first entity to a second entity, and a method and system for electronic voting are also provided. | 12-23-2010 |
20100332840 | Systems and Methods for Electronic Postmarking of Data Including Location Data - Systems and methods for electronic postmarking of location data are provided. Electronic postmarking of location data (S. | 12-30-2010 |
20110004764 | SECURE METER ACCESS FROM A MOBILE READER - Generally described, the disclosed subject matter is directed to improved processes for securely accessing a meter. In accordance with one embodiment, a method for providing a mobile meter reader with an authorization that may be used to establish a secure session with a meter is implemented. In particular, the method includes issuing a request for authorization to access the meter from the mobile meter reader. If the mobile meter reader maintains sufficient rights, an authorization having an encoded digital signature is generated at a host computer system and provided to the mobile meter reader. Then the method formulates and transmits an authorization command to the meter having the encoded digital signature that was generated by the host computing system. | 01-06-2011 |
20110004765 | LICENSE MANAGING METHOD AND DEVICE - A license managing device sets a security area for storing a license file, maintains the security area as an encoded file in an inactive state of the security area by encoding the security area, maintains the security area as a directory in an active state of the security area by decoding the security area, and encodes a license file by using a file encoding key according to the user's request and stores the same in a security area in an active state of the security area. | 01-06-2011 |
20110004766 | IP ADDRESS DELEGATION - A method of verifying a request made in respect of an IPv6 address comprising a network routing prefix and a cryptographically generated Interface Identifier. The request includes a delegation certificate containing a public key of the host, one or more further parameters or a formula or formulae for generating one or more further parameters, a specification of a range or set of IPv6 network routing prefixes, an identity of a delegated host, and a digital signature taken over at least the identity and the specification of a range or set of IPv6 network routing prefixes using a private key associated with the public key. The method verifies that the network routing prefix of said IPv6 address is contained within the specification, verifying that the public key and the further parameter(s) can be used to generate the cryptographically generated Interface Identifier, and verifying said signature using the public key. | 01-06-2011 |
20110010555 | Method and system for digital watermarking - A method for applying a digital watermark to a content signal is disclosed. In accordance with such a method, a watermarking key is identified. The watermarking key includes a binary sequence and information describing application of that binary sequence to the content signal. The digital watermark is then encoded within the content signal at one or more locations determined by the watermarking key. | 01-13-2011 |
20110010556 | System and Method of Secure Authentication Information Distribution - A system and method of distributing authentication information for remotely accessing a computer resource. A request for authentication information, including identity information, is received from a user of a remote device. When the user is authenticated based on the identity information, requested authentication information is retrieved and returned to the remote device. The authentication information, or information generated from the authentication information, is then used for remotely accessing the computer resource. | 01-13-2011 |
20110022846 | Systems and Methods for Secure Transaction Management and Electronic Rights Protection - The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node. These techniques may be used to support an all-electronic information distribution, for example, utilizing the “electronic highway.” | 01-27-2011 |
20110029779 | INFORMATION PROCESSING APPARATUS, PROGRAM, STORAGE MEDIUM AND INFORMATION PROCESSING SYSTEM - Provided is an information processing apparatus including a reception unit that receives a request for access to an IC chip from an application having access right information for accessing to the IC chip, an acquisition unit that acquires an authentication information for authenticating the application from an external server based on the access right information contained the request for access received by the reception unit, an authentication unit that authenticates the application based on the authentication information obtained by the acquisition unit, and a control unit that controls an access of the application to the IC chip based on an authentication result by the authentication unit. | 02-03-2011 |
20110040974 | Authentication of email servers and personal computers - An originating email server is authenticated by a destination email server using a public key provided by the originating email server, thereby making it possible to detect an email with a forged origination address with no action required by a domain owner. A personal computer is authenticated using a reputation report associated with a unique number corresponding to the personal computer, enabling, in one embodiment, spam detection, and, in another embodiment, a decision that a valid user is requesting service registration at a website. | 02-17-2011 |
20110040975 | SYSTEM AND METHOD FOR CONTROLLED COPYING AND MOVING OF CONTENT BETWEEN DEVICES AND DOMAINS BASED ON CONDITIONAL ENCRYPTION OF CONTENT KEY DEPENDING ON USAGE STATE - A system and method is disclosed for allowing content providers to protect against widespread copying of their content, while enabling them to give their customers more freedom in the way they use the content. In accordance with one embodiment, content providers identify their content as protected by watermarking the content. Consumers use compliant devices to access protected content. All of a user's compliant devices, or all of a family's devices, can be organized into an authorized domain. This authorized domain is used by content providers to create a logical boundary in which they can allow users increased freedom to use their content. | 02-17-2011 |
20110047384 | ESTABLISHING AN AD HOC NETWORK USING FACE RECOGNITION - Ad hoc network formation is provided in connection with using face recognition and simple device pairing to build a network. Upon determining the identity of an individual using, for instance, a software recognition program, various protocols may be used to implement the formation of the ad hoc network. | 02-24-2011 |
20110047385 | Methods and Systems for Digitally Signing a Document - Methods and systems according to various embodiments provide a voice-based digital signature to a digital document. For example, a user can access a website to fill in or compete a digital document such as an insurance application (e.g., an application for Medicare supplement insurance), and can call an interactive voice response (“IVR”) system to provide a voice-based (or oral or aural) digital signature to the digital document. The digital signature can then be attached, related, or appended to that digital document in place of a traditional signature. Thus, the digital document need not be printed and sent to the user for a signature. | 02-24-2011 |
20110047386 | SIGNING METHOD, APPARATUS, AND SYSTEM - A signing method, apparatus, and system, which relate to the information security field. The present invention overcomes the problem of signature counterfeit in prior art. The client host generates a transaction message and determines the key information of the message after receiving transaction information entered by a user, forms a data packet for signing, and transmits the data packet to the USB key, which will then extract the key information and output it for confirmation by the user, and if a confirmation is received, the USB key signs the data packet and transmits a signature to the client host; after receiving the signature and the transaction message from the client host, the server extracts the key information from the transaction message to form a data packet for signing and verifies the signature against the data packet. The embodiments of the present invention are mainly applicable to the field of information security. | 02-24-2011 |
20110055576 | HASH FUNCTION USING A HEAP MODELING PROCESS - This discloses, in the computer data security field, a cryptographic hash function process embodied in a computer system and which may be keyless, but is highly secure. The process is based on the type of randomness exhibited by a heap or stack of physical objects such as a heap of pieces of fruit and involves modeling the behavior of such a heap when pieces are removed from the heap. Computation of the hash value (digest) is thereby the result of executing a heap model algorithm using the message as an input to initialize the heap, then executing the heap model algorithm which logically models the process of serially removing objects (pieces of fruit) from the heap at various locations in the modeled heap. | 03-03-2011 |
20110055577 | Location authentication - In one implementation a method of authenticating the installation of a television receiver involves generating a fingerprint value as function of the television network characteristics at an authorized installation location, where the fingerprint is a function of at least one of a gain value of a variable gain amplifier and an equalizer coefficient of an adaptive equalizer of the television appliance; receiving a code that is a function of both a decryption key and the fingerprint value from a broadcast source; ascertaining a value of the decryption key by applying an inverse function to the code that produces the decryption key as an output; and carrying out a decryption process at the television receiver appliance using the decryption key. This abstract is not to be considered limiting, since other embodiments may deviate from the features described in this abstract. | 03-03-2011 |
20110055578 | VERIFICATION OF DISPERSED STORAGE NETWORK ACCESS CONTROL INFORMATION - In a dispersed storage network access control list information must be occasionally written out to system units across the network. A dispersed storage (DS) managing unit ( | 03-03-2011 |
20110055579 | ELECTRONIC NAME REGISTRY TYPE - Digital signatures may be verified by maintaining a database of information of digital signatures and documents to which they were applied. Verification of electronically signed documents may be requested, with verification performed by comparing information of the electronically signed document with information in the database. The digital signatures may include graphic images, and may be transferred from one party to another. | 03-03-2011 |
20110060910 | DEVICE ENABLED VERIFIABLE STROKE AND IMAGE BASED WORKFLOWS - A system for device enabled verifiable stroke and image based workflows comprises a plurality of portable computing devices, coupled by a network to a stroke and image workflow server. The portable computing devices include a display, stroke capture capability and a wireless communication capability. The portable computing devices are adapted to receive images, add stroke annotations to the received images, and send the annotated received images. The stroke and image workflow server is coupled to the network for communication with the portable computing devices. The stroke and image workflow server sends and receives documents from the portable computing devices, maintains a log for verification, and implements a paper like workflow and processing the documents. Essentially, this stroke and image workflow server implements paper like workflow and handles the overhead of processing electronic documents so that it is invisible to the user. | 03-10-2011 |
20110066859 | FLEXIBLE BROADCAST AUTHENTICATION IN RESOURCE-CONSTRAINED SYSTEMS: PROVIDING A TRADEOFF BETWEEN COMMUNICATION AND COMPUTATIONAL OVERHEADS - A method for authenticating a message that is transmitted wirelessly. The method includes providing a set of private key values that define a private key and performing a key pair generation process that provides a key pair including the private key and a public key, where performing the key pair generation process includes applying one or more hash functions to the private key values, where a succeeding hash function provides a hash of a previous hash function. The scheme uses a signature generation process that generates a message digest by applying a hash function on the message to be signed and then separates the message digest into two parts including signing bits and selection bits and using the private key to sign the message. A receiver verifies the authenticity of the received message using the public key and a signature verification algorithm. | 03-17-2011 |
20110066860 | Virtual World Embedded Security Watermarking - A method, apparatus, and program product are provided for using watermarks to embed security features on avatars in a virtual world. A watermark engine receives security information for an avatar in a virtual world. The watermark engine creates a watermark for the avatar using the security information and associates the watermark with the avatar. The watermark may comprise at least one of: security preferences for the avatar, contact information for an owner of the avatar, and graphical information to cause alteration of the avatar when the avatar is recorded. | 03-17-2011 |
20110072271 | DOCUMENT AUTHENTICATION AND IDENTIFICATION - Computer-implemented methods, systems, and computer program products for document authentication and identification using encoding and decoding are provided. A method includes receiving a digitized document and comparing the digitized document to a set of markers to determine whether the digitized document is an encoded document with one or more characters replaced. In response to determining that the digitized document is encoded, information is extracted from the set of markers using a decoder according to an encoding strategy. The extracted information and the set of markers are compared with data stored in encoding history to authenticate and identify the received digitized document. Markers in the encoded document may be hidden in plain sight, such that the encoding is not readily apparent to a casual observer. | 03-24-2011 |
20110072272 | LARGE-SCALE DOCUMENT AUTHENTICATION AND IDENTIFICATION SYSTEM - Computer-implemented methods, systems, and computer program products for document authentication and identification using a large-scale distributed system are provided. A method includes receiving a digitized document at a trusted system managed by a trusted third-party that is separate from a creator of content in the digitized document. The digitized document is compared to a set of markers to determine whether the digitized document includes one or more of the markers, and in response thereto, information associated with the one or more markers is extracted using a decoder on the trusted system according to encoding strategies. The method further includes generating a comparison registration identifier on the trusted system as a summary of the extracted information and the one or more markers, and comparing the comparison registration identifier with a stored registration identifier in an encoding history via the trusted system to authenticate and identify the received digitized document. | 03-24-2011 |
20110078449 | Encrypted Communication System with Limited Number of Stored Encryption Key Retrievals - A system for encrypted communication with external entities is configured to frustrate side channel attacks attempting to determine an encryption key. The system has a device with an encryption key stored in memory, an external entity with identity data for transmission to the device to initiate communication such that in response the device applies a one way function to the encryption key and the identity data to generate a variant key used to authenticate communications between the device and the external entity. The device is configured to limit the number of times the encryption key is allowed to be retrieved from the first memory to a pre-determined threshold. | 03-31-2011 |
20110078450 | Method of Encrypted Communication with Limited Number of Stored Encryption Key Retrievals - A method of encrypted communication between entities in a manner that frustrates side channel attacks attempting to determine an encryption key. The method involves providing a device with an encryption key stored in memory, providing an external entity with identity data for transmission to the device, applying a one way function to the encryption key and the identity data to generate a variant key, authenticating communications between the device and the external entity with the variant key and limiting the number of times the encryption key is retrieved from the first memory to a pre-determined threshold. | 03-31-2011 |
20110078451 | Encrypted Communication System with Restricted Rate of Stored Encryption Key Retrievals - A system for encrypted communication with external entities is configured to frustrate side channel attacks attempting to determine an encryption key. The system has a device with an encryption key stored in memory, an external entity with identity data for transmission to the device to initiate communication such that in response the device applies a one way function to the encryption key and the identity data to generate a variant key used to authenticate communications between the device and the external entity. The device is configured to limit the number of times the encryption key is retrieved from the first memory in a given period of time. | 03-31-2011 |
20110078452 | METHOD TO CONTROL ACCESS BETWEEN NETWORK ENDPOINTS BASED ON TRUST SCORES CALCULATED FROM INFORMATION SYSTEM COMPONENT ANALYSIS - Signatures are generated for modules in a computer system. The signatures can be assembled into an integrity log. The signatures are compared with signatures in a database in an integrity validator. Once signatures are either validated or invalidated, a trust score can be generated. The trust score can then be used to determine whether the computer system should be granted access to a resource using a policy. | 03-31-2011 |
20110083015 | SYSTEM AND METHOD FOR AN ELECTRONIC SIGNATURE FOR QUICK AND EFFICIENT DATA AUTHENTICATION - System and method for generating an electronic signature to authenticate data includes generating a private and a public key using the last value in a hash chain formed from the private key as a starting point, signing a message m, using a distinct set of hash chains using a second secure hash value of the message m and a counter c, selecting a block offset using the hash value of the selected chains, the message m, and the counter c, generating the signature from the selected seals and the counter. The electronic signature validity is verified by synchronizing a verification unit with a source of a signed message, computing expected chains by hashing the signed message m and a counter c with a first hash function, computing a set of expected block offsets by hashing the signed message m, counter c, and computed chains with a second hash function. | 04-07-2011 |
20110087886 | SYSTEM AND METHOD FOR OPEN DISTRIBUTION OF DIGITAL MEDIA - Various embodiments of the present invention provide a system and method for open digital media distribution. According to one embodiment, a system is provided which performs the operations of: creating a profile (e.g., artist or label profile) based on an input from a first party; receiving a digital media upload from the first party, wherein the digital media upload contains media content and the first party has a property interest in the media content; receiving from the first party an assignment of a payment account to the digital media upload, such that money from sales relating to the digital media upload is deposited into the payment account; receiving from the first party a sales parameters associated with the digital media upload; presenting through a computing device the digital media upload for sale to a second party; and selling the digital media upload to the second party through a computing device. | 04-14-2011 |
20110093714 | SYSTEMS AND METHODS FOR ASYMMETRIC CRYPTOGRAPHIC ACCESSORY AUTHENTICATION - Embodiments relate to systems, methods and devices for asymmetric cryptographic authentication. In an embodiment, a system includes an accessory comprising an authentication chip, the authentication chip comprising a public authentication key, a private authentication key and data signed by a private verification key; and a device comprising a public verification key forming a verification key pair with the private verification key, the device configured to read the data and public authentication key from the authentication chip, verify the data and the public authentication key using the public verification key, and authenticate the accessory for use with the device using the public authentication key if verified. | 04-21-2011 |
20110093715 | Management Server, Management Method, Management System for Downloading of Contents, and Mobile Devices - A receiver is configured to receive, from a mobile device of a first type adapted to read a content from a recording medium and run the content, a first device identifier identifying the mobile device of the first type and a recording medium identifier identifying a recording medium loaded in the mobile device of the first type, along with a digital signature generated in the mobile device of the first type using an encryption key secretly stored in the mobile device of the first type. A signature verification unit is configured to verify the authenticity of the digital signature. A voucher issuance unit is configured to issue a voucher to a mobile device of a second type adapted to acquire a content by downloading the content and to run the content accordingly and mapped into the mobile device of the first type, so that the mobile device of the second type is capable of downloading a content. | 04-21-2011 |
20110093716 | METHOD, SYSTEM AND APPARATUS FOR ESTABLISHING COMMUNICATION - A method, a system, and an apparatus for establishing communication are disclosed. The method is invented to establish communication between at least two communication parties including a first communication party and a second communication party. The method includes: sending a Cryptographically Generated Address (CGA) request to the first communication party; receiving CGA parameters and a CGA signature returned by the first communication party; and authenticating the CGA parameters and the CGA signature, and establishing communication with the first communication party if the authentication succeeds. By using the method disclosed herein, in the process of establishing communication, the communication party authenticates the CGA parameters and CGA signature carried in the CGA extension header to determine authenticity of the CGA, thus preventing the IP address spoofing and preventing or mitigating the network security problems caused by the IP address spoofing. | 04-21-2011 |
20110099380 | System and Method of Controlling Access to Information Content Transmitted Over Communication Network - An electronic communication system provides sender controlled access to electronic communications transmitted through an electronic communication network. A sender profile and recipient profile are registered with an electronic content service provider. An electronic communication with information content is transmitted from a sender computer to the electronic content service provider. A signature is generated unique to the electronic communication. The signature without the information content is transmitted to a recipient computer. The information content of the electronic communication is accessed by transmitting an authorization based on the recipient profile from the recipient computer to the electronic content service provider. The information content of the electronic communication is transmitted from the electronic content service provider through the electronic communication network to the recipient computer with restricted access as determined by the sender computer upon confirmation of the authorization. If the authorization is not confirmed, access to the electronic communication is blocked. | 04-28-2011 |
20110099381 | SYSTEM AND METHOD FOR RETRIEVING CERTIFICATES ASSOCIATED WITH SENDERS OF DIGITALLY SIGNED MESSAGES - A system and method for retrieving certificates and/or verifying the revocation status of certificates. In one embodiment, when a user opens a digitally signed message, a certificate that is required to verify the digital signature on the message may be automatically retrieved if it is not stored on the user's computing device (e.g. a mobile device), eliminating the need for users to initiate the task manually. Verification of the digital signature may also be automatically performed by the application after the certificate is retrieved. Verification of the revocation status of a certificate may also be automatically performed if it is determined that the time that has elapsed since the status was last updated exceeds a pre-specified limit. | 04-28-2011 |
20110099382 | PERSONALIZED DIGITAL MEDIA ACCESS SYSTEM (PDMAS) - The invention is an apparatus that facilitates access to encrypted digital media to accept verification and authentication from an excelsior enabler using at least one token and at least one electronic identification. The at least one electronic identification could be a device serial number, a networking MAC address, or a membership ID reference from a web service. Access to the product is also managed with a plurality of secondary enablers using the at least one electronic identification reference. | 04-28-2011 |
20110107105 | MESSAGE SENDING/RECEIVING METHOD - Provided is a message sending method for sending a message by a process of a computer including a processor and a memory. The method includes the steps of: randomizing a signature generation key sk_s with a random number r to calculate a randomized signature generation key sk′_s=SigningKeyRandomize(sk | 05-05-2011 |
20110107106 | File-Distribution Apparatus and Recording Medium Having File-Distribution Authorization Program Recorded Therein - A file-distribution apparatus includes a file-distribution unit configured to distribute an image file received from an image-forming device to a terminal device, a source-reference-information storage unit configured to store source-reference authorization information, and a security-management unit configured to determine whether a source-apparatus identifier corresponding to the image file is included in the source-reference information, and thus permits distribution of the image file if the determination is affirmative, and denies distribution of the image file if the determination is negative. | 05-05-2011 |
20110107107 | Multisigning - A Protocol For Robust Multiple Party Digital Signatures - Embodiments describe a system and/or method for multiple party digital signatures. According to a first aspect a method comprises establishing a first validity range for a first key, establishing a first validity range for at least a second key, and determining if the validity range of the first key overlaps the first validity range of the at least a second key. A certificate is signed with the first validity range of the first key and the first validity range of the at least a second key if the validity ranges overlap. According to another embodiment, signage of the certificate is refused if the first validity range of the first key does not overlap with the first validity range of the at least a second key. | 05-05-2011 |
20110113253 | ENHANCED DIGITAL SIGNATURES ALGORITHM METHOD AND SYSTEM UTILIZING A SECRET GENERATOR - The present invention is a digital signatures scheme method and system that permits the generation of a digital signature in a manner whereby the generator is kept secret. The inclusion of a secret generator in the digital signatures scheme may reduce the potential for an attack upon the scheme to be successful. The present invention may incorporate a signing procedure and a verification procedure. The signing procedure may facilitate the determination of a group, and the identification of the generator from the group. The signing procedure may also keep the generator secret and may generate a digital signature of a message. The generator may be kept secret by one or more conditions, and one or more public keys may be utilized by the digital signatures scheme. The verification procedure may be a verification procedure operable to obtain the message and the digital signature and to verify the digital signature. Embodiments of the present invention may achieve processing of the signing procedure and/or verification procedure at a fast rate of speed, which may further diminish the chance of a successful attack upon the digital signatures scheme. Embodiments of the present invention may further generate variations of digital signatures. | 05-12-2011 |
20110113254 | MULTIPAD ENCRYPTION - A method for protecting a message or document. The method comprises encrypting the message using a first key associated with a first party; sending the encrypted message to a second party; encrypting the message using a second key associated with the second party, so that it is encrypted with two keys simultaneously; sending the encrypted message to the first party; decrypting the message using the first key; sending the message to the second party, the message being encrypted with the second key, and using the second key to decrypt the encrypted message, thereby exposing the original message. | 05-12-2011 |
20110119493 | UNAUTHORIZED CONTENTS DETECTION SYSTEM - Processing load on an executing device for conducting playback is high during the playback of contents since the executing device performs verification of the contents validity in parallel with the contents playback, and therefore the executing device has to be equipped with a highly efficient processor. The present invention reduces the processing load involved in the verification by using, for the verification, only a predetermined number of encrypted units selected randomly from multiple encrypted units constituting encrypted contents recorded on the DVD. In addition, the present invention is capable of improving the accuracy of detecting unauthorized contents to some extent by randomly selecting a predetermined number of encrypted units every time the verification is performed. | 05-19-2011 |
20110126018 | Methods and systems for transaction digital watermarking in content delivery network - Methods and systems for applying a transaction digital watermark to content being downloaded over a content delivery network. The digital watermark carries information about the transaction pursuant to which the content was downloaded, which can be useful in establishing a “chain of custody” that facilitates piracy detection and/or other tracking and monitoring applications. Moreover, the digital watermark is applied by an edge caching server, which enables downstream entities in the content delivery chain, such as Internet service providers, to influence the information carried in the digital watermark and enables transaction details that become known after the content leaves the content provider network to be carried in the digital watermark, but without opening up a security hole at the end user premises. | 05-26-2011 |
20110126019 | ALTERING FUNCTIONALITY FOR CHILD-FRIENDLY CONTROL DEVICES - A method of interacting with a digital content device is described. The method includes defining a collection of digital content available via the digital content device. A specific control device is associated with the collection of digital content. A control signal is received from the control device. The digital content device allows the control device to access digital content included in the collection. | 05-26-2011 |
20110126020 | CONTENT DISCLOSURE SYSTEM AND METHOD FOR GUARANTEEING DISCLOSED CONTENTS IN THE SYSTEM - Means for confirming the validity of the contents of a change made to a disclosed content is provided for use in a content disclosure system in which a signed content may be modified and the validity of the modified signed content may be verified using a verification key corresponding to a signature on the content before the modification. When a signed changed-content is created based on a request to change a signed content, a signed content change device connected to the content disclosure system generates restoration validity proving data for restoring the signed changed-content to a state before the change and proving the validity of the restored Contents. A verification key of the signed content, the signed changed-content, and the restoration validity proving data are provided to allow a third party to confirm the validity of the content. | 05-26-2011 |
20110126021 | METHOD AND APPARATUS FOR TRANSMITTING AND RECEIVING SECURE AND NON-SECURE DATA - A communications system, and a method suitable for use therein, are described which are suitable for transmitting and receiving both secure and non-secure data. The system comprises: means for transmitting data comprising both ciphered secure data and unciphered non-secure data; means for receiving transmitted data; means for deciphering the received data to produce deciphered data; and means for: validating the deciphered data to produce a first validation result and outputting the deciphered data depending upon the first validation result; or validating the received data to produce a second validation result and outputting the received data depending upon the second validation result; or validating the deciphered data to produce a first validation result and outputting the deciphered data depending upon the first validation result, and also validating the received data to produce a second validation result and outputting the received data depending upon the second validation result. | 05-26-2011 |
20110131417 | IDENTITY BASED NETWORK POLICY ENABLEMENT - Enhanced network data transmission security and individualized data transmission processing can be implemented by intermediaries in a communication path between two endpoint peers individually having the capability to identify and authenticate one or both of the endpoint peers. Communication session establishment, endpoint peer identity processing and authentication and data traffic encryption protocols are modified to allow intermediaries to track the communications between endpoint peers for a particular communication session and obtain information to authenticate the endpoint peers and identify data traffic transmitted between them. Intermediaries can use the identities of one or both of the endpoint peers to enforce identity based rules for processing data traffic between the endpoint peers for a communication session. | 06-02-2011 |
20110145584 | Translating Information between Computing Devices Having Different Security Management - A system and method for communicating a document between multiple locations is disclosed. A computing device receives, via a network, multiple portions of a document signed and/or encrypted at a first location in accordance with a first signing and encryption methodology along with a trailer manifest specifying an order the portions need to be assembled to reconstruct the document. Each of the portions and the manifest is individually decrypted and validated using the first signing and/or encrypting methodology. The portions and manifest are re-signed and/or re-encrypted with a second signing and encryption methodology such that the information can be decrypted, the signatures can be validated and the document can be reassembled at a second location. | 06-16-2011 |
20110145585 | SYSTEM AND METHOD FOR PROVIDING CREDENTIALS - A method and system is operable to provide credentials by generating a first credential that conforms to a first specified format. A second credential conforming to a second specified format is included in the first credential so that the second credential may be distributed through the cryptosystem using the first specified format. The credential may be a digital certificate. | 06-16-2011 |
20110145586 | INTEGRATED CIRCUIT AND SYSTEM FOR INSTALLING COMPUTER CODE THEREON - An integrated circuit | 06-16-2011 |
20110154044 | COMPUTER IMPLEMENTED METHOD FOR SENDING A MESSAGE TO A RECIPIENT USER, RECEIVING A MESSAGE BY A RECIPIENT USER, A COMPUTER READABLE STORAGE MEDIUM AND A COMPUTER SYSTEM - The invention relates to a computer implemented method for sending a message to a recipient user, wherein a recipient asymmetric cryptographic key pair is associated with the recipient user, said key pair comprising a public recipient key and a private recipient key, the method comprising sending the message to said recipient user with the recipient address to which the message is sent comprising the public recipient key. | 06-23-2011 |
20110154045 | ANONYMOUS AUTHENTICATION SERVICE METHOD FOR PROVIDING LOCAL LINKABILITY - There is provided an anonymous service method of providing local linkability. The anonymous service method providing local linkability according to exemplary embodiments of the invention, an anonymous authentication operation based on a short group signature is performed, for which the concept of a local linkability is introduced to secure linkability within the same service domain. Namely, in the interior of a service provider, a virtual index having a fixed value is calculated for each service user, and in this case, although a plurality of service providers collude with each other, they cannot calculate a virtual index having the same value, whereby the linkability can be secured within the same service domain but not within the interiors of different service domains. | 06-23-2011 |
20110161672 | Provisioning, upgrading, and/or changing of hardware - In some embodiments a secure permit request to change a hardware configuration is created. The secure permit request is sent to a remote location, and a permit sent from the remote location in response to the permit request is received. The hardware configuration is changed in response to the received permit. Other embodiments are described and claimed. | 06-30-2011 |
20110161673 | METHOD AND APPARATUS FOR ENHANCING SECURITY OF WIRELESS COMMUNICATIONS - The present invention is related to a method and apparatus for enhancing security of communications. The apparatus comprises a security processing unit, a data processing unit, a cross-layer watermarking unit, and optionally a smart antenna processor. The security processing unit generates a token/key to be used in watermarking and sends a node security policy to other components. The data processing unit generates user data. The cross-layer watermarking unit includes at least one of Layer-2/3, Layer-1 and Layer-0. Each layer performs a different scheme or degree of watermarking. The cross-layer watermarking unit embeds the token/key into the user data transmission on at least one of the layers selectively in accordance with a security policy. | 06-30-2011 |
20110167274 | PROVIDING SERVICES TO DEVICES USING A ZIGBEE NETWORK - A network device may receive two different sets of authentication information from a user device over a ZigBee network. The network device may authenticate the user device based on the received two different sets of authentication information and permit, in response to authenticating the user device, the user device to obtain a service by exchanging information between the network device and the user device over the ZigBee network. | 07-07-2011 |
20110179279 | DEVICE AND METHOD FOR A BACKUP OF RIGHTS OBJECTS - A common backup format of a backup rights object according to embodiments of the present invention has the following features: License information that is not critical for cryptographic security of the rights object is kept in “plain text” with a well defined syntax in a first data container, license information that is critical for cryptographic security of the rights object is stored in cryptographically protected form that is specific for the originating device to which the rights object is bound to in a second data container, and the rights object is cryptographically signed by the originating device such that it may not be manipulated. The signature is stored in a third data container. | 07-21-2011 |
20110185179 | System And Method For Digital Rights Management With A Lightweight Digital Watermarking Component - Various embodiments of a system and method for digital rights management with a lightweight digital watermarking component are described. Embodiments may include methods as well as elements for performing such methods. Such a method may include receiving content onto a computer system; the computer system may include a runtime component configured to consume the content. The method may include receiving a digital watermarking component on the computer system. The digital watermarking component may specify information for generating a digital watermark on the content. The method may include applying a digital watermark to the content with the runtime component in order to generate watermarked content. The digital watermark may be applied by the runtime component in accordance with the digital watermarking component. In various embodiments, the received runtime component may be configured to prevent the received content from being consumed without the digital watermark applied to the received content. | 07-28-2011 |
20110185180 | METHOD AND DEVICE FOR CREATING DIGITAL SIGNATURE - A method is disclosed for creating a digital signature associated with a user having a code-generating device including a data interface, a display device, a user input device and processing circuitry, the digital signature being indicative of at least one signature object including a signature element having been pre-selected for display to the user. In at least one embodiment, the method includes: receiving, through the data interface, signature data from a user communication device, the signature data including reference data indicating a location of the signature object and a corresponding identifier code, uniquely identifying the signature object; acquiring, through the data interface, the signature object including the signature element having been pre-selected for display; determining a candidate identifier code for the signature object including the signature element having been pre-selected for display; displaying, if the candidate identifier code matches the identifier code included in the signature data, information indicative of the signature element having been pre-selected for display using the display device; determining, if user input indicative of approval of the displayed information is received through the user input device, a digital signature based on the signature data using the processing circuitry; and providing the digital signature to the user communication device. | 07-28-2011 |
20110185181 | NETWORK AUTHENTICATION METHOD AND DEVICE FOR IMPLEMENTING THE SAME - A network authentication method is to be implemented using a network authentication device and a user end for authenticating the user end. The network authentication method includes the steps of: configuring the network authentication device to store hardware information associated with unique identification codes of hardware components of the user end; when it is intended to verify identity of the user end, configuring the user end to execute a terminal program stored therein for scanning the hardware components thereof to obtain the identification codes of the hardware components, for establishing a hardware list according to the identification codes thus obtained, and for sending to the network authentication device verification data that is associated with the hardware list; and configuring the network authentication device to verify identity of the user end based on relationship between the verification data received from the user end and the hardware information stored therein. | 07-28-2011 |
20110197069 | METHOD AND SYSTEM FOR PREVENTING REVOCATION DENIAL OF SERVICE ATTACKS - Methods and systems for preventing revocation denial of service attacks are disclosed and may include receiving and decrypting a command for revoking a secure key utilizing a hidden key, and revoking the secure key upon successful verification of a signature. The command may comprise a key ID that is unique to a specific set-top box. A key corresponding to the command for revoking the secure key may be stored in a one-time programmable memory, compared to a reference, and the security key may be revoked based on the comparison. The command for revoking the secure key may be parsed from a transport stream utilizing a hardware parser. The method and system may also comprise generating a command for revoking a secure key. The command may be encrypted and signed utilizing a hidden key and may comprise a key ID that is unique to a specific set-top box. | 08-11-2011 |
20110197070 | SYSTEM AND METHOD FOR IN- AND OUT-OF-BAND MULTI-FACTOR SERVER-TO-USER AUTHENTICATION - A method to authenticate a server to a client is provided, including in-band and out-of-band techniques. At least a first shared secret identifies a server path, including a plurality of pre-defined locations on a frame of reference (e.g. a grid). An authentication session is initiated upon receiving a client identifier at the server-side resources. A current session instance of the grid is presented to the client, populated with characters. The process includes sharing between the client and the server a challenge identifying a random subset of the plurality of predefined locations in the server path, and a response including characters that match the characters in the locations on the server path identified by the challenge. As a result, client is capable of verifying that the server has access to the first shared secret. Then a protocol is executed to authenticate the client to the server. | 08-11-2011 |
20110197071 | Determining Response Signature Commonalities - An analyzer can obtain data regarding signal characteristics in each of multiple communication channels within an access network. The analyzer can use that data to create signatures corresponding to each of the multiple channels. Based on similarities between signatures, the analyzer may then identify clusters of signatures associated with devices that share channels or portions of channels. | 08-11-2011 |
20110197072 | METHOD AND APPARATUS FOR VERIFYING CGA SIGNATURE - A method and apparatuses for verifying Cryptographically Generated Address (CGA) signature are provided. The method includes: receiving a message sent by a CGA address owner, wherein a RSA public key, a first RSA public key signature, a second public key, and a second public key signature are carried in the message, the first RSA public key binds one or more second public keys, and a part protected by the first public key signature includes the one or more second public keys; verifying the first RSA public key signature according to the message; extracting the second public key, and verifying the second public key signature. According to the method and apparatuses of the embodiment, the effect of supporting other public key can be achieved, the change of the IP address can be omitted, and public key deployment and computing resources are saved. | 08-11-2011 |
20110202772 | NETWORKED COMPUTER IDENTITY ENCRYPTION AND VERIFICATION - A method for communication includes initiating a communication session over a network between a remote computer ( | 08-18-2011 |
20110208969 | METHOD AND APPARATUS FOR PROVIDING AUTHENTICITY AND INTEGRITY TO STORED DATA - A method and apparatus for storing data is provided herein. During operation, a server will sign only the signatures of the data portions that were generated during the live local capture. The signature of the local signatures generated during the live local capture will then be used to verify the integrity and authenticity of the local signatures. When the integrity and authenticity of the local signatures is verified, an entity can be assured that server is trusted. When a portion of data is to be removed from the server, the data is removed, without removal of its live-local signature. Because data blocks can be deleted as long as the signature remains stored, the overall incident signature, generated at check-in to the trusted server, will still be verifiable as protecting the authenticity and integrity of all remaining data. | 08-25-2011 |
20110208970 | DIGITAL SIGNATURE AND KEY AGREEMENT SCHEMES - A method is disclosed for performing key agreement to establish a shared key between correspondents and for generating a digital signature. The method comprises performing one of key agreement or signature generation, and using information generated in said one of key agreement or signature generation in the other of said key agreement or said signature generation. By doing this, computations and/or bandwidth can be saved. | 08-25-2011 |
20110213982 | ELGAMAL SIGNATURE SCHEMES - There is disclosed a method of generating a digital signature of a message m. A signature component s of the digital signature is calculated by first masking the long-term private key d using a single additive operation to combine the key d with a first value. The masked value is then multiplied by a second value to obtain component s. The first value is calculated using the message m and another component of the digital signature, and the second value is derived using the inverse of a component of the first value. In this way, the signature component s is generated using a method that counters the effectiveness of side channel attacks, such as differential side channel analysis, by avoiding a direct multiplication using long-term private key d. | 09-01-2011 |
20110213983 | AUTHENTICATION SYSTEM FOR A PLUG-IN ELECTRIC DRIVE VEHICLE - The invention relates to an authentication and/or energy auditing system for a plug-in electric drive vehicle. A first device connects to a first power apparatus and establishes an electrical power path between the first and a remote device. The latter is connectable to a second power apparatus. The authentication system preferably includes a powerline transceiver to receive a request containing an identifier from the remote device over the power path. Control means controls operation of the first device and responds to the request to initiate an authentication process to determine whether or not the remote device is authentic and authorised to exchange power with the first device, and to activate a control switch to electrically connect the first device to the first power apparatus only upon an authentic and authorised determination. The energy auditing system measures energy received by each device in a specified time interval and electrically disconnects the first device from the first power apparatus when a power loss between the respective devices is detected. | 09-01-2011 |
20110219235 | DIGITAL SIGNATURE DEVICE, DIGITAL SIGNATURE METHOD, AND NON-TRANSITORY STORAGE MEDIUM STORING DIGITAL SIGNATURE PROGRAM - A digital signature device includes an operation unit configured to accept key information that specifies target information of digital signature from a user and to accept the digital signature from the user, a control unit configured to extract one or more values that correspond to the key information that is accepted, from a database that stores a plurality of pieces of key information that includes the key information in association with each value, to calculate a characteristic value that is uniquely defined for the value based on the one or more values that are extracted, and to generate signature data that includes the key information, the characteristic value, and information for the digital signature for each of the one or more values, and a storage unit configured to store the signature data. | 09-08-2011 |
20110219236 | METHOD AND DEVICE FOR MANAGING DIGITAL CONTENT - The invention provides a method and devices for managing digital content, the method comprising the steps of sending, by a first device ( | 09-08-2011 |
20110225427 | USE OF CERTIFICATE AUTHORITY TO CONTROL A DEVICE'S ACCESS TO SERVICES - A mobile communications device having a digital certificate authenticating the device itself is proposed. A server for authenticating the device and a method of authenticating the device are also disclosed. The device comprises a transmitter, a processor, a memory and a computer readable medium. The memory includes a certificate certifying the authenticity of the mobile communications device, the certificate comprising device-specific data and a digital signature signed by an authority having control of the authenticity of the mobile communications device. The computer readable medium has computer readable instructions stored thereon that when executed configure the processor to instruct the transmitter to transmit a copy of the certificate to a service provider in response to a request to authenticate the mobile communications device with the service provider. | 09-15-2011 |
20110231662 | CERTIFICATE VALIDATION METHOD AND VALIDATION SERVER - The validation server obtains information related to a first cryptographic method from a certificate which is contained in a certificate validation request from a terminal device. When the information related to the first cryptographic method is not stored in a storage unit of the validation server as valid information, the validation server determines that the information related to the first cryptographic method is invalid. When the information related to the first cryptographic method is stored in the storage unit as valid information and also the information related to a second cryptographic method listed in the certificate in the certification path is not stored in the storage unit during the certification path validation, the validation server determines that the information related to the second cryptographic method is invalid. | 09-22-2011 |
20110231663 | Systems and methods to generate, preserve, collect, search, and certify authentic original documents - The data-content authentication center includes a data-content receiver comprises a transceiver for receiving data/content directly from a data/content generation/capturing device by first checking and confirming a registered device identification (ID) of the data/content generation/capturing device before receiving the data/content transmitted from the data/content generation/capturing device into the data-content receiver. | 09-22-2011 |
20110231664 | ACCELERATED SIGNATURE VERIFICATION ON AN ELLIPTIC CURVE - A public key encryption system exchanges information between a pair of correspondents. The recipient performs computations on the received data to recover the transmitted data or verify the identity of the sender. The data transferred includes supplementary information that relates to intermediate steps in the computations performed by the recipient. | 09-22-2011 |
20110238997 | EFFICIENT TECHNIQUE TO ACHIEVE NON-REPUDIATION AND RESILIENCE TO DoS ATTACKS IN WIRELESS NETWORKS - A computationally efficient message verification strategy that achieves non-repudiation and resilience to computational denial of service attacks in conjunction with a broadcast authentication protocol that authenticates messages using a combination of a digital signature and a TESLA MAC. When messages are received at a receiver, the verification strategy separates the messages into messages with the same sender identification. The strategy then determines whether the TESLA MAC authenticator is valid for each message and discards those messages that do not have a valid TESLA MAC. The strategy collects the messages that have a valid TESLA MAC for each sender identification and performs a batch verification process on the group of messages to determine if the messages in the group have a valid digital signature. This strategy verifies each message in the group of messages if the batch verification process shows that the group of messages has a valid digital signature. | 09-29-2011 |
20110238998 | METHOD AND APPARATUS FOR PORTABLE SELF-CONTAINED NODE COMPUTER - A portable self-contained node computer is provided. The portable self-contained node computer connects to a host computer. The host computer allows the portable node computer to access its peripheral input/output devices. | 09-29-2011 |
20110246778 | PROVIDING SECURITY MECHANISMS FOR VIRTUAL MACHINE IMAGES - A method for providing a security mechanism for validating and executing a virtual machine image where the virtual machine image is obtained from an external source to run on an endpoint or host system. An electronic device storing validation data is connected to the host system, and the virtual machine image is validated with the validation data. The virtual machine image run on the host system if validated and/or decrypted. The electronic device can be a USB flash drive, and the electronic device can include a security processor with memory in addition to having a display, keypad, token, or any combination thereof. The validation data utilized may comprise a keyed hash or digital signature when validating the virtual machine image. | 10-06-2011 |
20110246779 | ZERO-KNOWLEDGE PROOF SYSTEM, ZERO-KNOWLEDGE PROOF DEVICE, ZERO-KNOWLEDGE VERIFICATION DEVICE, ZERO-KNOWLEDGE PROOF METHOD AND PROGRAM THEREFOR - Provided is a zero-knowledge proof system that allows a discrete-logarithm zero-knowledge proof. The zero-knowledge proof device includes a temporary memory unit that stores pseudorandom numbers and previously determined hash values, a first processing unit that calculates multiple pseudorandom numbers and performs multiple iterations of processing to calculate hash values based on the calculated pseudorandom numbers and the information stored in the temporary memory unit, a second processing unit that determines some of the multiple pseudorandom numbers based on the hash values, and a third processing unit that re-calculates some of the pseudorandom numbers and sends the hash values obtained to a zero-knowledge verification device. The zero-knowledge verification device includes a temporary memory region, a data receiving module that sequentially receives new input data, and a processing module that overwrites hash values including variables and input data, as variables into the temporary memory region each time the input data are received. | 10-06-2011 |
20110246780 | VALIDATION METHOD AND SYSTEM FOR USE IN SECURING NOMADIC ELECTRONIC TRANSACTIONS - A method involving a communication device, which comprises sending a request to a communication device; receiving a response from the communication device over a local communication path; deriving a received data set from said response; determining at least one data set that had been previously transmitted to the communication device over a wireless portion of a second communication path different from the local communication path; and validating the response based on the received data set and the at least one previously transmitted data set. | 10-06-2011 |
20110252241 | USING WATERMARKING TO REDUCE COMMUNICATION OVERHEAD - A method for reducing overhead when transmitting and receiving an Internet Protocol (IP) packet by a device begins with receiving of the IP packet by the device. In the packet, an IP address of the packet has been removed and replaced with a watermarking signature based on the IP address. The IP address is obtained using the watermarking signature. The IP address is attached to the packet and the packet is forwarded by the device to a destination over a network using the IP address. | 10-13-2011 |
20110258454 | CROSS-DOMAIN IDENTITY MANAGEMENT FOR A WHITELIST-BASED ONLINE SECURE DEVICE PROVISIONING FRAMEWORK - A method for managing identifiers associated with network-enabled devices and used in an identity data system provisioning the network-enabled devices with identity data includes receiving a first set data that includes a previously assigned identifier for one or more of the network-enabled devices that are authorized to be provisioned with new identity data. If identity data is currently installed on the one or more network-enabled devices, each of the previously assigned identifiers in the first set of data is associated with a corresponding identifier linked to the identity data currently installed on the one or more network-enabled devices to establish a second set of data. New identity data is bound to each of the one or more network-enabled devices by assigning a new identifier linked with the new identity data to each of the one or more network-enabled devices to establish a whitelist. The whitelist specifies, for each of the one or more network-enabled devices, its previously assigned identifier, its corresponding identifier and its new identifier that is linked with the new identity data. | 10-20-2011 |
20110258455 | MASKED DIGITAL SIGNATURES - The present invention relates to digital signature operations using public key schemes in a secure communications system and in particular for use with processors having limited computing power such as ‘smart cards’. This invention describes a method for creating and authenticating a digital signature comprising the steps of selecting a first session parameter k and generating a first short term public key derived from the session parameter k, computing a first signature component r derived from a first mathematical function using the short term public key, selecting a second session parameter t and computing a second signature component s derived from a second mathematical function using the second session parameter t and without using an inverse operation, computing a third signature component using the first and second session parameters and sending the signature components (s, r, c) as a masked digital signature to a receiver computer system. In the receiver computer system computing a recovered second signature component s′ by combining a third signature component with the second signature component to derive signature components (s′, r) as an unmasked digital signature. Verifying these signature components as in a usual EIGamal or ECDSA type signature verification. | 10-20-2011 |
20110264917 | METHOD FOR TWO STEP DIGITAL SIGNATURE - The invention relates to a method for the digital signature of a message by a signer having an identity and holding a signature device, in which a public key cryptographic scheme is used. The signer has a public key and two private keys, the second private key being deposited at a reliable third party. For each signing operation, two additional steps are respectively carried out with a separate private key, i.e.: the calculation by the signer of a pre-signature of the message using the first private key, and transmitting the message and the pre-signature to the reliable third party; and the verification by the reliable third party of the pre-signature followed by the calculation by the reliable third party of a signature of the message using the second private key deposited at the reliable third party as well as the pre-signature previously calculated by the signer. | 10-27-2011 |
20110271115 | CERTIFICATE INFORMATION STORAGE SYSTEM AND METHOD - A system and method of storing in a computer device digital certificate data from a digital certificate are provided. When a digital certificate is received at the computer device, it is determined whether the digital certificate data in the digital certificate is stored in a first memory store in the computer device. The digital certificate data is stored in the first memory store upon determining that the digital certificate data is not stored in the first memory store. | 11-03-2011 |
20110271116 | SET OF METADATA FOR ASSOCIATION WITH A COMPOSITE MEDIA ITEM AND TOOL FOR CREATING SUCH SET OF METADATA - A set of metadata for association with the composite media item and a tool for creating a composite media item with an associated set metadata. In one embodiment, the tool comprises a component for extracting a portion of a first media item having first metadata and for extracting a portion of a second media item having second metadata, a component for combining the first portion and the second portion to form a composite media item, and a component for analyzing the first metadata and the second metadata to extract portions of the first and second metadata to form a new set of metadata for association with the composite media item. In one embodiment, the new metadata is a data container. | 11-03-2011 |
20110276804 | SERVER AUTHENTICATION METHOD AND CLIENT TERMINAL - A server authentication method is provided. In the method, a client receives a public key of an evaluated server during establishment of a secure communication path with the evaluated server. The client terminal transmits a first ID to the evaluated server. The client terminal receives a second ID and a first random number from the evaluated server. The client terminal determines that the evaluated server is valid when the received first random number corresponds to the transmitted first ID and a public key stored in a public key management unit configured to manage the public key in advance is identical to the received public key. The client terminal transmits a second random number corresponding to the second ID to the evaluated server when the evaluated server is determined to be valid. | 11-10-2011 |
20110283109 | SYSTEM AND METHOD FOR SELECTING MESSAGING SETTINGS ON A MESSAGING CLIENT - A system and method of selecting messaging settings on a messaging client are provided. A data store configured to operate in conjunction with the messaging client stores records comprising messaging settings or characteristics for previously received and/or sent messages. The messaging client is configured to send outgoing messages, each of the messages having message characteristics, to determine whether a record for an addressed recipient of an outgoing message exists in the data store, and to select messaging settings to control the message characteristics of the outgoing message based on the record where a record exists. | 11-17-2011 |
20110289318 | System and Method for Online Digital Signature and Verification - A method to sign online documents may include the steps of loading a signing component from a remote server, automatically launching signing component at user local machine(PC, PDA or smart phone . . .), displaying signing component user interface in web page , entering a password and loading/applying a first key file in cooperation with the signing component, verifying the password and verifying first key, applying the first key to a document digest to generate a digital signature based on the document digest and first key. | 11-24-2011 |
20110289319 | METHOD FOR AUTHENTICATING KEY INFORMATION BETWEEN TERMINALS OF A COMMUNICATION LINK - With the help of a key management protocol, the transmitted key information (si) is authenticated by at least one certificate signed by the terminals (A, B), and at least one fingerprint (fp) of the public keys or certificate, which were used for authenticating the key information (si), is added to the useful part of an SIP message (INVITE). The identity information (idi) present in the header (SIPH) of an SIP message is additionally copied into a region of the header (SIPH) or the useful part (B), and a signature (S) is produced by way of the fingerprint (fp), the datum information (di) presented in the header (SIPH) of an SIP message, the copied identity information (idi′), and optionally the certificate reference information (hz), and is inserted into a further region of the header (SIPH) of the SIP message (INVITE). Advantageously, the additional signature that is produced and inserted according to the invention also remains uninfluenced during a transmission across several networks of different network operators, thereby achieving unique authentication of the transmitted key information. With the method according to the invention, accordingly attacks on the security of the authentication in the networks of the different network operators can be avoided. | 11-24-2011 |
20110289320 | NETWORK WATERMARK - A network communications method utilizing a network watermark for providing security in the communications includes creating a verifiable network communications path of nodes through a network for the transfer of information from a first end node to a second end node; verifying the network communications path of nodes, by the first end node, before communicating by the first end node information intended for receipt by the second end node; and once the network communications path of nodes is verified by the first end node, communicating by the first end node, via the verified communications path of nodes, the information intended for receipt by the second end node; wherein the network watermark represents the verifiable network communications path of nodes. | 11-24-2011 |
20110296187 | CLAIM BASED CONTENT REPUTATION SERVICE - In some embodiments, a system may comprise a database and one or more servers. The database may, for example, store a plurality of content claims for previously evaluated data items, with each of the plurality of content claims being associated in the database with a corresponding stored digital fingerprint of a previously evaluated data item. The server(s) may, for example, be configured to receive a determined digital fingerprint of a data item from a client device on another network node, to submit a query to the database using the determined digital fingerprint as a primary key, and to transmit one or more content claims returned by the query to the client device. In some embodiments, the server(s) may be further configured to receive the content claim(s) and the digital fingerprint associated therewith from one or more computers on another network node, and to cause the received content claim(s) and digital fingerprint associated therewith to be stored in the database. | 12-01-2011 |
20110296188 | AUTHENTICATION DEVICE, AUTHENTICATION METHOD, PROGRAM, AND SIGNATURE GENERATION DEVICE - Provided is an authentication device including a key setting unit for setting sεK | 12-01-2011 |
20110296189 | AUTHENTICATION DEVICE, AUTHENTICATION METHOD, PROGRAM, AND SIGNATURE GENERATION DEVICE - Provided is an authentication device including a key setting unit for setting a multi-order polynomial u | 12-01-2011 |
20110296190 | MOTOR VEHICLE DISPLAY APPARATUS, MOTOR VEHICLE ELECTRONIC SYSTEM, MOTOR VEHICLE, METHOD FOR DISPLAYING DATA, AND COMPUTER PROGRAM PRODUCT - The invention relates to a motor vehicle display apparatus with an electronic device, comprising:
| 12-01-2011 |
20110296191 | METHOD FOR SECURELY DRAWING UP A VIRTUAL MULTIPARTY CONTRACT CAPABLE OF BEING PHYSICALLY REPRESENTED - The invention relates to a method for securely drawing up a multiparty contract using digital certificates and electronic devices. Said method includes at least three steps: signing, countersigning, and formatting. The formatted document has the specific feature of being capable of being physically represented. | 12-01-2011 |
20110307700 | SYSTEM AND METHOD FOR PERFORMING TWO FACTOR AUTHENTICATION AND DIGITAL SIGNING - The present invention relates to a system ( | 12-15-2011 |
20110307701 | ENCRYPTION AND AUTHENTICATION SYSTEMS AND METHODS - Methods, apparatus, and systems are disclosed for, among other things, passphrase input using secure delay, passphrase input with characteristic shape display, user authentication with non-repeated selection of elements with a displayed set of elements, document authentication with embedding of a digital signature stamp within a graphical representation of the electronic document wherein the stamp comprises digits of a digital signature, and sub-hash computation using secure delay. | 12-15-2011 |
20110307702 | METHOD FOR AUTHENTICATING AND EXECUTING A PROGRAM - Unlike the technology for a program downloaded through conventional broadcast waves, in the case of downloading a program via a network, there is a possibility that such program will be activated without noticing that the program is tampered with. For this reason, when a program is downloaded via a network, a file hierarchy for the program located on a server is constructed in a local area of a terminal. Subsequently, the authentication of the program is performed with respect to the file hierarchy constructed in the local area, and the credibility of the program is guaranteed. | 12-15-2011 |
20110307703 | CRYPTOGRAPHIC MODULE FOR SECURE PROCESSING OF VALUE-BEARING ITEMS - An on-line value bearing item (VBI) printing system that includes one or more cryptographic modules and a central database is disclosed. The cryptographic modules are capable of implementing the USPS Information Based Indicia Program Postal Security Device Performance Criteria and other required VBI standards. The modules encipher the information stored in the central database for all of the on-line VBI system customers and are capable of preventing access to the database by unauthorized users. Additionally, the cryptographic module is capable of preventing unauthorized and undetected modification, including the unauthorized modification, substitution, insertion, and deletion of VBI related data and cryptographically critical security parameters. | 12-15-2011 |
20110314290 | DIGIPASS FOR WEB-FUNCTIONAL DESCRIPTION - The DigiPass for the Web provides security for internet communication greater than that achieved by the use of a static password without requiring the user to install any software or to possess or use dedicated hardware of any kind. The user merely access an appropriate website which downloads an applet to the user's browser. This is a conventional function which is handled by the browser and does not require any expertise on the part of the user. The browser relies on a password known only to the user for authenticating the user to the browser/applet. The browser/applet interacts with the server to create an authentication key which is then stored on the user's computer. The user can invoke the authentication key dependent on the user's presentation to the browser/applet of the password. Since the password is not used outside the user-browser/applet interaction it is not subject to attacks by hackers. The authentication key is also protected from attacks by encryption although the user need not memorize any information other than the password. | 12-22-2011 |
20110314291 | Digital signature program, digital signature apparatus, and digital signature method - When input data (f | 12-22-2011 |
20110314292 | POWER ANALYSIS ATTACK COUNTERMEASURE FOR THE ECDSA - Execution of the Elliptic Curve Digital Signature Algorithm (ECDSA) requires determination of a signature, which determination involves arithmetic operations. Some of the arithmetic operations employ a long term cryptographic key. It is the execution of these arithmetic operations that can make the execution of the ECDSA vulnerable to a power analysis attack. In particular, an attacker using a power analysis attack may determine the long term cryptographic key. By modifying the sequence of operations involved in the determination of the signature and the inputs to those operations, power analysis attacks may no longer be applied to determine the long term cryptographic key. | 12-22-2011 |
20110320819 | ACCESSING RESTRICTED CONTENT BASED ON PROXIMITY - A license to use content (e.g., a movie, song, application, etc.) is provided to a consumer. The license allows for use of the content by the device the consumer is using (e.g., logged into) and devices near the device the consumer is using. For example, a first computing device obtains a license to restricted content. A second computing device obtains a copy of the restricted content; however, the second computing device is not licensed to use the content and may not be able to access the content because the content is encrypted or otherwise restricted. The first computing device is brought into proximity with the second computing device. In response to detecting that the first computing device is in proximity with the second computing device, the second computing device is provided with legal access to the restricted content. The second computing device can then decrypt (or otherwise access) and play the content. | 12-29-2011 |
20110320820 | Restoring Secure Sessions - The different illustrative embodiments provide a method, a computer program product, and an apparatus for restoring secure sessions. A determination is made whether cached information for a session for the requestor is stored at the data processing system using a session cookie responsive to receiving a request at a data processing system from a requestor to access a resource. Access to the resource is controlled using the cached information and a number of privileges for the requestor associated with the cached information responsive to a determination that the cached information for the session is stored at the data processing system. A migration cookie is requested from the requestor responsive to an absence of a determination that the cached information for the session is stored at the data processing system. The cached information is generated for the session using the migration cookie. | 12-29-2011 |
20110320821 | FEDERATION AMONG SERVICES FOR SUPPORTING VIRTUAL-NETWORK OVERLAYS - Computerized methods, systems, and computer-readable media for promoting cooperation between a first and second virtual network overlay (“overlay”) are provided. The first overlay is governed by a first authority domain and includes members assigned virtual IP addresses from a first address range. The second overlay is governed by a second authority domain, which is associated with a second federation mechanism, for negotiating on behalf of the second overlay. The second federation mechanism is capable of negotiating with, or soliciting delegation of authority from, a first federation mechanism that is associated with the first authority domain. When negotiations are successful or authority is delegated, the second federation mechanism establishes a communication link between the second overlay and the first overlay or joins a member of the second overlay to the first overlay. Joining involves allocating a guest IP address from the first address range to the member. | 12-29-2011 |
20120005482 | SYSTEMS AND METHODS FOR SECURELY REQUESTING AND TRANSMITTING EDUCATIONAL RECORDS VIA THE INTERNET - Systems and methods for securely ordering and transmitting educational records via the Internet are disclosed. A requestor orders educational records via a clearinghouse web site. An application services module receives the order and forwards it to a school over the Internet via a secure connector module. The secure connector module provides authentication, encryption, and validation services, and interfaces with an SIS operations module. The SIS operations module retrieves the requested records from the school's student information system (“SIS”). The educational records are transmitted back to the clearinghouse via the secure connector module. The requestor can then download the records from the clearinghouse via a secure web site. | 01-05-2012 |
20120017090 | SYSTEM AND METHOD FOR ZONE SIGNING AND KEY MANAGEMENT IN A DNS SYSTEM - Methods and systems for signing a DNS zone file and managing zone file signing are provided. An indication of a first DNS zone to be signed is received from one of several remote users, where each such remote user has control over a separate DNS zone. Unsigned zone data is retrieved for the first DNS zone to be signed and is cryptographically signed. The signed zone data is provided to a signed zone master for propagation to one or more DNS servers. | 01-19-2012 |
20120017091 | METHODS AND APPARATUS FOR THWARTING WATERMARK DETECTION CIRCUMVENTION - Methods and apparatus for thwarting circumvention of watermark detection are provided. When content is received at a device that is equipped with a watermark extractor, an attacker may disguise the form of the received content in an attempt to circumvent detection of watermarks that are embedded in the content. A signal processing operation is performed on the received content such that the signal processing operation does not significantly degrade the perceptual quality of the content if the content is indeed in the form that is purported to be. The signal processing operation, however, significantly degrades the perceptual quality of the content if the content is in a different form, thereby discouraging the attacker's attempts to thwart watermark detection. | 01-19-2012 |
20120023335 | DEVICE AND PROCESS FOR PROTECTING A DIGITAL DOCUMENT, AND CORRESPONDING PROCESS FOR VERIFYING THE AUTHENTICITY OF A PRINTED HARDCOPY - According to the invention, a digital document is protected through:
| 01-26-2012 |
20120030470 | WIRELESS PROGRAMMING OF VEHICLE MODULES - A system and method for programming a vehicle module via a secure local area wireless connection. The method carried by the system involves establishing a wireless connection between a vehicle telematics unit and a dealership wireless node. Then, the dealership sends via the wireless node a digital certificate to the vehicle telematics unit. The vehicle uses the digital certificate to verify that the dealership is authorized to provide the vehicle with an upgrade to one or more of the vehicle's components. In response of the verification, an upgrade is performed to one or more vehicle components via the wireless communication. | 02-02-2012 |
20120030471 | DOWNLOAD MANAGEMENT SYSTEM - A download management system includes a server, a computer host and a storage device. The server stores an encrypted data, which is encrypted according to a certification signature. The computer host is communicatively connected to the server for executing a management program. The storage device is connected electrically to the computer host and includes the certification signature, wherein the download management execution program is capable of reading the certification signature from the storage device, downloading the encrypted data from the server, decrypings the encrypted data according to the certification signature to obtain a decrypted data, and storing the decrypted data in the storage device. | 02-02-2012 |
20120036365 | COMBINING REQUEST-DEPENDENT METADATA WITH MEDIA CONTENT - An edge component receives a request for media content from a user device. The request includes both an indication of the media content and an indication of request-dependent metadata for the media content. The edge component obtains the request-dependent metadata for the media content from a content delivery service, and obtains the media content from a content delivery network. The edge component combines the request-dependent metadata and the media component, returning both the request-dependent metadata and the media content to the user device. | 02-09-2012 |
20120036366 | SECURE AND VERIFIABLE DATA HANDLING - The described implementations relate to secure and verifiable data handling. One implementation can receive a request to upload information, wherein the information includes a referencing element and at least one blob of referenced data. This implementation can also receive a chunk of an individual blob. The chunk can include multiple blocks. Individual blocks can be hashed. Upon receipt of an indication that all chunks have been uploaded, this implementation can create an overall hash of the information from the block hashes rather than from the information. | 02-09-2012 |
20120036367 | Systems and Methods for Transparent Configuration Authentication of Networked Devices - Methods and systems are disclosed for providing secure transmissions across a network comprising a transmitting device and a receiving device. At the transmitting device, a stream of watermark bits is generated. Next, a plurality of watermarks is generated, each of the plurality of watermarks comprising an index number and a portion of the stream of watermark bits. The watermarks are inserted into each header of a plurality of outgoing packets. At the receiving device, the plurality of outgoing packets are received and it is determined if a received packet is valid based on the watermark in the header of the received packet. The stream of watermark bits may be generated using a stream cipher such as RC4, a block cipher such as 3DES in CBC mode, or other equivalent pseudo-random stream generating techniques. | 02-09-2012 |
20120042168 | METHOD, DEVICE, AND SYSTEM FOR ISSUING LICENSE - A system for issuing a license includes a Content Issuer (CI) configured to receive a Cooperate-RORequest from a Rights Issuer (RI). The CI encapsulates, according to the information carried in the Cooperate-RORequest, content related information by using a key of a destination entity to obtain an encapsulation key, and generates a Message Authentication Code (MAC) on part of information of a license. The CI sends the generated MAC and obtained encapsulation key to the RI, so that the RI sends the license that includes the MAC and the encapsulation key to the destination entity. | 02-16-2012 |
20120060035 | Secure and Verifiable Data Handling - The described implementations relate to secure and verifiable data handling. One implementation can receive a request to add information from a drop-off site to a user account. The request can include a location element and a security element. This implementation can also obtain encrypted units of the referenced data from the drop-off site based upon the location element. This implementation can associate the information with the user account and store the security element. | 03-08-2012 |
20120060036 | Method of Providing Transactions Employing Advertising Based Verification - A method of improving electronic security establishes a secure trusted path between a user and an institution seeking an electronic signature to verify a transaction before any request for signature and completing electronic transaction activities occurs. The secure trusted path providing the user with a first predetermined portion of a branded watermark, for instance an advertisement, provided from the institution in conjunction with the request, and a second predetermined portion of the branded watermark being provided upon a personalized device that cannot be intercepted or manipulated by malware, allowing the user to verify that the request as displayed upon the user's primary computing device is valid. | 03-08-2012 |
20120066502 | SYSTEMS AND METHODS FOR ENABLING TRUST IN A FEDERATED COLLABORATION - Systems and methods consistent with the present invention enable explicit and multilateral trust across a community of federated servers via a network. A trusted third party establishes a framework of policies and procedures governing a federation. Organizations joining the federation submit to an audit process of internal policies and procedures to ensure compliance with the policies and procedures of the federation. Upon successful completion of an audit, an organization may receive a digital certificate containing the digital public key of the organization and indicating approval of the trusted third party. The organization may then use the associated digital private key for signing security assertions associated with a request for resources from another federation service provider. The service provider may trust the assertion from the organization based on trust placed in trusted third party by the service provider and the trust placed in the organization by the trusted third party. | 03-15-2012 |
20120066503 | Secure Data Transfer in an Automation Network - A method for secure data transfer in an automation network wherein the method comprises authenticating a user by a program invocation rights system aided by user data for approving a use of the program invocation by the user, encrypting and signing data by the program invocation, were the data contains the user data. The method also includes transferring the data by a transfer medium from the program invocation to the subassembly, decrypting the data in the subassembly, authenticating the program invocation associated with the subassembly, and authenticating the user by the subassembly rights system aided by the user data. | 03-15-2012 |
20120072729 | WATERMARK EXTRACTION AND CONTENT SCREENING IN A NETWORKED ENVIRONMENT - Methods, devices, and computer program products facilitate the application of a content use policy based on watermarks that are embedded in a content. Watermark extraction and content screening operations, which can include the application of content usage enforcement actions, may be organized such that some or all of the operations can be conducted at different times by different devices. The watermark extraction results can be stored in a secure location and accessed by other devices at different times. These operations can be conducted by one or more trusted devices that reside in a home network. The home network can also include a gateway device that can coordinate the operations of the various network devices and/or delegate the various watermark extraction and content screening operations. | 03-22-2012 |
20120072730 | CONTEXT ACCESS MANAGEMENT USING WATERMARK EXTRACTION INFORMATION - Methods, devices, and computer program products facilitate the application of a content use policy based on watermarks that are embedded in a content. Watermark extraction and content screening operations, which can include the application of content usage enforcement actions, may be organized such that some or all of the operations can be conducted at different times by different devices. These operations can be conducted by one or more trusted devices that reside in a networked environment. Real-time access to a content can also be facilitated by utilizing existing watermark extraction records. To facilitate real-time access to the content, the extraction records may contain segmented authentication information that correspond to particular segments of the content that is being accessed. Additionally, or alternatively, new watermark extraction operations can be conducted in real-time to produce new watermark extraction records. | 03-22-2012 |
20120072731 | SECURE AND EFFICIENT CONTENT SCREENING IN A NETWORKED ENVIRONMENT - Methods, devices, and computer program products facilitate the application of a content use policy based on watermarks that are embedded in a content. Watermark extraction and content screening operations, which can include the application of content usage enforcement actions, may be organized such that some or all of the operations can be conducted at different times by different devices. These operations can be conducted by one or more trusted devices that reside in a networked environment. The authenticity of various devices can be verified through the exchange of certificates that can further enable such devices to ascertain capabilities of one another. Based on the ascertained capabilities, an operational configuration for conducting watermark extraction and content screening can be determined. | 03-22-2012 |
20120072732 | CRYPTOGRAPHIC METHOD FOR ANONYMOUS AUTHENTICATION AND SEPARATE IDENTIFICATION OF A USER - The invention relates to cryptographic method for the anonymous authentication and the identification of a user entity (U | 03-22-2012 |
20120084567 | GROUP SIGNATURE SYSTEM AND METHOD PROVIDING CONTROLLABLE LINKABILITY - A group signature system includes: a key issuer server for generating a first parameter of a group public key, generating a corresponding master issuing key, and issuing a signature key to a user when a user device joins; an opener server for generating a second parameter of the group public key, and a corresponding master opening key and master linking key; and a linker server for checking whether two valid signatures have been linked by using the master linking key when the two signatures corresponding to a group public key are given. The group signature system further includes: a signature verifying unit for confirming a validity of the given signatures and a signer information confirming unit for confirming a validity of singer confirming information generated by the opener server. | 04-05-2012 |
20120084568 | Lightweight Secure Neighbor Discovery Protocol for Low-Power and Lossy Networks - An apparatus comprising a network node configured to support a lightweight secure neighbor discovery (LSEND) protocol for securing neighbor discovery protocols (NDP) for energy-aware devices, wherein the network node is configured to wirelessly communicate with a host node, wherein the network node is configured to exchange LSEND protocol messages with the host node, and wherein the LSEND protocol uses reduced public key and signature sizes and more lightweight signature calculations in comparison to a secure neighbor discovery (SEND) protocol for securing NDP communications that are more suitable for low-power and lossy networks (LLNs). | 04-05-2012 |
20120089843 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND PROGRAM - An information processing apparatus includes: a data processor which creates content to be distributed to a client, wherein the data processor executes processing of creating content provided to a client by selecting data in units of segments, which are division data of content, from a plurality of additional information recorded content items obtained by recording different additional information items on original content, selects different segment columns in units of content distribution clients in the processing of creating content provided to a client, and creates management information in which client information for identifying a client of a content distribution destination and segment column information indicating a segment selection state of the content provided to a client, which is provided to a corresponding client, are matched with each other and records the management information in a storage unit. | 04-12-2012 |
20120089844 | ONE WAY AUTHENTICATION - A cryptosystem prevents replay attacks within existing authentication protocols, susceptible to such attacks but containing a random component, without requiring modification to said protocols. The entity charged with authentication maintains a list of previously used bit patterns, extracted from a portion of the authentication message connected to the random component. If the bit pattern has been seen before, the message is rejected; if the bit pattern has not been seen before, the bit pattern is added to the stored list and the message is accepted. | 04-12-2012 |
20120089845 | VERIFIABLE DEVICE ASSISTED SERVICE USAGE BILLING WITH INTEGRATED ACCOUNTING, MEDIATION ACCOUNTING, AND MULTI-ACCOUNT - Various embodiments are disclosed for a services policy communication system and method. In some embodiments, a communications device implements a service policy for assisting billing for the communications device use of a service on a network; and monitors use of the service based on the service policy, in which a local service usage is synchronized with a network based service usage. | 04-12-2012 |
20120096272 | SECURITY MODEL FOR INDUSTRIAL DEVICES - Systems and/or methods are described relating to a security model that provides interoperability with foreign security domains while remaining scalable to small embedded devices. A security token service is provided, which is configured to issue, renew, and/or validate security tokens in response to a token request. A communication protocol, corresponding message structures, and the security tokens are defined in accordance with protocol buffer definitions. | 04-19-2012 |
20120096273 | AUTHENTICATED ENCRYPTION FOR DIGITAL SIGNATURES WITH MESSAGE RECOVERY - A framework is proposed for authenticated encryption for digital signatures with message recovery whereby authentication is achieved without a redundancy requirement. The Elliptic Curve Pintsov-Vanstone Signature scheme is modified through the use of authenticated encryption, thereby enabling authentication using a message authentication code. The authenticated encryption may be performed within a single function or as two separate functions. The authenticated encryption may also be applied to associated data in the message to be signed. | 04-19-2012 |
20120096274 | AUTHENTICATED ENCRYPTION FOR DIGITAL SIGNATURES WITH MESSAGE RECOVERY - A framework is proposed for authenticated encryption for digital signatures with message recovery whereby authentication is achieved without a redundancy requirement. The Elliptic Curve Pintsov-Vanstone Signature scheme is modified through the use of authenticated encryption, thereby enabling authentication using a message authentication code. The authenticated encryption may be performed within a single function or as two separate functions. The authenticated encryption may also be applied to associated data in the message to be signed. | 04-19-2012 |
20120096275 | SYSTEMS AND METHODS FOR AUTHENTICATING AN ELECTRONIC MESSAGE - Systems and methods are disclosed for authenticating electronic messages. A data structure is generated by a computer server which allows for the authentication of the contents and computer server identity of a received electronic message and provides a trusted stamp to authenticate when the message was sent. Data which can authenticate the message, the computer server identity, and the time the message was sent is included into a data structure which is called an Electronic PostMark (EPM). | 04-19-2012 |
20120096276 | SYSTEM AND METHOD FOR AUTHENTICATING DOCUMENTS - A data processing system for distributing and authenticating documents from a plurality of parties to a recipient data processing apparatus is disclosed. The system comprises a plurality of document distribution devices each configured to generate an original hash value from the content of a file containing a document to be distributed. A recipient data processing apparatus is configured to generate an original super hash value from the plurality of the original hash values, and to distribute the original super hash value to each of the document distribution devices. The system provides assurance that distributed documents have not been tampered with during communication, by an unscrupulous distributing party, or by an unscrupulous recipient by only submitting a hash value of the document to be distributed. The hash value provides for assurance at the eventual recipient of the document that no changes to the document have been made. | 04-19-2012 |
20120102329 | CONTENT DISTRIBUTION AND AGGREGATION - In an example, a method for secure publication of content is described. The method may include encrypting content with a media key. The method may also include providing the encrypted content to a client device associated with a private key and a public key. The private key may be stored at the client device. The method may also include encrypting the media key with the public key. The method may also include providing the encrypted media key to the client device. | 04-26-2012 |
20120102330 | METHOD FOR PROTECTING A TELECOMMUNICATION NETWORK AND SECURE ROUTER IMPLEMENTING SUCH A METHOD - This invention pertains to a method for protecting a telecommunication network comprising at least one secure router ( | 04-26-2012 |
20120110333 | SOFTWARE SECURITY - An apparatus with at least one secure memory area comprising a plurality of pre-installed public keys for verifying software authenticity. The apparatus is caused to receive an indication that a software package signed with a private key according to public key infrastructure has been received; check from the secure memory area, whether a public key associated with the private key with which the software package has been signed, is disabled; and if the public key associated with the private key is disabled, prevent execution of the received software package, and otherwise, proceed to verify authenticity of the received software package using the public key associated with the private key. | 05-03-2012 |
20120110334 | SECURE ROUTE OPTIMIZATION IN MOBILE INTERNET PROTOCOL USING TRUSTED DOMAIN NAME SERVERS - A trusted domain name server is introduced to provide a secure route optimization procedure for MIPv6. A trusted authority registers network addresses of a mobile node with corresponding fully qualified domain names. The trusted domain name server can later be queried to compare the domain of a network address for a mobile node with the domain of a network address for another network node. | 05-03-2012 |
20120110335 | Secure Association of Metadata with Content - A method and system for associating metadata with an encrypted content item, the method including receiving metadata for association with a content item, receiving an entitlement control packet (ECP) associated with the content item, applying a cryptographic hash function to the ECP, thereby generating an ECP hash value, combining the ECP hash value with the metadata, thereby creating a data control object, performing a cryptographic operation on the data control object, thereby generating cryptographic integrity data, and joining the cryptographic integrity data to the data control object after the cryptographic operation, wherein usage of the content by the recipient is dependent on both a validation of the ECP hash value and a validation of the cryptographic integrity data. Related apparatus and methods are also described. | 05-03-2012 |
20120117386 | Methods for Identifying the Guarantor of an Application - Third-party applications for platforms are linked to identified individuals that guarantee the security of the applications. The linkage is achieved by acquiring one or more biometric records of the individual guarantor, storing those records as a signature in a database, assigning a unique identifier to the signature, and embedding that unique identifier in the executable file of the application. The signature of the guarantor can be compared to other stored signatures of other guarantors to check for individuals posing under multiple aliases. The signature of a guarantor linked to a malicious application can be flagged so that a subsequent application guaranteed by the same individual can be disapproved. | 05-10-2012 |
20120124380 | USB COMPOSITE DEVICE AND METHOD THEREFOR - The invention, which relates to information security device, provides a USB composite device and implementing method thereof. The invention provides a solution that integrates the mass storage function and the key device function on a single device. A USB composite device is connected with a host computer and claims its device type; the composite device receives the operating instruction allocated by the host computer and determines whether the instruction is key device operating instruction; if so, performs key device operating; otherwise, performs data reading/writing operating. Providing higher data security and good usability for the user, the solution of the invention is easy to use. | 05-17-2012 |
20120124381 | VALIDATION SYSTEM AND VERIFICATION METHOD INCLUDING SIGNATURE DEVICE AND VERIFICATION DEVICE TO VERIFY CONTENTS - Provided are methods and a validation system that includes a signature device and a verification device for verifying a content. The signature device may generate verification information for each segment of a divided content and may generate signature information to verify the integrity of each segment and whether a corresponding segment is a part of a content. When a segment is received, the verification device may verify integrity of the segment and whether the segment is a part of the content, based on the verification information and the signature value received from the signature device. | 05-17-2012 |
20120124382 | SYSTEM AND METHOD FOR CHECKING DIGITAL CERTIFICATE STATUS - A method for handling digital certificate status requests between a client system and a proxy system is provided. The method includes the steps of receiving at the proxy system digital certificate status request data transmitted from the client system and generating query data for the digital certificate status in response to receiving the digital certificate status request data. The query data is transmitted to a status provider system, and status data from the status provider system in response to the query data is received at the proxy system. Digital certificate status data based on the status data received is generated and transmitting to the client system. | 05-17-2012 |
20120124383 | SYSTEM AND METHOD FOR PROTECTING NETWORK RESOURCES FROM DENIAL OF SERVICE ATTACKS - The present disclosure generally pertains to systems and methods for protecting network resources from denial of service attacks. In one exemplary embodiment, a responder stores an access filter value used to determine whether an incoming message frame has been transmitted from an authorized user. In this regard, a user communication device includes logic for determining the access filter value stored at the responder and, includes the access filter value in a message frame transmitted from the computer to the responder. The responder compares the received access filter value to the stored access filter value. If such values match or otherwise correspond, the responder authenticates the message frame. However, if such values do not match or otherwise correspond, the responder discards the message frame. Thus, the responder processes authenticated message frames and discards unauthenticated message frames thereby preventing denial of service attacks from malicious users. | 05-17-2012 |
20120131344 | IDENTIFYING AND LOCATING AUTHENTICATED SERVICES USING BROADCAST ENCRYPTION - Provided are techniques to enable, using broadcast encryption, a device to locate a service offered by a server with the knowledge that the service offered by the server is a trusted service. A signed enhanced Management Key Block (eMKB) includes a trusted service locator (TSL) that includes one or more records, or “trusted service data records” (TSDRs), each identifying a particular service and a corresponding location of the service is generated and transmitted over a network. Devices authorized to access a particular service parse the eMKB for the end point of the service, connect to the appropriate server and transmit a request. | 05-24-2012 |
20120131345 | SECURE SOFTWARE LICENSING AND PROVISIONING USING HARDWARE BASED SECURITY ENGINE - Provisioning a license and an application program from a first server to a computing platform over a network. The host application derives a symmetric key at least in part from a user password, and sends the license to a license management firmware component of a security engine, in a message signed by the symmetric key. The license management firmware component derives the symmetric key at least in part from the user password stored in a secure storage of the security engine, verifies the signature on the message using the symmetric key, verifies the first server's signature on the license, decrypts the license using a first private key of the license management firmware component corresponding to the first public key to obtain the second key, and sends the second key to the host application, which decrypts the application program using the second key. | 05-24-2012 |
20120131346 | SECURING PRIVATE KEY ACCESS FOR CROSS-COMPONENT MESSAGE PROCESSING - Often, for reasons of wireless bandwidth conservation, incomplete messages are provided to wireless messaging devices. Employing cryptography, for secrecy or authentication purposes, when including a received message that has been incompletely received can lead to lack of context on the receiver's end. By automatically obtaining the entirety of the message to be included, an outgoing message that includes the received message can be processed in a manner that securely and accurately represents the intended outgoing message. Alternatively, a server can assemble a composite message from a new message and an original message and, in cooperation with a wireless messaging device, sign the composite message. Since signing the composite message involves access to a private key, access to that private key is secured such that such access to the private key can only be arranged responsive to an explicit request for a hash that is to be signed using the private key. | 05-24-2012 |
20120131347 | SECURING OF ELECTRONIC TRANSACTIONS - A method in an approval service and a corresponding method in a user identity unit for securing of an electronic transaction. The method comprises a number of steps that begins with receiving of a request of approving a business transaction associated with at least one user identity and one business service, after which a check of the authority of the user identity to use the business service is performed. An exchange with the user identity is then performed of an encrypted and signed verification document that comprises at least information about the business transaction. The business transaction is then approved depending on the contents of the verification document. | 05-24-2012 |
20120131348 | METHOD FOR SIGNING DOCUMENTS USING A PC AND A PERSONAL TERMINAL DEVICE - A method for obtaining a digital signature is disclosed. Upon receipt of request for a digital signature within a customer computer, a Mobile electronic transaction proxy within the customer PC notifies a web browser of the request for the digital signature and assists in obtaining a digital signature on a data string included within the request. After the digital signature is obtained, the data string along with an appended digital signature is transmitted back to a requesting party. | 05-24-2012 |
20120137135 | STORAGE-MEDIUM PROCESSING METHOD, A STORAGE-MEDIUM PROCESSING APPARATUS, AND A STORAGE-MEDIUM PROCESSING PROGRAM - Spread of a forged storage medium is prevented suppressing an authentic storage medium's damage and trouble of a owner to the minimum. When there is an update request of user key data, the update history of the user key data concerning the shown above-mentioned medium identifier IDm is referred to. When judged that the update of the user key data concerning the shown medium identifier IDm not being performed within a predetermined period, the update of user key data is performed. The request of a update is refused when judged that the update of the user key data concerning the shown medium identifier IDm being performed within a predetermined period. | 05-31-2012 |
20120144202 | SECURE AUTHENTICATION FOR CLIENT APPLICATION ACCESS TO PROTECTED RESOURCES - An authorization server receives a request for an access token, for accessing a protected resource, from a client application executing on a device, wherein the request includes a client identifier that uniquely identifies the client application and a device identifier that uniquely identifies the device. The authorization server performs authentication of the client identifier and the device identifier. The authorization server returns a valid access token to the client application, based on the authentication of the client identifier and the device identifier, to enable the client application access to the protected resource. | 06-07-2012 |
20120151214 | METHOD FOR THE USE OF A MOBILE APPLIANCE USING A MOTOR VEHICLE - The invention relates to a method for the use of a mobile appliance which is not associated with a motor vehicle using a motor vehicle, wherein a program which can be executed on the mobile appliance and a digital certificate associated with the program are stored in the mobile appliance, wherein the digital certificate is transmitted from the mobile appliance to the motor vehicle, wherein the digital certificate is verified in the motor vehicle, wherein—if verification of the digital certificate is successful—information associated with the program which can be executed on the mobile appliance is presented using a display in the motor vehicle, and wherein the program which can be executed on the mobile appliance is used using a user arrangement, associated with the display, in the motor vehicle. | 06-14-2012 |
20120151215 | APPARATUS AND METHOD FOR PROTECTING COPYRIGHT OF DIGITAL CONTENT, AND APPARATUS AND METHOD FOR DETERMINING AUTHENTICITY OF DIGITAL CONTENT - Provided are an apparatus and method for protecting the copyright of digital content, and an apparatus and method for determining the authenticity of digital content. The apparatus for protecting the copyright of digital content includes a creative commons license (CCL) watermark application unit configured to watermark digital content provided with | 06-14-2012 |
20120151216 | METHODS AND SYSTEMS FOR ENCODING AND PROTECTING DATA USING DIGITAL SIGNATURE AND WATERMARKING TECHNIQUES - Systems and methods are provided for protecting and managing electronic data signals. In one embodiment a strong watermark is inserted in a data signal that is divided into a sequence of blocks, and a digital signature for each block is embedded in the signal via a watermark. The signal is then stored and distributed. When attempts are made to use or access the signal, the signal is checked for the presence of a watermark containing the digital signature for the desired portion of the signal. If the watermark is found, the digital signature is extracted and used to verify the authenticity of the desired portion of the signal. If not found, the signal is checked for the presence of the strong watermark, which if found causes the system to inhibit further use of the signal, and if not found further use of the signal is allowed. | 06-14-2012 |
20120159174 | System and Method for Conveying Session Information for Use in Forensic Watermarking - Methods for providing content session information using a content manager, streaming server, and one or more watermarking devices are disclosed. A content asset is also disclosed. The content asset may include content. In addition, the content asset may include a content data field having forensic watermark information, e.g. session or identifying information. In one aspect, the content asset is compressed and the compressed content asset has one or more pre-processed candidate watermark locations. In this aspect, the forensic watermark information may be extracted, e.g. by a watermarking device, from the content data field and included in the one or more pre-processed candidate watermark locations. | 06-21-2012 |
20120159175 | Deduplicated and Encrypted Backups - A system and method for efficiently creating deduplicated and encrypted data across a plurality of computers allows local encryption and remote storage of deduplicated segments. Large data blocks may be divided into segments of data, and encrypted using a two-step process. A standard hash of the encrypted segment is used as an index into a remote deduplicated database so that only unique data segments are stored, and are stored only in encrypted form. When retrieving data, a data owner uses the stored digest to retrieve the data from the deduplicated database and the stored IV and second key to decrypt the data. Only the data owner has the second key and IV, so the encrypted data segment stored data in the deduplicated database is highly secure from information bleed during the storage process. | 06-21-2012 |
20120159176 | Method and Apparatus to Create and Manage Virtual Private Groups in a Content Oriented Network - A content router for managing content for virtual private groups in a content oriented network, the content router comprising storage configured to cache a content from a customer in a content oriented network (CON), and a transmitter coupled to the storage and configured to forward the content upon request, wherein the content is signed by the user, wherein the CON provides different security levels for different users in a plurality of users, and wherein the plurality of users correspond to a plurality of user classes. | 06-21-2012 |
20120159177 | System and Method for Website Authentication Using a Shared Secret - A web site can be authenticated by a third party authentication service. A user designates an authentication device that is a shared secret between the user and the authentication service. A web site page includes a URL that points to the authentication service. The URL includes a digital signature by the web site. When the user receives the page, the user's browser issues a request to the authentication service, which attempts to authenticate the digital signature. If the authentication is successful, it sends the authentication device to the user computer. | 06-21-2012 |
20120166806 | Method and Apparatus to Use Identify Information for Digital Signing and Encrypting Content Integrity and Authenticity in Content Oriented Networks - A content router comprising storage configured to cache, in a content oriented network (CON), a content object with a signature signed by a publisher based on a known identity to a subscriber; and a transmitter coupled to the storage and configured to forward the content object with the signature upon request to the subscriber, wherein the subscriber uses the signature to verify one of the content object's integrity and the content object's authenticity based on the known identity without verifying a trust of a publisher key for the publisher, and wherein the known identity is trusted by the publisher and does not require verifying trust from the publisher. | 06-28-2012 |
20120166807 | Systems and Methods Using Cryptography to Protect Secure Computing Environments - Secure computation environments are protected from bogus or rogue load modules, executables and other data elements through use of digital signatures, seals and certificates issued by a verifying authority. A verifying authority—which may be a trusted independent third party—tests the load modules or other executables to verify that their corresponding specifications are accurate and complete, and then digitally signs the load module or other executable based on tamper resistance work factor classification. Secure computation environments with different tamper resistance work factors use different verification digital signature authentication techniques (e.g., different signature algorithms and/or signature verification keys)—allowing one tamper resistance work factor environment to protect itself against load modules from another, different tamper resistance work factor environment. Several dissimilar digital signature algorithms may be used to reduce vulnerability from algorithm compromise, and subsets of multiple digital signatures may be used to reduce the scope of any specific compromise. | 06-28-2012 |
20120173878 | DEVICE AND METHOD FOR FORMING A SIGNATURE - A device is described for forming a signature from an input signal (input). According to the present invention, a plurality of transformation elements is provided, each having a finite-state machine, to which, on the input end, in each case the input signal (input) and/or a signal (input′), that is a function of the input signal, is able to be fed, all the finite-state machines are similar and are configured in such a way, particularly able to be initialized, that each finite-state machine always respectively has a different state than do all the other finite-state machines, and the signature is formable as a function of state data of at least one finite-state machine. | 07-05-2012 |
20120179913 | METHOD AND SYSTEM FOR PROPAGATING A CLIENT IDENTITY - A method and system for securely propagating client identities in a service call from a first system to a target service system are provided. The system includes a memory device for storing data and a service provider (SP) computer system. The SP computer system is programmed to determine identities to transmit to the target system in association with a request, construct a data structure to represent each identity and additional information related to the identity, digitally sign the identity information, pair the identity information and the corresponding digital signature in a header of a request message from the first system to the target service system, receive the request message and extract the identity information and corresponding digital signatures from the header, validate the corresponding digital signatures, and construct using the corresponding identity information a data structure that represents each of the original identities established in the first system. | 07-12-2012 |
20120179914 | Digital Watermark Key Generation - This disclosure relates to message encoding. One claim recites a digital watermark key generation method in which the key providing security for a plural-bit message. The method comprises: providing a plural-bit seed; randomizing the plural-bit seed; using a programmed electronic processor for encoding the randomized plural-bit seed with convolutional encoding, the encoded seed comprising a key; and transforming an independent message with the key, the independent message to be used in a digital watermark encoding process. Of course, other claims and combinations are provided too. | 07-12-2012 |
20120191978 | SYSTEM AND METHOD FOR SECURING DATA FOR REDIRECTING AND TRANSPORTING OVER A WIRELESS NETWORK - A system and method for securing data for redirecting and transporting over a wireless network are generally described herein. In accordance with some embodiments, when it is determined that an electronic message that is protected with a first encryption algorithm is to be transported over a wireless network to a wireless device, the electronic message is converted to a data structure that is recognizable by the wireless device and the data structure is encrypted with a second encryption algorithm using a random session key. The second encryption algorithm has a stronger security than the first encryption algorithm. The random session key is encrypted with a public key and packets that comprise the encrypted data structure and the encrypted random session key are transmitted to the wireless device over the wireless network. | 07-26-2012 |
20120198237 | DOCUMENT MANAGEMENT SYSTEM AND METHOD - A document management system includes a number generator and/or a secure controller, and a document. The document includes a map-file for each participant in a workflow of the document. Corresponding, randomly generated nonces and/or complementary workflow assurance tokens are distributed within the respective map-files of neighboring participants by the number generator or the secure controller. The system includes a private key that recovers the respective corresponding, randomly generated nonce of a receiving one of the neighboring participants and/or the respective complementary workflow assurance token of the receiving one of the neighboring participants. A communication mechanism enables transmission of the recovered corresponding, randomly generated nonce of the receiving one of the neighboring participants or a signature generated by the receiving one of the neighboring participants to a sending one of the neighboring participants for verification. | 08-02-2012 |
20120198238 | METHOD FOR ESTABLISHING AN ELECTRONIC AUTHORIZATION FOR A USER BEARING AN ELECTRONIC IDENTITY DOCUMENT, AND METHOD FOR SUPERVISING SAID AUTHORIZATION - The invention relates to a method for generating and validating a digital authorization request, as well as to the method for supervising said authorization. The method of invention enables the guarantee, due to a combination of a series of signatures, at any time, of the identity of the bearer of the document and of the validating body. | 08-02-2012 |
20120198239 | METHOD AND APPARATUS FOR INPUT OF CODED IMAGE DATA - An image input device which includes a means for inputting image data, a memory for storing secret information and an operator for carrying out an operation by using the image data and the secret information. | 08-02-2012 |
20120198240 | METHOD AND SYSTEM FOR ENTITY PUBLIC KEY ACQUIRING, CERTIFICATE VALIDATION AND AUTHENTICATION BY INTRODUCING AN ONLINE CREDIBLE THIRD PARTY - A method and system for entity public key acquiring, certificate validation and authentication by introducing an online credible third party is disclosed. The method includes the following steps: 1) an entity B transmits a message 1 to an entity A; 2) the entity A transmits a message 2 to a credible third party TP after receiving the message 1; 3) the credible third party TP determines the response RepTA after receiving the message 2; 4) the credible third party TP returns a message 3 to the entity A; 5) the entity A returns a message 4 to the entity B after receiving the message 3; 6) the entity B receives the message 4; 7) the entity B transmits a message 5 to the entity A; 8) the entity A receives the message 5. The present invention can achieve public key acquisition, certificate validation and authentication of the entity by integrating them in one protocol, thereby facilitate the execution efficiency and the effect of the protocol and facilitate the combination with various public key acquisition and public key certificate state enquiry protocols. The present invention suits with a “user-access point-server” access network structure to meet the authentication requirement of the access network. | 08-02-2012 |
20120204034 | DATA TRANSMISSION METHOD USING AN ACKNOWLEDGEMENT CODE COMPRISING HIDDEN AUTHENTICATION BITS - A method for transmitting data between a first and a second point comprises the steps of transmitting data, from the first to the second point, together with a signature comprising bits of a first authentication code, and transmitting an acknowledgement, from the second to the first point. The length of the first authentication code is greater than the length of the signature and the first authentication code comprises hidden authentication bits. The acknowledgement is produced by using hidden authentication bits of a second authentication code presumed to be identical to the first, produced at the second point. | 08-09-2012 |
20120210136 | ENABLING SECURE ACCESS TO SENSOR NETWORK INFRASTRUCTURE USING MULTIPLE INTERFACES AND APPLICATION-BASED GROUP KEY SELECTION - A method implemented in a network element for controlling access to a set of resources on a per-application basis, the set of resources including subsets of the resources where each subset is accessible to a set of one or more applications through the use of a separate group key, the method comprising the steps of receiving an authentication request from a node communicatively connected to the network element through a first network interface of the network element, the authentication request including a certificate for the node, validating the certificate for the node, determining that the certificate has been authorized for the set of one or more applications through a query of a certificate database, retrieving each group key that corresponds to the set of one or more applications through a query of a group key database, and returning each group key retrieved from the group key database to the node. | 08-16-2012 |
20120216043 | Method for Securely Dematerializing the Transfer of Evidence in Data-Stream Production Systems, In Particular Video-Surveillance Systems - A method including putting in place an end-to-end secure network, digitally signing the recorded data, regardless of its type, encrypting the recorded sensitive data, and putting in place a key management infrastructure for the creation, the renewal, the distribution and the repudiation of the keys, and putting in place an evidence administration process which guarantees the time-stamping of the digital signature, the validation of this digital signature and the ultimate archiving of the legal evidence of the integrity and of the authenticity of the video stream. | 08-23-2012 |
20120221861 | METHOD AND APPARATUS FOR PROVIDING END-TO-END SECURITY FOR DISTRIBUTED COMPUTATIONS - An approach is provided for providing end-to-end security in multi-level distributed computations. A distributed computation security platform determines one or more signatures associated with one or more computation closures of at least one functional flow. The distributed computation security platform also processes and/or facilitates a processing of the one or more signatures to generate at least one supersignature. The distributed computation security platform further determines to associate the at least one supersignature with the at least one functional flow. | 08-30-2012 |
20120233469 | HYBRID SIGNATURE SCHEME - A signature scheme is provided in which a message is divided in to a first portion which is hidden and is recovered during verification, and a second portion which is visible and is required as input to the verification algorithm. A first signature component is generated by encrypting the first portion alone. An intermediate component is formed by combining the first component and the visible portion and cryptographically hashing them. A second signature component is then formed using the intermediate component and the signature comprises the first and second components with the visible portion. A verification of the signature combines a first component derived only from the hidden portion of the message with the visible portion and produces a hash of the combination. | 09-13-2012 |
20120233470 | TRUSTED MESSAGE STORAGE AND TRANSFER PROTOCOL AND SYSTEM - An electronic content storage and exchange system includes an interface configured to send and receive messages; a database and a controller. The database includes a plurality of records, each record representing a respective virtual storage media and including at least: a respective unique identifier assigned to the virtual storage media; a respective Private key and certificate assigned to the virtual storage media; a current content value, and a log of content transfers. The controller executes transfer-in and transfer-out processes in respect of each of the virtual storage media. The transfer-in process includes steps of: receiving a content transfer message including at least a message content to be transferred and the respective identifier assigned to a recipient virtual storage media; accessing the record representing the recipient virtual storage media,; and storing the message content in the current content of the recipient virtual storage media. The transfer-out process includes steps of: receiving a content transfer request message including at least at least a message content to be transferred and the respective identifier assigned to a sending virtual storage media; accessing the record representing the sending virtual storage media; removing the message content from the current content; generating a content transfer message including the message content; and returning the content transfer message. | 09-13-2012 |
20120239935 | SYSTEM FOR ENABLING DIGITAL SIGNATURE AUDITING - A computer method, computer system, and article for enabling digital signature auditing. The method includes the steps of: receiving at least one signature request issued by at least one application, forwarding a first data corresponding to the received at least one signature request to at least one signing entity for subsequent signature of the first data, storing an updated system state that is computed using a function of: i) a reference system state and ii) a second data corresponding to the received at least one signature request, where the reference system state and the updated system state attest to the at least one signature request, and repeating the above steps, using the updated system state as a new reference system state, where the steps of the method are executed at a server of a computerized system. | 09-20-2012 |
20120239936 | CREDENTIAL TRANSFER - Methods and apparatus, including computer program products, are provided for credential transfer. In one aspect there is provided a method. The method may include receiving, at a first device, an authorization token; determining, at the first device, a delegation token, one or more credentials, and metadata; and providing, by the first device to a second device, the delegation token, the one or more credentials, and the metadata. Related apparatus, systems, methods, and articles are also described. | 09-20-2012 |
20120246481 | VIRTUAL SUBSCRIBER IDENTITY MODULE - A mobile trusted platform (MTP) configured to provide virtual subscriber identify module (vSIM) services is disclosed. In one embodiment, the MTP includes: a device manufacturer-trusted subsystem (TSS-DM) configured to store and provide credentials related to a manufacturer of the MTP; a mobile network operator—trusted subsystem (MNO-TSS) configured to store and provide credentials related to a mobile network operator (MNO); and a device user/owner—trusted subsystem (TSS-DO/TSS-U) configured to store and provide credentials related to user of the MTP. The TSS-MNO includes a vSIM core services unit, configured to store, provide and process credential information relating to the MNO. The TSS-DO/TSS-U includes a vSIM management unit, configured to store, provide and process credential information relating to the user/owner of the MTP. The TSS-DO/TSS-U and the TSS-MNO communicate through a trusted vSIM service. | 09-27-2012 |
20120246482 | BUNDLE VERIFICATION - Systems, devices, and methods for modifying a signed bundle and verifying the modified bundle are disclosed. A signed bundle may be modified by removing a file specified in a server file list from a plurality of files in the bundle. The signed bundle comprises a catalog of files in the signed bundle and their associated hashes. The modified bundle includes the remaining files of the signed bundle that are not specified in the server file list and the catalog file of the signed bundle, the catalog signature of the signed bundle. The modified bundle may be verified by verifying the catalog signature of the modified signed bundle, and checking that the files specified in the catalog are either in the modified signed bundle or specified in the server file list. The hashes of the files in the modified signed bundle may also be checked to verify the modified signed bundle. | 09-27-2012 |
20120254619 | GENERATING A SECURE SIGNATURE UTILIZING A PLURALITY OF KEY SHARES - A method begins by a module to generate a secure signature on an item by selecting a first key representation index of a set of key representation indexes, wherein a first mathematical encoding of a private key generates a first plurality of key shares as a first key representation. The method continues with the module determining whether a first plurality of signature contributions have been received in response to a signature request for the item based on the first key representation index, wherein one of a first set of dispersed storage (DS) units executes a first mathematical signature function using one of the first plurality of key shares on the item to produce a signature contribution of the first plurality of signature contributions and when the first plurality of signature contributions have been received, generating the secure signature on the item from the first plurality of signature contributions. | 10-04-2012 |
20120260095 | APPARATUS AND METHODS FOR CONTROLLING DISTRIBUTION OF ELECTRONIC ACCESS CLIENTS - Apparatus and methods for controlling the distribution of electronic access clients to a device. In one embodiment, a virtualized Universal Integrated Circuit Card (UICC) can only load an access client such as an electronic Subscriber Identity Module (eSIM) according to an activation ticket. The activation ticket ensures that the virtualized UICC can only receive eSIMs from specific carriers (“carrier locking”). Unlike prior art methods which enforce carrier locking on a software application launched from a software chain of trust (which can be compromised), the present invention advantageously enforces carrier locking with the secure UICC hardware which has, for example, a secure code base. | 10-11-2012 |
20120260096 | METHOD AND SYSTEM FOR MONITORING A SECURE DOCUMENT - A method for enabling access to a secure document by a document service includes receiving the document, and an ordered sequence of signature verification keys that are to be selected in an orderly manner, from a document owner. Access is enabled to the document via an allocated access address. Uploading an uploaded document is enabled. A signature associated with the uploaded document is verified using a currently selected signature verification key from the ordered sequence. If verification fails, the uploaded document is rejected. If verification succeeds, the document accessible via the allocated access address is replaced with the uploaded document and a next signature verification key of the ordered sequence is selected to be the currently selected signature verification key. | 10-11-2012 |
20120260097 | SYSTEM AND METHOD OF SIGNING A MESSAGE - A system and method of signing a message to be sent from a first communication device to a destination via a second communication device. The message includes a first portion on the first communication device and a second portion on the second communication device. The method includes receiving at the second communication device the first portion of the message and a first signature for the first portion from the first communication device; combining the first portion and the second portion to form the message; obtaining a second signature for the message; and sending the first signature, the second signature and the message from the second communication device to the destination. | 10-11-2012 |
20120260098 | Storage and Authentication of Data Transactions - Data is transmitted between a first user and a second user via an information technology communications network, in a method comprising the steps of:
| 10-11-2012 |
20120260099 | INCREMENTAL SECURE BACKUP AND RESTORE OF USER SETTINGS AND DATA - Methods and apparatuses for performing secure incremental backup and restore operations are disclosed. | 10-11-2012 |
20120265992 | METHOD FOR PROCESSING A SOAP MESSAGE WITHIN A NETWORK AND A NETWORK - For allowing a one-pass streaming processing of XML (Extended Markup Language) based SOAP (Simple Object Access Protocol) messages with signed and/or encrypted MTOM attachments in a simple way, a method for processing a SOAP message within a network is provided. The SOAP message includes a fragment with binary content that will be moved into an MTOM (Message Transmission Optimization Mechanism) attachment of the SOAP message with a remaining reference to the binary content within the SOAP message and wherein the attachment will be signed and/or encrypted by a signing and encryption process, respectively. During signing process in addition to the hash of the signed fragment itself the same fragment excluding the binary content will be hashed and/or during encryption process in addition to the encryption of the fragment itself the fragment including only the reference to the binary content instead of the binary content will be encrypted. | 10-18-2012 |
20120265993 | ADVANCED WATERMARKING SYSTEM AND METHOD - A method, computer program product, and computing device for obtaining an uncompressed digital media data file. One or more default watermarks is inserted into the uncompressed digital media data file to form a watermarked uncompressed digital media data file. The watermarked uncompressed digital media data file is compressed to form a first watermarked compressed digital media data file. The first watermarked compressed media data file is stored on a storage device. The first watermarked compressed media data file is retrieved from the storage device. The first watermarked compressed digital media data file is modified to associate the first watermarked compressed digital media data file with a transaction identifier to form a second watermarked compressed digital media data file. | 10-18-2012 |
20120278626 | DNSSEC Inline Signing - Systems and methods of performing incremental DNSSEC signing at a registry are described in which digital signature operations may be performed as part of a single transaction including DNS add, update, and/or delete operations and the like. Exemplary methods may include receiving a domain command from a requester, the domain command including an identifier of a domain. The received domain command may be executed with respect to data stored by the registry for the domain. As part of an individual transaction including the execution of the domain command, the registry may also sign DNSSEC records for the domain using a private key of an authoritative server. After the DNSSEC records have been signed, the registry may incrementally publish the signed DNSSEC records to a separate server. Exemplary methods may also include “took-aside” operations in which, for example, add, update, and/or delete operations may be executed on data stored in a registry database and reported to a requester, prior to applying digital-signatures to the DNSSEC data. After reporting that the instructions have been executed, the registry may generate a digital signature based on the add, update, and/or delete changes, and commit the digital signature to a registry resolution database. | 11-01-2012 |
20120278627 | Security based on subliminal and supraliminal channels for data objects - This invention relates to security for data objects; more particularly, the present invention relates to improved security based on subliminal and supraliminal channels for data objects. In another embodiment, a method of protecting a data object comprises: steganographically encoding a subset of candidate bits in a digitized sample stream; perceptibly manipulating data in the digitized sample stream; and combining the imperceptible and perceptible data changes to create a secure/unique digital sample stream. In yet another embodiment, a method for securing a data signal comprises: preanalyzing said data signal for candidate watermark/signature bits; steganographically encoding independent data into the data signal into a subset of the candidate watermark bits, at least one time; and encoding the data signal subsequently with a perceptible technique. | 11-01-2012 |
20120278628 | Digital Signature Method and System - A digital signature method, a method for initialising a digital signature scheme, a system for digitally signing a message and a computer program product are described. At least the digital signature method involves a signer having a weak security parameter. The signer retrieves a cryptographic element from each of a plurality of computing entities. Each cryptographic element is a function of a commitment supplied by the signer and the commitment includes a cryptographic function of a weak security parameter provided by the signer. A strong cryptographic security parameter is generated using a plurality of said elements. A message is then signed according to the digital signature scheme using the strong cryptographic security parameter to generate a digital signature. | 11-01-2012 |
20120284521 | BONDING CONTENTS ON SEPARATE STORAGE MEDIA - Local storage on player instruments provides the ability for adding further amendments and most recent supplements to the optical disc content. A problem arising with this technically applicable possibility is the protection of copyrights bound to disc and supplement data. The present invention describes a technique to ensure a security framework that is able to handle this, by creating a virtual file system (VFS) by merging optical disc data and local storage data based upon a common identifier. | 11-08-2012 |
20120290846 | UNAUTHORIZED CONTENTS DETECTION SYSTEM - A data processing device for playing back a digital work reduces the processing load involved in verification by using only a predetermined number of encrypted units selected randomly from multiple encrypted units constituting encrypted contents recorded on a DVD. In addition, the data processing device improves the accuracy of detecting unauthorized contents by randomly selecting a predetermined number of encrypted units every time the verification is performed. | 11-15-2012 |
20120297196 | MAINTAINING PRIVACY FOR TRANSACTIONS PERFORMABLE BY A USER DEVICE HAVING A SECURITY MODULE - A method and system for maintaining privacy for transactions performable by a user device having a security module with a privacy certification authority and a verifier are disclosed. The system includes an issuer providing an issuer public key; a user device having a security module for generating a first set of attestation-signature values; a privacy certification authority computer for providing an authority public key and issuing second attestation values; and a verification computer for checking the validity of the first set of attestation signature values with the issuer public key and the validity of a second set of attestation-signature values with the authority public key, the second set of attestation-signature values being derivable by the user device from the second attestation values, where it is verifiable that the two sets of attestation-signature values relate to the user device. | 11-22-2012 |
20120303962 | SYSTEM AND METHOD FOR EMBEDDING A WRITTEN SIGNATURE INTO A SECURE ELECTRONIC DOCUMENT - A system and method for embedding a written signature into a secure electronic document is disclosed. The method includes forming a placeholder electronic document containing content to be attested to by a signature. A signing individual can be selected from a signer list. A signature tag can be placed into the placeholder electronic document at a selected signature location. The signature tag is associated with the signing individual and defines the signature location for the signing individual to sign. The placeholder electronic document can be secured to form a secure electronic document having content configured to be uneditable. A signature can be captured with a signature capture device configured to enable the signing individual to write the signature to be embedded into the secure electronic document at the location indicated by the signature tag to mimic a real world experience of signing paper documents. | 11-29-2012 |
20120311336 | PERFORMING ZERO-COPY SENDS IN A NETWORKED FILE SYSTEM WITH CRYPTOGRAPHIC SIGNING - A method and system for sending data in a file system that uses cryptographic signatures to protect data integrity. A computer system calculates a signature based on the content of a page of a memory. The memory is shared by processes that run on the computer system. The computer system write-protects the page while the page is used for calculation of the signature. When a first process attempts to modify the page, a page fault is triggered. In response to the page fault, the content of the page in memory is copied to a new page in the memory. The new page is accessible by the processes. Access to the page by the first process is redirected to the new page. Subsequent to the page fault, access to the page by the second process is also redirected to the new page. | 12-06-2012 |
20120311337 | METHOD AND SYSTEM FOR SIGNED STATELESS DATA TRANSFER - According to some embodiments, a method and system provides receiving a first request for service from a client during a communication session by a server, providing a response to the first request to the client, the response to the first request including state information specific to the first request and a memory of the server; clearing the server memory of the state information specific to the first request; receiving, by the server, a second request for service from the client during the communication session, the second request including the state information specific to the first request; and restoring a state of the server memory based on the state information specific to the first request received in the second request. | 12-06-2012 |
20120311338 | SECURE AUTHENTICATION OF IDENTIFICATION FOR COMPUTING DEVICES - In the field of computer and data security, the identifier (ID) of a computing device is protected by providing a secure signature used to verify the ID. The signature is computed from the ID using a “White Box” cryptographic process and a hash function. This provides a signature that is computationally easy to verify but difficult or impossible to generate by a hacker (unauthorized user). This method of first creating the signature and later verifying the identifier using the signature and the associated computing apparatus are thereby useful for protection against hacking of such identifiers of computing devices. | 12-06-2012 |
20120311339 | METHOD FOR STORING DATA ON A PEER-TO-PEER NETWORK - A method of storing data from a first node on a peer-to-peer network. The method includes creating a public and private key pair from a data item, determining a hash value for the public key, assigning the hash value as a user identifier for the user of the node, and storing the public key within a distributed hash table of the network. The user identifier corresponds to the key for the public key within the distributed hash table. The method includes the step of digitally signing the user identifier using the created private key. | 12-06-2012 |
20120311340 | WIRELESS COMMUNICATIONS DEVICE AND AUTHENTICATION PROCESSING METHOD - An authentication method is provided which is capable of performing message authentication within an allowable time regardless of the magnitude of the number of messages and performing message authentication high in accuracy within a range for which the allowable time allows. Upon transmission by wireless communications with another mobile or a fixed station, a message authentication code of communication data and a digital signature are generated (S | 12-06-2012 |
20120317418 | System and Method for Extracting Device Uniqueness to Assign a License to the Device - An information handling system includes a device, a controller, and a license manager subsystem. The controller is configured to determine whether the device has a license assigned and to extract a unique identification for the device in response to a request for information about the device. The license manager subsystem is configured to send the request for information about the device to the controller, to send the unique identification for the device to a license server as a request for the license for the device, to receive the license from the license server, and to assign the license to the device when the license is received. | 12-13-2012 |
20120317419 | SYSTEM FOR CONTROLLING THE DISTRIBUTION AND USE OF RENDERED DIGITAL WORKS THROUGH WATERMARKING - Method, apparatus, and media for embedding a watermark in digital content. An exemplary method comprises receiving digital content in an encrypted form, receiving a decryption key associated with the digital content, receiving permitted use information specifying conditions under which the digital content is permitted to be rendered and indicating that a watermark is to be embedded in a rendered copy of the digital content, determining whether the conditions are satisfied, and rendering the digital content if the conditions are satisfied based on the determining, the rendering including generating a watermark based on the permitted use information and creating a rendered copy of the digital content having the watermark embedded therein. | 12-13-2012 |
20120317420 | ELECTRONIC SIGNATURE DEVICE AND ELECTRONIC SIGNATURE METHOD - An electronic signature device includes a processor configured to internally execute signature generation processing of generating an electronic signature for a digital data string; and an output unit configured to output the digital data string and the generated electronic signature. | 12-13-2012 |
20120324228 | PLATFORM THAT FACILITATES PRESERVATION OF USER PRIVACY - Described herein are technologies pertaining to preserving privacy of users of mobile computing devices. Two users of two mobile computing devices share a quantization scheme for quantizing location data using a predefined quantization interval. The two users additionally share a private key that is utilized to encrypt locations obtained by the two computing devices that have been quantized using the shared quantization scheme. Encrypted, quantized locations are compared in a cloud computing service in connection with answering location-based queries, where the comparison is undertaken without the cloud computing service decrypting the encrypted, quantized locations. | 12-20-2012 |
20120324229 | SYSTEM AND METHOD FOR GENERATING KEYLESS DIGITAL MULTI-SIGNATURES - A method of generating a keyless digital multi-signature is provided. The method includes receiving multiple signature generation requests from one or more client computers, building subtrees based on the signature generation requests, and constructing a search tree including the subtrees. The method also includes assigning explicit length tags to leaf nodes of the search tree to balance the search tree and applying a hash function to each of the search tree nodes. The root hash value and the height of the search tree make up a generated aggregate signature request, followed by receiving an aggregate signature based on the aggregate signature request. The keyless digital multi-signature is generated based on the aggregate signature and contains an implicit length tag to verify that the number of signature generation requests is limited. The aggregate signature is generated if the height of the search tree does not exceed a predetermined height limitation. | 12-20-2012 |
20120324230 | SYSTEM FOR ENABLING DIGITAL SIGNATURE AUDITING - A computer method, computer system, and article for enabling digital signature auditing. The method includes the steps of: receiving at least one signature request issued by at least one application, forwarding a first data corresponding to the received at least one signature request to at least one signing entity for subsequent signature of the first data, storing an updated system state that is computed using a function of: i) a reference system state and ii) a second data corresponding to the received at least one signature request, where the reference system state and the updated system state attest to the at least one signature request, and repeating the above steps, using the updated system state as a new reference system state, where the steps of the method are executed at a server of a computerized system. | 12-20-2012 |
20120324231 | ATTRIBUTES IN CRYPTOGRAPHIC CREDENTIALS - Method and apparatus for generating cryptographic credentials certifying user attributes and making cryptographic proofs about attributes encoded in such credentials. Attributes are encoded as prime numbers E in accordance with a predetermined mapping and a cryptographic credential is generated encoding E. To prove that an attribute encoded in a cryptographic credential associated with a proving module of the system is a member of a predetermined set of user attributes, without revealing the attribute in question, the proving module determines the product Q of respective prime numbers corresponding to the attributes in the set in accordance with the predetermined mapping of attributes to prime numbers. The proving module demonstrates to the receiving module possession of a cryptographic credential encoding a secret value that is the prime number E, and then whether this secret value divides the product value Q. | 12-20-2012 |
20120324232 | Author Signatures for Legal Purposes - Methods and apparatus, including computer program products, implementing and using techniques for establishing trust in an electronic document. An electronic document is received. State dependent content in the electronic document is identified. The state dependent content is content that is renderable to have a several appearances. The electronic document is presented to a user, which includes disclosing the presence of any identified state dependent content in the electronic document. | 12-20-2012 |
20120331300 | Span Out Load Balancing Model - This document describes techniques for transporting at least a portion of the data for a remote presentation session via datagrams. In particular, a span-out model is described whereby a remote presentation session can be associated with multiple channels and each channel can be routed through a different gateway computer system. As such, a connectionless oriented channel for a client may be routed through a first gateway computer system and a connection oriented channel for the client may be routed through a second gateway computer system. In addition to the foregoing, other techniques are described in the claims, the attached drawings, and the description. | 12-27-2012 |
20120331301 | METHOD AND SYSTEM FOR USING A SMART PHONE FOR ELECTRICAL VEHICLE CHARGING - Systems and methods are provided to allow a smart phone or any terminal to reserve and activate an electric vehicle charger using a web site or server computer system. An access control system is provided that includes a server and an access device. The access device includes an electrical vehicle charger. A reservation request is accepted from a first terminal using the server. A reservation certificate is provided to a portable second terminal in response to the request using the server. The reservation certificate is accepted from the portable second terminal using the access device. The reservation certificate is determined to be authentic using the access device. The electric vehicle charger is activated in response to accepting an authentic reservation certificate using the access device. | 12-27-2012 |
20130007462 | CIRCUMVENTION OF WATERMARK ANALYSIS IN A HOST CONTENT - Methods and devices are provided to thwart analysis of a watermarking system by preventing analysis of watermarks in a host content. Upon receiving a content at a watermark embedding device, the content is analyzed to ascertain whether one or more test features are present in at least a first portion of the received content. When the analysis reveals that one or more test features are present, embedding of watermarks in at least the first portion of the received content is disabled. The test features of interest include a temporal, a spatial and/or a frequency characteristic such that, if a region of the content that includes test feature is embedded with a watermark, at least one characteristic of the embedded watermark is detectable upon analysis of that region. The test feature can, for example, approximate an impulse signal, a step function signal or a pure sinusoidal signal. | 01-03-2013 |
20130007463 | COMMUNICATION CHANNEL ACCESS BASED ON CHANNEL IDENTIFIER AND USE POLICY - A communication channel has an associated channel authenticator that includes a channel identifier, a use policy identifying how an owner of the communication channel indicates the communication channel is used, and a digital signature over the channel identifier and use policy. The identifier of the communication channel and the use policy can be verified by a computing device, and a check made as to whether a current security policy of the computing device is satisfied by the use policy. An access that the computing device is allowed to have to the communication channel is determined based at least in part on both whether the current security policy is satisfied by the use policy and whether the identifier of the communication channel and the use policy are verified. | 01-03-2013 |
20130024696 | METHOD AND APPARATUS FOR FLASH UPDATES WITH SECURE FLASH - Firmware updates are performed in a digital device that includes a secure flash that secures each block of stored data with a digital signature. In at least one embodiment, the update package that is received by the digital device for use in performing the update includes the digital signatures of blocks to be updated in the flash. In other embodiments, the digital signatures are generated within the digital device after an update package has been received. | 01-24-2013 |
20130024697 | SYSTEM AND METHOD FOR OBFUSCATION INITIATION VALUES OF A CRYPTOGRAPHY PROTOCOL - A computer-implemented technique for determining whether a first computing device has the correct version of a software program may be used to provide a secure approach to verifying that a client computing device has a secure and approved version of content player software implemented for consuming downloaded copyright media content. With this technique, copyright media content providers are able to ensure that only secure and approved content players are implemented to access the content. | 01-24-2013 |
20130024698 | DIGITAL CONTENT MANAGEMENT SYSTEM, DEVICE, PROGRAM AND METHOD - A digital content management system ( | 01-24-2013 |
20130024699 | System and Method for Protecting Cryptographic Assets From a White-Box Attack - A digital signature generation (DSG) process which provides resistance against white box attackers is disclosed. This is done by applying specially selected data transformations to the inputs, outputs and internal parameters of the algorithm. In particular, the signatory's private key does not appear in the clear in our protected implementation. Our new white box implementation produces signatures that are compatible with signatures created by conventional implementations; thus our solution facilitates interoperability and can be used as a drop-in replacement for conventional implementations. In particular, we describe transformations to the key (d) and the generator domain parameter (usually denoted G or g) of the digital signature generation processes, such that embodiments of the invention can produce signed messages which appear to a verifier as if the key (d) was used, without actually ever using the key (d). This makes it impossible for an adversary to ever observe the key (d), as it is not actually used. Further embodiments include additional protections to make it even harder for an adversary to deduce the key (d) by observing the process which generates the digital signature. | 01-24-2013 |
20130031369 | MANAGING ACCESS TO A SECURE CONTENT-PART OF A PPCD USING A KEY RESET POINT - In a method for managing access to a secure content-part of a PPCD, a key reset point of the secure content-part during a workflow among workflow participants is determined. In addition, key-map files comprising subsets of access keys that provide access to the secure content-part during respective content access sessions are generated, in which at least one of the key-map files corresponds to the key reset point and comprises a first decryption key, a first verification key, a second encryption key, and a second signature key, in which the first decryption key does not correspond to the second encryption key, and in which the first verification key does not correspond to the second signature key. In addition, the plurality of key-map files are supplied to at least one of the participants. | 01-31-2013 |
20130031370 | ELECTRONIC SIGNATURE AUTHENTICATION - Method of authenticating a signature on a work document in which a remote server generates a digital work fingerprint and a representation file of the work document. The representation file and the digital work fingerprint are transmitted to a client station from the remote server via a wide area communication network, and at least one digital representation fingerprint of the representation file is generated. A file to be signed is generated containing at least the digital work and representation fingerprints. The client station generates only one client signature from the file to be signed, and a client signature file is generated containing at least the file to be signed and the client signature. | 01-31-2013 |
20130042115 | SYSTEMS AND METHODS FOR IMPLEMENTING SECURITY IN A CLOUD COMPUTING ENVIRONMENT - Computer systems and methods are provided in which an agent executive, when initially executed in a virtual machine, obtains an agent API key from a user. This key is communicated to a grid computer system. An agent identity token, generated by a cryptographic token generation protocol when the key is valid, is received from the grid and stored in a secure data store associated with the agent executive. Information that evaluates the integrity of the agent executive is collected using agent self-verification factors. The information, encrypted and signed with a cryptographic signature, is communicated to the grid. Commands are sent from the grid to the agent executive to check the security, compliance, and integrity of the virtual machine processes and data structures. Based on these check results, additional commands are sent by the grid to the agent executive to correct security, compliance or integrity problems and/or to prevent security compromises. | 02-14-2013 |
20130042116 | INFORMATION PROCESSING APPARATUS AND INFORMATION PROCESSING METHOD - An information processing apparatus including a message generator generating a message based on a set F=(f | 02-14-2013 |
20130046989 | DIGITAL SIGNATURE MANAGEMENT AND VERIFICATION SYSTEMS AND METHODS FOR DISTRIBUTED SOFTWARE - A digital signature management system for distributed software applications includes a communication network and a digital signature module coupled to the communication network. The system also includes one or more software applications coupled to the communication network that each include an identification code and a signature application that intercepts a digitally signed message received from a sending application and provides it to the digital signature module. The digital signature module can be configured to verify the digital signature of messages it receives from the one more software applications. | 02-21-2013 |
20130046990 | AUTHENTICATION AND BINDING OF MULTIPLE DEVICES - Systems and methods are described that relate to authentication and/or binding of multiple devices with varying security profiles. In one aspect, a first device with a higher security profile may vouch for the authenticity of a second device with a lower security profile when the second device requests access for content from a content provider. The vouching process may be implemented by allowing the first device to overlay its digital signature on a registration request that has been signed and transmitted by the second device. The second device with the lower security profile may access content from the content provider or source for a predetermined time period, even when the second device does not access content through the first device. | 02-21-2013 |
20130046991 | SYSTEM AND METHOD FOR USING A PORTABLE SECURITY DEVICE TO CRYPTOGRAHICALLY SIGN A DOCUMENT IN RESPONSE TO SIGNATURE REQUESTS FROM A RELYING PARY TO A DIGITAL SIGNATURE - A system, method and computer-readable storage medium with instructions for operating a digital signature server and a portable security device to cooperate to provide digital signature services using a private key stored on the portable security device by delegating to a user's smart card the actual task of digitally signing documents. Other systems and methods are disclosed. | 02-21-2013 |
20130046992 | STORAGE AND RETRIEVAL OF DISPERSED STORAGE NETWORK ACCESS INFORMATION - A method begins by a dispersed storage (DS) processing module receiving a certificate signing request (CSR) from a user device. The method continues with the DS processing module generating a set of hidden passwords based on the CSR and accessing a set of authenticating units to obtain a set of passkeys. The method continues with the DS processing module retrieving a set of encrypted shares and decrypting the set of encrypted shares to produce a set of encoded shares. The method continues with the DS processing module decoding the set of encoded shares to recapture a private key and generating a user signed certificate based on the private key. The method continues with the DS processing module discarding the private key to substantially protect the private key from the user device and outputting the user signed certificate to the user device. | 02-21-2013 |
20130054972 | SYSTEMS AND METHODS FOR SECURING CONTENT DELIVERED USING A PLAYLIST - Systems and methods in accordance with embodiments of the invention enhance the security of content distribution using individualized playlists. In many embodiments, a playlist is individually composed for a client device so that the selection of content included in the playlist encodes information. One embodiment includes generating a watermark sequence, where each watermark sequence is a unique identifier, selecting between alternative chunks of encoded content based upon the watermark sequence, where each of the alternative chunks of encoded content includes the same perceptual content and differs in the way it is watermarked, and listing the selected chunks in a playlist, where content assembled using the playlist includes a unique watermark sequence. | 02-28-2013 |
20130054973 | APPARATUS AND METHODS FOR SECURE ARCHITECTURES IN WIRELESS NETWORKS - Apparatus, methods, computer readable media and processors may provide a secure architecture within which a client application on a wireless device may, in some aspects, exchange information securely with resident device resources, and in other aspects, with a remote server over a wireless network. | 02-28-2013 |
20130061056 | EXTENDING AN INTEGRITY MEASUREMENT - A method of extending an integrity measurement in a trusted device operating in an embedded trusted platform by using a set of policy commands to extend a list of Platform Configuration Registers (PCRs) for the device and the current values of the listed PCRs and an integrity value identifying the integrity measurement into a policy register, verify a signature over the integrity value extended into the policy register, and, if verification succeeds, extend a verification key of the trusted platform, plus an indication that it is a verification key, into the policy register, compare the integrity value extended into the policy register with a value stored in the trusted platform, and, if they are the same: extend the stored value, plus an indication that it is a stored value, into the policy register, and extend the integrity measurement in the trusted device if the value in the policy register matches a value stored with the integrity measurement. | 03-07-2013 |
20130067232 | METHOD AND SYSTEM FOR CREDENTIAL MANAGEMENT AND DATA ENCRYPTION FOR iOS BASED DEVICES - A mechanism and method for managing credentials on an electronic device and providing encryption and decryption services for the electronic device comprising a mobile communication device, smart phone or other computing device. According to an embodiment the device is configured with an iOS based operating system. The device is configured with a data encryption service application and an associated secure data repository. According to an embodiment, the electronic device is configured to download and/or cache credentials from a credential management system operatively coupled to the device, comprising public-private key pairs in a PKI system. According to an embodiment, the electronic device is configured with or stores a digital verification signature. The data encryption service application is configured to encrypt/decrypt data (e.g. files, documents) and optionally digitally sign the encrypted file. The encrypted (and digitally signed data) is contained in the sandbox associated with the data encryption service application. | 03-14-2013 |
20130067233 | DATA CARD VERIFICATION SYSTEM - To verify a pair of correspondents in an. electronic transaction, each of the correspondents utilises respective parts of first and second signature schemes. The first signature scheme is computationally more difficult in signing than verifying and the second signature scheme is computationally more difficult in verifying than signing. The first correspondent signs information according to the first signature scheme, the second correspondent verifies the first signature received from the first correspondent, using the first signature scheme. The second correspondent then signs information according to the second signature scheme and the first correspondent verifies the second signature received from the second correspondent, according to the second signature algorithm. The method thereby allows one of the correspondents in participate with relatively little computing power while maintaining security of the transaction. | 03-14-2013 |
20130073856 | ASSISTED CERTIFICATE ENROLLMENT - A certificate enrollment assistant module may be provided to inject a challenge password into a certificate signing request to be sent, to a Certificate Authority, from a computing device. The certificate enrollment assistant module, thereby, acts as a trusted proxy to assist the computing device in building a valid certificate signing request without the computing device having access to the challenge password. | 03-21-2013 |
20130073857 | ONE WAY AUTHENTICATION - A cryptosystem prevents replay attacks within existing authentication protocols, susceptible to such attacks but containing a random component, without requiring modification to said protocols. The entity charged with authentication maintains a list of previously used bit patterns, extracted from a portion of the authentication message connected to the random component. If the bit pattern has been seen before, the message is rejected; if the bit pattern has not been seen before, the bit pattern is added to the stored list and the message is accepted. | 03-21-2013 |
20130073858 | METHOD AND A SYSTEM FOR A SECURE EXECUTION OF WORKFLOW TASKS OF A WORKFLOW IN A DECENTRALIZED WORKFLOW SYSTEM - Secure execution of workflow tasks are executed according to a given execution pattern in a decentralized workflow system with a central workflow engine and multiple task execution agents. The method starts at an i'th execution agent which is selected by at least one preceding execution agent in accord with the execution pattern to perform an i'th task of the workflow. The method includes receiving, from the at least one preceding execution agent via a secure channel, a task-based private key generated by the at least one preceding execution agent, signing workflow information of the workflow for at least one subsequent execution agent with a workflow signature, selecting at least one appropriate subsequent execution agent, computing a task-based private key for the at least one subsequent execution agent, and forwarding to the at least one subsequent execution agent the workflow information with its associated workflow signature. | 03-21-2013 |
20130073859 | SYSTEMS AND METHODS TO SECURE USER IDENTIFICATION - In one aspect, a computing apparatus is configured to verify a digital signature applied on a set of data received from a user device, including an user ID assigned by a partner system to uniquely identify a user of the user device among customers of the partner system, and a user device identifier identifying the user device. The digital signature is generated via applying a cryptographic one-way hash function on a combination of the set of data and a secret, shared between the computing apparatus and the partner system via a secure communication channel separate from a channel used to receive the set of data. | 03-21-2013 |
20130073860 | ATTRIBUTE-BASED DIGITAL SIGNATURE SYSTEM - An attribute-based digital signature system comprises a signature generation unit ( | 03-21-2013 |
20130080785 | Host Agnostic Integration and Interoperation System - A host agnostic integration and interoperation system. The host agnostic integration and interoperation system includes an open platform interface and the associated conventions that define the roles of and direct operations between a host and a service application running on an external application server and allow the host to discover and integrate the functionality provided by the service application. The open platform interface employs a limited number of easily implemented semantic methods allowing a host to expose and integrate the ability to view, edit, or otherwise manipulate a document using the host supported functionality of the service application from a standard user agent. The host agnostic integration and interoperation system handles user authentication at the host using an access token and establishes a trust relationship between the host and the external application server using a lightweight but secure proof key system. | 03-28-2013 |
20130080786 | Signature Specification for Encrypted Packet Streams - Methods, systems, and products are disclosed for specifying a signature for an encrypted packet stream. One method receives the encrypted stream of packets, and encryption obscures the contents of a packet. A signature for insertion into the stream of packets is specified, and the signature identifies a type of data encrypted within the stream of packets. The signature identifies the contents of the packet despite the encryption obscuring the contents. | 03-28-2013 |
20130086385 | System and Method for Providing Hardware-Based Security - In some implementations, a method for managing resources of a device includes receiving, by a system-on-chip (SoC) in the device, from a customer, a request to access one or more resources of the SoC. The SoC includes a non-volatile memory (NVM), a feature register, programming history, and a plurality of resources including the one or more resources. A customer identifier (CID) is identified based on the received request. The customer is authenticated using a certificate including the CID. Whether the SoC grants, to the customer, access to the one or more resources is determine using the feature register and the CID. | 04-04-2013 |
20130086386 | METHOD AND SYSTEM FOR RESTRICTING EXECUTION OF VIRTUAL APPLICATIONS TO A MANAGED PROCESS ENVIRONMENT - Methods and systems for restricting the launch of virtual application files. In one embodiment, a launching application is signed with a digital signature. When the launching application launches a runtime engine and instructs it to execute an application file, the runtime engine determines whether an entity identifier associated with the launching application identifies an authorized entity. If the entity identifier identifies an authorized entity and the digital signature is valid, the runtime engine executes the application file. In another embodiment, a ticket is transmitted to the launching application along with an instruction to launch the application file. The ticket includes a digital signature and an expiration date. The launching application communicates the ticket to the runtime engine, which will execute the application file only if the digital signature is valid and a current date is not later than the expiration date. | 04-04-2013 |
20130086387 | Method for Certifying and Verifying Digital Web Content Using Public Cryptography - There is provided a method of, computer programs for and apparatus for providing and accessing digital content such as a news item. A news provider generates a news item, creates a digitally signed version of the news item and packages them together with a digital certificate issued by a certificate authority containing the public key required to decrypt the digitally signed version. The package is posted to a server and is transmitted, or made available or transmission, over a public data network together with a computer program for verifying the news item. A receiving party receives, over the public data network, the package at a client device and is provided with means for launching, and if necessary first downloading, the verifying program. The verifying program uses the public key contained in the certificate to verify the digitally signed news item. Before being first used to verify a news item, the verifying program receives a shared secret from the receiving party which is stored locally to the client device and is used by the verifying program to confirm that it performed the verification process. | 04-04-2013 |
20130091360 | LIGHTWEIGHT GROUP SIGNATURE SYSTEM AND METHOD WITH SHORT SIGNATURE - A lightweight group signature system and method with short signatures according to the exemplary embodiments of the present invention can provide security characteristics similar to group signature mechanisms providing the existing known controllable linkability but can make a revocation method simple by outputting a short signature and providing excellent operation efficiency at the time of signature generation, signature verification, and revocation on smart terminals, and can be widely applied to various anonymity-based application environments, making by making operation efficiency excellent at the time of signature generation and verification and outputting very short signature lengths. | 04-11-2013 |
20130097426 | WATERMARKING AND SCALABILITY TECHNIQUES FOR A VIRTUAL DESKTOP PLANNING TOOL - A method for measuring performance of virtual desktop services offered by a server including a processor is described. A first encoded watermark is embedded into user interface display generated by a virtual desktop when initiating an operation. The first encoded watermark includes pixels identifying the operation and indicating its initiation. A second encoded watermark is embedded into the user interface upon completion of the operation indicating completion of the operation. An action performance time is then computed and stored in a memory. Multiple performance times may be compiled from multiple operations of multiple virtual desktops to assess the performance of the system as a whole. | 04-18-2013 |
20130103948 | POINT OF SALE (POS) PERSONAL IDENTIFICATION NUMBER (PIN) SECURITY - A key is securely injected into a POS PIN pad processor in its usual operating environment. In response to entry of a personal identification number (PIN) into a PIN pad, the processor puts the PIN into a PIN block; puts additional random data into the PIN block; and encrypts the entire PIN block using asymmetric cryptography with a public key derived from the injected key residing in the PIN pad processor. The corresponding private key may be held securely and secretly by an acquirer processor for decrypting the PIN block to retrieve the PIN. The encrypted random data defends the PIN against dictionary attacks. Time stamp data and constant data encrypted with the PIN block enables a defense of the PIN against replay attacks and tampering. The method may also include accepting the PIN from a mobile phone in communication with the processor. | 04-25-2013 |
20130111212 | METHODS TO PROVIDE DIGITAL SIGNATURE TO SECURE FLASH PROGRAMMING FUNCTION | 05-02-2013 |
20130111213 | METHOD AND SYSTEM FOR VIDEO TRANSMISSION AND PROCESSING WITH CUSTOMIZED WATERMARKING DELIVERY | 05-02-2013 |
20130117569 | METHOD AND APPARATUS FOR IMPROVING DIGITAL SIGNATURES - Systems and methods are provided for enchancing pseudo random number generation to thwart various security attacks to a system that relies on digital signature security measures. For example, a random number may be bound to a message that is to be signed using a digital signature. Alternatively, a random number may be bound to a secret seed value, which may be updated subsequent to each signing. Alternatively still, a random number may be bound to both the message to be signed using a digital signature and a secret seed value. | 05-09-2013 |
20130117570 | WATERMARK EXTRACTION BASED ON TENTATIVE WATERMARKS - Methods, devices and computer program products facilitate the extraction of embedded watermarks in the presence of content distortions. Pre-distorted synchronization templates are used to detect synchronization portions of embedded watermark frames. A pre-distorted synchronization template that best matches the synchronization portion of the embedded watermark frame produces an estimation of one or more distortions that are present in the content. The remainder of watermark frame can be evaluated based on the outcome of the comparison. | 05-09-2013 |
20130117571 | EXTRACTION OF EMBEDDED WATERMARKS FROM A HOST CONTENT BASED ON EXTRAPOLATION TECHNIQUES - Methods, devices and computer program products facilitate the extraction of embedded watermarks in the presence of content distortions. Subsequent to the detection of a tentative watermark, particular sections of the content are examined to form one or more extrapolated watermarks or watermark segments. Weights are assigned to the extrapolated watermarks or watermark segments, and used in combination with the detected tentative watermark to collectively assess if a desired probability of false detection is satisfied. | 05-09-2013 |
20130124868 | SYSTEM AND METHOD FOR PARTS-BASED DIGITAL RIGHTS MANAGEMENT - Various embodiments of a system and method for parts-based digital rights management are described. Various embodiments may include a digital rights management component configured to receive content comprising a plurality of portions of content. The digital rights management component may also receive a license for the encrypted content; the license may include a plurality of permissions each specific to a respective portion of the content. Additionally, each permission may specify one or more access privileges for the respective portion of the content. The digital rights management component may receive a digital signature for the entire license. The digital rights management component may validate the digital signature to determine that the permissions have not been modified. The digital rights management component may also be configured to, in response to determining that said permissions have not been modified, provide access to content in accordance with said license including said permissions. | 05-16-2013 |
20130124869 | Using Digital Certificates in Document Distribution - One embodiment of the present invention provides a system that uses digital certificates to facilitate enforcing licensing terms for applications that manipulate documents. During operation, the system obtains a credential, wherein the credential includes a private key and a digital certificate containing a corresponding public key. This digital certificate also contains a profile specifying allowed operations which can be performed on documents signed with the credential. Next, the system digitally signs a document using the credential, so that the resulting signed document is signed with the private key and includes a copy of the digital certificate with the profile specifying the allowed operations. The certificate issuer can subsequently revoke the digital certificate (which effectively revokes the license) if teens of a license agreement associated with the digital certificate are violated. | 05-16-2013 |
20130124870 | CRYPTOGRAPHIC DOCUMENT PROCESSING IN A NETWORK - Data received over a network is processed by a server. The processing includes determining identity information corresponding to an identity associated with a document represented by document data received over an input port of the server from a sender. At the server, a private key is computed based on: a master private key, and the identity information. At the server digital information is computed based at least in part on the document data using the computed private key. The digital information is stored in a storage medium accessible to the server in association with the identify information. | 05-16-2013 |
20130132727 | ENHANCED CONTENT MANAGEMENT BASED ON WATERMARK EXTRACTION RECORDS - Content screening operations are facilitated in devices that receive a content that is subject to screening obligations. When such a content is received at a device, a watermark extraction record is obtained and accessed to fulfil content screening obligations. Upon the receipt of such an extraction record, verification of the received extraction record is carried out based on a verification rate. If the verification is successful for an extraction record with permissive information, the verification rate is decreased, thereby reducing the processing load of the device. If the verification is unsuccessful, the verification rate is increased, which can adversely affect the processing load of the device. | 05-23-2013 |
20130132728 | DIGITAL SIGNATURE SERVER AND USER TERMINAL - To reduce a load on a user terminal imposed when verifying signature data and at the same time reduce a load on a server, a signature key matrix KM includes a plurality of signature keys Ki-j arranged in a matrix structure of m rows and n columns, and is stored in a signature key matrix database | 05-23-2013 |
20130132729 | METHOD AND SYSTEM FOR PROTECTING BY WATERMARKING AGAINST NON-AUTHORISED USE ORIGINAL AUDIO OR VIDEO DATA WHICH ARE TO BE PRESENTED - For protecting by watermarking against non-authorised use, e.g. non-authorised recording or copying, original audio or video data which are to be presented in a digital cinema, a sender site generates from the original signal at least two differently pre-watermarked versions for successive blocks or frames of the signal, wherein these versions are derived by applying a repeated watermark symbol value to a version and different watermark symbol values to the different versions. The pre-watermarked signal versions are encrypted and transferred e.g. as data files to a digital cinema unit in which they are decrypted. According to the values of a desired watermark information word, corresponding frames or blocks from said decrypted and pre-watermarked versions are assembled in a successive manner, so as to provide and present a watermarked version of said original audio or video signal that carries said watermark information word. | 05-23-2013 |
20130138963 | STATE-MAINTAINED MULTI-PARTY SIGNATURES - A hash module of a mail sender creates a hash data context structure. The hash module processes the headers and the body of an e-mail message in the order required, for example by the DKIM specification, until the data to be hashed has been input. The hash module converts the context structure into printable characters and the encoded structure is transmitted over the Internet or other network to the next participating system. The token authority's hash module decodes the context back into binary form. After ensuring business logic is satisfied, it generates additional headers required for signature, which are then added to the developing hash. The hash module finalizes the hash function and creates the hash value. The authorization module creates the signature and returns it to the e-mail module, which attaches the signature to the message and transmits it to the destination mailbox provider, which verifies the token. | 05-30-2013 |
20130138964 | VERIFICATION OF AUTHENTICITY AND RESPONSIVENESS OF BIOMETRIC EVIDENCE AND/OR OTHER EVIDENCE - Authenticity and responsiveness of evidence (e.g., biometric evidence) may be validated without regard for whether there is direct control over a sensor that acquired the evidence. In some implementations, only a data block containing evidence that is (1) appended with a server-generated challenge (e.g., a nonce) and (2) signed or encrypted by the sensor may validate that the evidence is responsive to a current request and belongs to a current session. In some implementations, trust may be established and/or enhanced due to one or more security features (e.g., anti-spoofing, anti-tampering, and/or other security features) being collocated with the sensor at the actual sampling site. | 05-30-2013 |
20130138965 | CONTROL METHOD, PROGRAM AND SYSTEM FOR LINK ACCESS - A plurality of users is assumed in which user A is the owner of content providing the source of a link, user B is the owner of the content providing the destination of the link, and user C is a viewer. Each user has a private key and a public key, and the public keys are shared by the users. User B selects user C in advance as a viewer. User B creates data including a value in which an encryption key with a proxy signature generated on the basis of the public key of user C and its own private key is encrypted using the public key of user A, and distributes the data to user A, which is the owner of the content providing the source of the link. User A decrypts the received data including the value using its own private key. This makes a function available based on encryption with the proxy signature. User A converts the link information using this function, signs the information using its own private key, and sends it to user C. User C verifies the signature by checking the received information using the public key of user A and the public key of user B, extracts the link information generated by user A using the function, decrypts it using its own private key, and obtains the link information. | 05-30-2013 |
20130145165 | METHOD OF SENDING A SELF-SIGNED CERTIFICATE FROM A COMMUNICATION DEVICE - A method of sending a self-signed certificate from a communication device, the self-signed certificate being signed by the communication device. The method includes: receiving a communication in relation to establishing a session from a second communication device in proximity to said communication device, outputting on an output device of said communication device a certificate hash of the self-signed certificate or an address of where to obtain the certificate hash, and sending the self-signed certificate to said second communication device. The method may also include sending a broadcast message to announce a presence of the communication device. | 06-06-2013 |
20130145166 | SYSTEM AND METHOD FOR DATA AUTHENTICATION AMONG PROCESSORS - The invention discloses system and method for data authentication among processors. The method comprises: generating a first key, by a first processor, according to a first identification data and a first algorithm; generating a first digest, by the first processor, according to data to be transmitted, the first identification data and a second algorithm; generating a digital signature, by the first processor, according to the first key, the first digest and a third algorithm; and transmitting the data and the digital signature from the first processor to a second processor. | 06-06-2013 |
20130145167 | Optimized Integrity Verification Procedures - Some embodiments of the invention provide a method of verifying the integrity of digital content. At a source of the digital content, the method generates a signature for the digital content by applying a hashing function to a particular portion of the digital content, where the particular portion is less than the entire digital content. The method supplies the signature and the digital content to a device. At the device, the method applies the hashing function to the particular portion of the digital content in order to verify the supplied signature, and thereby verifies the integrity of the supplied digital content. | 06-06-2013 |
20130145168 | MASKED DIGITAL SIGNATURES - A method for creating and authenticating a digital signature is provided, including selecting a first session parameter k and generating a first short term public key derived from the session parameter k, computing a first signature component r derived from a first mathematical function using the short term public key, selecting a second session parameter t and computing a second signature component s derived from a second mathematical function using the second session parameter t and without using an inverse operation, computing a third signature component using the first and second session parameters and sending the signature components (s, r, c) as a masked digital signature to a receiver computer system. In the receiver computer system, a recovered second signature component s′ is computed by combining a third signature component with the second signature component to derive signature components (s′, r) as an unmasked digital signature. | 06-06-2013 |
20130151855 | WATERMARK EMBEDDING WORKFLOW IMPROVEMENTS - Methods, devices and computer program products facilitate embedding and extraction of watermarks into and from a host content. Embedded watermarks include an automatically generated portion that is associated with metadata. The metadata, which includes one or more identifiers of the host content, is stored at a database and can be accessible to both the watermark embedder and a watermark extractor. The automatically generated portion of the payload can be a serial number is changed for each watermark embedding session. | 06-13-2013 |
20130151856 | CONDITIONAL ACCESS USING EMBEDDED WATERMARKS - Methods, devices and computer program products facilitate conditional access to a content embedded with watermarks. For such a content, when copy control rules associated with an embedded watermark message prohibits unconditional access to the content, it is determined whether or not an exception to the copy control rules exists, and if an exception to the copy control rules exists, the content is conditionally accessed. Additional watermark messages can be extracted while the content is being conditionally accessed, and based on the additionally extracted watermark messages, it is verified that conditional access to the content has been fulfilled. | 06-13-2013 |
20130159717 | METHOD AND APPARATUS FOR SECURE FIRMWARE DOWNLOAD USING DIAGNOSTIC LINK CONNECTOR (DLC) AND ONSTAR SYSTEM - A method for authenticating a piece of firmware to be downloaded to a controller. The method includes signing the firmware or a first part of the firmware with a first private key at a first trusted source and signing the firmware or a second part of the firmware with a second private key at a second trusted source. The method also includes validating the signed firmware or the first part of the firmware using a first public key at the controller and validating the firmware or the second part of the firmware using a second public key at the controller. The method further includes authenticating the firmware if the firmware or the first part of the firmware is validated by the first public key at the controller and the firmware or the second part of the firmware is validated by the second public key at the controller. | 06-20-2013 |
20130159718 | UPDATING SIGNATURE ALGORITHMS FOR STRONG NAME BINDING - The present invention extends to methods, systems, and computer program products for updating signature algorithms used for signing an assembly with a strong name without changing the identity of the assembly. The present invention enables an assembly that has already been given an identity (via strong name signing with an identity public/private key pair) to be resigned with a different public/private key pair without changing the original identity that was based on the identity public/private key pair. This is accomplished by including a counter signature within the assembly that links the original identity of the assembly to the new signature key pair. | 06-20-2013 |
20130159719 | APPARATUS AND METHOD FOR SIGNING APPLICATION - When a signature apparatus cooperating with a market server receives signature request information for an optional application from the market server to sign an application, the signature apparatus determines whether an authentication note has been issued corresponding to application identification information included in the signature request information based on the application identification information. When the authentication note has not been issued; the signature apparatus issues the authentication note using the application identification information, generates signature information for the to application using the application identification information, and signs the application including the authentication note and the signature information. | 06-20-2013 |
20130159720 | MOBILE SOLUTION FOR SIGNING AND RETAINING THIRD-PARTY DOCUMENTS - Techniques for signer-initiated electronic document signing via an electronic signature service using a mobile or other client device are described. Example embodiments provide an electronic signature service (“ESS”) configured to facilitate the creation, storage, and management of documents and corresponding electronic signatures. In some embodiments, when a signer user receives an electronic signature document on a mobile device, the signer may use a client module executing on the mobile device to import the document into the ESS. Once the document is imported into the ESS, the signer can access, review, and sign the document at the ESS via the mobile device. After signing the document, the signer can use the mobile device to cause the ESS to provide the signed document to one or more recipients. | 06-20-2013 |
20130159721 | APPARATUS AND METHOD FOR SIGNATURE VERIFICATION - A receiver comprises a security processor and a first memory that stores software code or second stage authentication key and a signature for the software or the second stage key. The receiver also stores a plurality of verification keys (PUAK). When the receiver is switched on or reset, the software or second stage key and the signature are loaded from the first memory. The security processor then loads a PUAK and uses it to verify the signature. In case of successful verification, the software code or second stage key is used and the verification method ends; it is then possible to activate CA specific functions in the receiver. However, if the verification is unsuccessful, then it is verified if there are untried PUAKs. If there are no untried signatures, then the verification has failed and the software cannot be verified; the verification method ends. If there are untried signatures, then the next PUAK is loaded. | 06-20-2013 |
20130159722 | ACTIVE SENSING FOR DYNAMIC SPECTRUM ACCESS - Various communication systems may benefit from physical layer watermarking. For example, active sensing for dynamic spectrum access may be performed using physical layer watermarking, such as watermarking based on channel effects and/or receiver distortion. A method may include, for example, obtaining an original signal to be transmitted to at least one receiver. The method may also include watermarking the original signal with at least one of authentication data or ancillary data to provide an enhanced signal. The watermarking can include a physical layer watermark. The physical layer watermark can be configured to emulate at least one a channel effect or a receiver distortion. The method can further include transmitting the enhanced signal to the at least one receiver. | 06-20-2013 |
20130159723 | METHODS, APPARATUS AND SYSTEMS FOR MONITORING LOCATIONS OF DATA WITHIN A NETWORK SERVICE - In one embodiment, a data set is received at a network service element of a network service, a location record for that data set is generated, and the location record is sent to a location registry within the network service to monitored locations of that data set within a network service. The network service element is operatively coupled to a communications link. The location record is generated based on a portion of the data set and a cryptographic key associated with the network service element. The location record uniquely identifies the presence of the data set at the network service element. | 06-20-2013 |
20130166914 | METHODS AND SYSTEMS FOR AUTHENTICATING ELECTRONIC MESSAGES USING CLIENT-GENERATED ENCRYPTION KEYS - Systems and methods for authenticating electronic messages using client-generated encryption keys provide for a sender transmitting an original message to a recipient device that includes a digital signature of the original message content and the key used to generate the digital signature. The sender may store an association between the digital signature, the key, and the recipient's address. The recipient may verify the integrity of the original message using the received digital signature and may further verify the authenticity of the message by transmitting a confirmation request message back to the sender that includes the original digital signature and a second digital signature of the confirmation request message using the received key. The sender may either confirm or deny that it sent the original message by determining whether a record exists that associates the digital signature and the key received from the recipient as well as the recipient's address. | 06-27-2013 |
20130166915 | SECURE TEXT-TO-SPEECH SYNTHESIS IN PORTABLE ELECTRONIC DEVICES - A method for secure text-to-speech conversion of text using speech or voice synthesis that prevents the originator's voice from being used or distributed inappropriately or in an unauthorized manner is described. Security controls authenticate the sender of the message, and optionally the recipient, and ensure that the message is read in the originator's voice, not the voice of another person. Such controls permit an originator's voiceprint file to be publicly accessible, but limit its use for voice synthesis to text-based content created by the sender, or sent to a trusted recipient. In this way a person can be assured that their voice cannot be used for content they did not write. | 06-27-2013 |
20130166916 | DUAL-CHANNEL ELECTRONIC SIGNATURE SYSTEM USING IMAGE CODES AND RELATED COMPUTER PROGRAM PRODUCT - A dual-channel electronic signature system is disclosed, having a signature verification server, a signature requester device, and a hand-held device. The signature requester device calculates a characteristic value related to content of a target document, encodes the characteristic value and a destination message to generate a first graph, and outputs the first graph The hand-held device captures and decodes an image of the first graph to obtain the characteristic value, performs an electronic signature operation on the characteristic value to generate a signature data, encodes the signature data to generate a second graph, and transmits the second graph to a destination network address. If the signature data contained in the second graph passes a verification procedure of the signature verification server, the signature verification server transmits a verification graph corresponding to the second graph to the signature requester device. | 06-27-2013 |
20130173923 | METHOD AND SYSTEM FOR DIGITAL CONTENT SECURITY COOPERATION - A method for digital content security cooperation, including: creating, by a first content possessing device, a cooperation content packet of digital contents and transmitting the created cooperation content packet to at least one of a second content possessing device or a first content cooperating device, wherein the cooperation content packet includes an attribute data block and a content data block; and performing, by the first content cooperating device receiving the cooperation content packet, privilege verification according to the cooperation content packet, and after the privilege verification is passed, updating the information in the content data block in the cooperation content packet, and transmitting the cooperation content packet including the updated information to at least one of a second content cooperating device or the first content possessing device. | 07-04-2013 |
20130179690 | METHOD AND APPARATUS FOR FAST IMAGE ENCRYPTION AND INVISIBLE DIGITAL WATERMARK - The invention is for a method and system for encrypting and decrypting image/signal, based on new column and/or row operation of the image/signal, and a new digital watermark system, based on the new encryption/decryption system. The column and row operation are introduced for creating a chaotic image/signal so that the resulting image/signal is unreadable/inaudible with a fast computational speed. The new digital watermark technology can sustain cropping damage for verification. | 07-11-2013 |
20130179691 | SIGNATURE GENERATION APPARATUS, SIGNATURE GENERATION METHOD, AND STORAGE MEDIUM - e and n are public information and d is private information. An electronic signature is generated based on a calculated value of e×d mod n. A signature generation apparatus | 07-11-2013 |
20130185563 | Multiple System Images for Over-The-Air Updates - In one embodiment, a mobile device performs an over-the-air firmware update by writing the updated firmware to a inactive system image partition, and rebooting the device. The security of the OTA update is maintained through checking a plurality of security signatures in an OTA manifest, and the integrity of the data is maintained by checking a hash value of the downloaded system image. | 07-18-2013 |
20130185564 | SYSTEMS AND METHODS FOR MULTI-LAYERED AUTHENTICATION/VERIFICATION OF TRUSTED PLATFORM UPDATES - In accordance with the present disclosure, a system and method for multilayered authentication of trusted platform updates is described. The method may include storing first cryptographic data in a personality module of an information handling system, with the first cryptographic data corresponding to a verified firmware component. A second cryptographic data may also be determined, with the second cryptographic data corresponding to an unverified firmware component. The unverified firmware component may be stored in a memory element of the information handling system, and the second cryptographic data may be determined using a processor of the information handling system. The method may further include determining if the first cryptographic data matches the second cryptographic data and updating firmware in the information handling system with the unverified firmware component if the first cryptographic data matches the second cryptographic data, and the unverified firmware component includes a digital signature of a manufacturer. | 07-18-2013 |
20130185565 | Efficient, High Volume Digital Signature System for Medical and Business Applications - The system relates to a method for collecting signatures from pre-validated signers. In one aspect of the method, a pre-validated signer's signature is affixed to an electronic document in an appropriate location after the pre-validated signer authorizes the use of his or her signature. | 07-18-2013 |
20130191641 | CAPTCHA (COMPLETELY AUTOMATED PUBLIC TEST TO TELL COMPUTERS AND HUMANS APART) DATA GENERATION METHODS AND RELATED DATA MANAGEMENT SYSTEMS AND COMPUTER PROGRAM PRODUCTS THEREOF - CAPTCHA (Completely Automated Public Test to tell Computers and Humans Apart) data generation methods for use in an electronic device and related management systems are provided. First, the electronic device determines a first data set according to at least one first data corresponding to an operation to be performed, wherein the first data represents sensitive data corresponding to the operation. Then, the electronic device generates a group of CAPTCHA data corresponding to the first data set according to the first data. The electronic device may be a server or a client. When the electronic device is the client, the client obtains at least one generation module from the server to determine the first data set, and generate the CAPTCHA data. In some embodiments, during a data transmission procedure, the client performs the operation with the server using the CAPTCHA data. | 07-25-2013 |
20130191642 | NESTED DIGITAL SIGNATURES WITH CONSTANT FILE SIZE - A system and method are provided for implementing a digital signature scheme for embedding and validating multiple nested digital signatures in digitally produced documents without modifying a file size of the digitally produced and signed documents or otherwise corrupting previously-embedded digital signatures. A number of fixed fields are included in a digitally produced document, upfront, that will be populated with multiple digital signatures. With the fixed fields in the digitally produced documents, the entire file is cryptographically “hashed” and the individual digital signatures are independently verifiable via simple cryptographic schemes. Multiple digital signatures are embedded in documents including complex file formats in a manner that does not corrupt the documents. Known cryptographic techniques such as, for example, a known hash algorithm, are applied to the digitally produced documents including the multiple sequentially input digital signatures in a process that is independently verifiable. | 07-25-2013 |
20130191643 | ESTABLISHING A CHAIN OF TRUST WITHIN A VIRTUAL MACHINE - According to an aspect of an embodiment, a method of establishing a chain of trust into a virtual machine on a hardware system is described. The method may include measuring an immutable portion of a virtual machine image configured to instantiate as the virtual machine to generate a trust anchor measurement. The method may also include storing the trust anchor measurement in a sealed memory. | 07-25-2013 |
20130191644 | SYSTEMS AND METHODS FOR WATERMARKING SOFTWARE AND OTHER MEDIA - Systems and methods are disclosed for embedding information in software and/or other electronic content such that the information is difficult for an unauthorized party to detect, remove, insert, forge, and/or corrupt. The embedded information can be used to protect electronic content by identifying the content's source, thus enabling unauthorized copies or derivatives to be reliably traced, and thus facilitating effective legal recourse by the content owner. Systems and methods are also disclosed for protecting, detecting, removing, and decoding information embedded in electronic content, and for using the embedded information to protect software or other media from unauthorized analysis, attack, and/or modification. | 07-25-2013 |
20130191645 | MANAGING SECURE CONTENT IN A CONTENT DELIVERY NETWORK - A system, method, and computer readable medium for managing secure content by CDN service providers are provided. A network storage provider stores one or more resources on behalf of a content provider. A CDN service provider obtains client computing device requests for secure content. Based on processing first signature information, the CDN service provider determines whether the secure content is available to the client computing device. If the CDN service provider does not maintain the requested content, the CDN service provider transmits a request to the network storage provider. Based on second signature information and an identifier associated with the CDN service provider, the network storage provider processes the request based policy information associated with the identifier. | 07-25-2013 |
20130191646 | SYSTEM FOR EXCHANGING DATA BETWEEN AT LEAST ONE SENDER AND ONE RECEIVER - The invention relates to a system for exchanging data between at least one sender and one receiver, such as a central server, by means of a data transmission network of Internet type, this system comprising means for encrypting/decrypting the data exchanged. The senders and the receiver comprise generators of encryption/decryption keys, which generators are synchronized to generate new keys for message encryption/decryption with each dispatching of a new message from the sender to the receiver. | 07-25-2013 |
20130212396 | Methods and Systems for State Synchronization Over a Non-Reliable Network Using Signature Processing - Systems and methods for facilitating confirmation of completion of a transaction(s) for state synchronization over a non reliable network using signature processing are described. One of the methods includes receiving a read request from a first client, sending a last known signature with a context object to the first client in response to receiving the read request, and receiving an appended signature from the first client with a context object for a transaction at the first client. The appended signature includes the last known signature and an increment by the first client. The operation of receiving the appended signature occurs upon execution of the transaction at the first client. The method further includes updating the last known signature to the appended signature and sending the updated last known signature to the first client to facilitate marking of the transaction as complete resulting in a definitive state synchronization. | 08-15-2013 |
20130212397 | APPARATUS AND METHOD FOR INCORPORATING SIGNATURE INTO ELECTRONIC DOCUMENTS - “Embodiments relate to methods and apparatus for facilitating the protection from tampering of an electronic document to which an electronic signature is applied. In non-limiting examples, techniques may relate to the handling of document appearance data, dynamic signature biometric data, digital footprints data, pixel history data, and camera-acquired image data.” | 08-15-2013 |
20130212398 | METHOD AND SYSTEM FOR VALIDATING A DEVICE THAT USES A DYNAMIC IDENTIFIER - A method that comprises obtaining a currently received signature from a device; obtaining a candidate identifier associated with the device; consulting a database to obtain a set of previously received signatures associated with the candidate identifier; and validating the currently received signature based on a comparison of the currently received signature to the set of previously received signatures associated with the candidate identifier. Also, a method that comprises obtaining a currently received signature from a device; decrypting the currently received signature to obtain a candidate identifier; and a candidate scrambling code; consulting a database to obtain a set of previously received scrambling codes associated with the candidate identifier; and validating the currently received signature based on a comparison of the candidate scrambling code to the set of previously received scrambling codes associated with the candidate identifier. | 08-15-2013 |
20130219182 | SCALABLE WATERMARK INSERTION FOR FRAGMENTED MEDIA STREAM DELIVERY - A media stream is delineated into multiple fragments. Different watermark variants of individual fragments are generated. Particular sequences of watermark variants are selected for particular clients and maintained in a user access database. Analyzing media streams allows determination of the sequences of watermark variants and identification of particular clients intended to receive the media streams. Fragments can continue to be cached efficiently and unique watermarks need not be generated for each individual client. | 08-22-2013 |
20130219183 | VALlDATING A SYSTEM WITH MULTIPLE SUBSYSTEMS USING TRUSTED PLATFORM MODULES AND VIRTUAL PLATFORM MODULES - Software validation is provided for a breakout system having multiple subsystems at the edge of a mobile data network. The software validation utilizes one or more trusted platform modules (TPM) to secure multiple subsystems including virtual machines in the breakout system. Hash values for the software in the various subsystems are placed in Platform Configuration Registers (PCRs) of the TPM. The TPM cryptographically signs quotes, which are a collection of hash values from the PCRs. The breakout system produces an extensible markup language (XML) file with the signed quotes related to the subsystems and sends them to a network management system for verification. The network management system validates the software configured on the breakout system using a public key to access the quotes and compares the values to known good values stored in an inventory record associated with the specific breakout system being validated. | 08-22-2013 |
20130219184 | METHOD AND SYSTEM FOR SECURE ELECTRONIC SIGNING - Disclosed is a method for secure electronically signing a document, which comprises: reading the document to be signed by an application; presenting a graphical representation of said document to a user; and accepting the document to be signed by the user. The method also comprises: at a server, computing a hash function, an extended validation function for the hash and a readable summary function of the to-be-signed document; from the server, sending the hash function and the extended validation function for the hash to the application and to a signing device; from said the server, sending said hash function and the readable summary function of the to-be-signed document to a secondary device. | 08-22-2013 |
20130219185 | AUTHENTICATION DEVICE, AUTHENTICATION METHOD, PROGRAM, AND SIGNATURE GENERATION DEVICE - Provided is an authentication device including a key setting unit for setting a multi-order polynomial u | 08-22-2013 |
20130227293 | Method For Watermarking Content - The disclosure relates to processing content with watermarks to generate watermarked versions. In some aspects, each version may be different. Groups of fragments may be combined to generate a unique stream by pulling fragments from two or more of the groups of fragments. Further, fragmenting may be performed before watermarking, and fragments may be pulled and watermarked upon request. | 08-29-2013 |
20130227294 | COMMUNICATION PROTOCOL FOR SECURE COMMUNICATIONS SYSTEMS - A method and apparatus for authenticating a key management message within a secure communication system is provided herein. During operation, a digital signature for message authentication of a Project 25 Key Management Message (KMM) is utilized. In particular, the digital signature will be used to authenticate the KMM in scenarios where there is no Message Authentication Code (MAC). The MAC will be utilized to authenticate the KMM when available. Because authentication of KMMs take place, even when no MAC is available, it becomes increasingly more difficult to tamper or spoof the delivery of encryption keys. | 08-29-2013 |
20130227295 | WATERMARK GENERATOR, WATERMARK DECODER, METHOD FOR PROVIDING A WATERMARK SIGNAL IN DEPENDENCE ON BINARY MESSAGE DATA, METHOD FOR PROVIDING BINARY MESSAGE DATA IN DEPENDENCE ON A WATERMARKED SIGNAL AND COMPUTER PROGRAM USING A DIFFERENTIAL ENCODING - A watermark generator for providing a watermark signal in dependence on binary message data includes an information processor configured to provide, in dependence on information units of the binary message data, a first time-frequency domain representation, values of which represent the binary message data. The watermark generator also includes a differential encoder configured to derive a second time-frequency domain representation from the first time-frequency-domain representation, such that the second time-frequency-domain representation includes a plurality of values, wherein a difference between two values of the second time-frequency-domain representation represents a corresponding value of the first time-frequency-domain representation, in order to obtain a differential encoding of the values of the first time-frequency-domain representation. The watermark generator also includes a watermark signal provider configured to provide the watermark signal on the basis of the second time-frequency-domain representation. | 08-29-2013 |
20130227296 | VIRTUAL MACHINE OPERATION SECURITY SYSTEM AND METHOD - In a virtual machine (VM) operation security method, a control computer generates an asymmetric key pair that include a private key and a public key for a client computer. The public key is stored in a first storage system of the control computer and the asymmetric key pair are stored to a second storage system of a client computer. The client computer electronically signs a specific parameter of a VM in the control computer using the private key, and generates an instruction of performing an operation to the virtual machine. The control computer receives the instruction, verifies the electronically signed specific parameter in the instruction, and performs the operation to the virtual machine according to a verification result. | 08-29-2013 |
20130227297 | Small public-key based digital signatures for authentication - Embodiments disclosed allow authentication between two entities having agreed on the use of a common modulus N. The authentication includes generating a pseudorandom string value; generating a public key value based on the modulus N and the pseudorandom string value; generating a private key value corresponding to the public key value; receiving a verifier's public key value; generating a shared secret value based on the modulus N, the private key value and the verifier's public key value; calculating an authentication signature value using the shared secret value; and transmitting the authentication signature value for authentication. When the authentication signature is received, the public key value and the shared value are generated to calculate an authentication signature value. Thereafter, the authentication signature values are compared and authenticated. | 08-29-2013 |
20130232340 | WATERMARK GENERATOR, WATERMARK DECODER, METHOD FOR PROVIDING A WATERMARK SIGNAL, METHOD FOR PROVIDING BINARY MESSAGE DATA IN DEPENDENCE ON A WATERMARKED SIGNAL AND A COMPUTER PROGRAM USING IMPROVED SYNCHRONIZATION CONCEPT - A watermark generator for providing a watermark signal in dependence on binary message data, the watermark generator has an information spreader configured to spread an information unit to a plurality of time-frequency-domain values, to obtain a spread information representation. The watermark generator also has a synchronization inserter configured to multiplicatively combine the spread information representation with a synchronization sequence to obtain a combined information-synchronization representation. The watermark generator also has a watermark signal provider configured to provide the watermark signal on the basis of the combined information-synchronization representation. A watermark decoder, methods and computer programs are also described. | 09-05-2013 |
20130238903 | SERVICE PROVISION METHOD - A method of providing a service from a service provider to users is described. The method comprises: a step of generating an electronic signature on a first information provided by a user with a secret key of the service provider and providing the electronic signature to the user, a step of receiving a request for the service together with information identifying the first information item from a user and accepting this request if it is justifiable; a step of receiving, if the request is accepted, a second information item from the user; a step of determining whether or not there is a predetermined relationship between the first information item and the second information item; and a step of performing, if there is the predetermined relationship, a necessary procedure for providing the service by the use of an information processing device; and a step of saving the second information item even after providing the service as an evidence that the service has been provided. | 09-12-2013 |
20130246795 | SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR ALLOWING CONTENT TRANSFER BASED ON A SIGNATURE AND A CONTEXT THEREOF - A system, method, and computer program product are provided for conditionally allowing a transfer of content, based on a signature and a context. In operation, a signature for content is identified. In addition, a context of an attempt to transfer the content is identified. Furthermore, the transfer is conditionally allowed, based on the signature and the context. | 09-19-2013 |
20130246796 | SYSTEM AND METHOD FOR SECURING DATABASE ACTIVITY - A method is provided in one example embodiment that includes detecting database activity associated with a statement having a signature, validating the signature; and evaluating the statement as a signed statement if the signature is valid. In more particular embodiments, the signature may include a unique script identifier and a hash function of a shared key. In yet other embodiments, validating the signature may include checking a session variable and comparing the statement to a list of signed statements. | 09-19-2013 |
20130246797 | APPARATUS AND METHOD FOR ELECTRONIC SIGNATURE VERIFICATION - An apparatus for electronic signature verification, including a grouping unit to group, into at least one group, a plurality of kernels included in an application to which electronic signature verification is to be performed, and an electronic signature verification unit to perform electronic signature verification with respect to the at least one group. | 09-19-2013 |
20130246798 | METHOD FOR SECURING MESSAGES - There is provided a method for secure communications. The method comprises receiving a transmission comprising a signature of a broadcast message at a communication device, and verifying the signature using a certificate. | 09-19-2013 |
20130246799 | Providing Differential Access to a Digital Document - In a method for providing differential access to a digital document among workflow participants, in which at least one of the workflow participants is outside of a common secure environment ( | 09-19-2013 |
20130246800 | Enhancing Security of Sensor Data for a System Via an Embedded Controller - System and method for securing sensor data in a computer system that includes a host processor and memory that stores an operating system, and an embedded controller coupled to the host processor. The embedded processor receives sensor data for a user from at least one sensor, and encrypts and/or digitally signs the sensor data, thereby generating protected sensor data, or performs pattern recognition on the sensor data, thereby generating user identification data. The embedded processor then sends the protected sensor data or the user identification data to the operating system or another process coupled to the computer system. The protected sensor data or the user identification data are used for secure transmission of the sensor data. | 09-19-2013 |
20130254545 | METHOD, SYSTEM AND APPARATUS FOR TRANSMITTING DIGITAL CONTENTS - The present disclosure describes methods, systems, and apparatuses for transmitting digital content to improve the success ratio of the transmission. The method may include: receiving a resource request transmitted from a first client terminal; searching in stored digital objects and stored certificate files for a first digital object and a first certificate file matching the resource request, respectively; and transmitting the first digital object and the first certificate file to the first client terminal to enable the first client terminal to decrypt the received digital object using the received first certificate file to obtain corresponding digital content. | 09-26-2013 |
20130254546 | Methods for Identifying the Guarantor of an Application - Third-party applications for platforms are linked to identified individuals that guarantee the security of the applications. The linkage is achieved by acquiring one or more biometric records of the individual guarantor, storing those records as a signature in a database, assigning a unique identifier to the signature, and embedding that unique identifier in the executable file of the application. The signature of the guarantor can be compared to other stored signatures of other guarantors to check for individuals posing under multiple aliases. The signature of a guarantor linked to a malicious application can be flagged so that a subsequent application guaranteed by the same individual can be disapproved. | 09-26-2013 |
20130262870 | IMAGE PROCESSING DEVICE AND IMAGE DATA TRANSMISSION METHOD - An image processing device includes: a reading unit to read information stored in a detachable storage medium; a transmission unit to transmit image data outwardly; a determination unit to determine, in a case where the transmission unit transmits the image data, whether or not the information stored in the detachable storage medium is necessary; and a control unit to execute, in a case where the determination unit determines that the information stored in the detachable storage medium is necessary, control to maintain a state capable of reading the information stored in the detachable storage medium until the reading unit reads from the detachable storage medium the information necessary to transmit the image data. | 10-03-2013 |
20130268763 | SYSTEMS AND METHODS FOR IMPLEMENTING SECURITY IN A CLOUD COMPUTING ENVIRONMENT - Computer systems and methods are provided in which an agent executive, when initially executed in a virtual machine, obtains an agent API key from a user. This key is communicated to a grid computer system. An agent identity token, generated by a cryptographic token generation protocol when the key is valid, is received from the grid and stored in a secure data store associated with the agent executive. Information that evaluates the integrity of the agent executive is collected using agent self-verification factors. The information, encrypted and signed with a cryptographic signature, is communicated to the grid. Commands are sent from the grid to the agent executive to check the security, compliance, and integrity of the virtual machine processes and data structures. Based on these check results, additional commands are sent by the grid to the agent executive to correct security, compliance or integrity problems and/or to prevent security compromises. | 10-10-2013 |
20130275761 | PROCESSING MESSAGES RECEIVED AT A VEHICLE - A system and method for processing messages received at a vehicle. The method carried by the system involves wirelessly receiving at a vehicle a first communication message having secure credentials and a message signature for a second communication message. Then, the vehicle authenticates the first communication message via its secure credentials. Later, the vehicle wirelessly receives the second communication message and validates this second message using the message signature from the first message. In response to the validation, the second message is processed at the vehicle. | 10-17-2013 |
20130275762 | SYSTEM FOR, AND METHOD OF, PROVIDING THE TRANSMISSION, RECEIPT AND CONTENT OF AN E-MAIL MESSAGE TO A RECIPIENT - A server transmits a message and attachments from a sender to a recipient. A hash is provided of (a) the message, (b) an identification of the sender and (c) a hash of the attachments to form a data string. Instructions may be included for the recipient to send a hashed encryption of the string to a website at the server by registered electronic mail which provides options to obtain other electronic advantages. | 10-17-2013 |
20130275763 | APPARATUS AND METHOD FOR DIGITAL SIGNATURE AUTHENTICATION - A digital signature authentication method and a digital signature authentication apparatus are provided in which a digital signature received from a user is structured and embedded into an agreement information file so that the digital signature may be managed safely and effectively. The method includes displaying an agreement information file and receiving the digital signature from a user; extracting signature data from the digital signature; and embedding the signature data into the agreement information file. | 10-17-2013 |
20130283054 | SYSTEM , METHOD AND APPARATUS FOR OPTIMIZING WIRELESS COMMUNICATIONS OF SECURE E-MAIL MESSAGES WITH ATTACHMENTS - A system, method and apparatus are provided for secure e-mail message attachment optimization. Content attached to e-mail messages may not be suited to the resource constraints of the destination wireless device. In secure e-mail messages, the message may be signed and/or encrypted. A wireless server can determine resource parameters associated with a destination wireless device, such as display resolution, memory capacity, processor speed, and wireless interface constraints and re-scale the attached content to be optimized for delivery and presentation on the wireless device. | 10-24-2013 |
20130283055 | VIRTUAL WORLD EMBEDDED SECURITY WATERMARKING - A method, apparatus, and program product are provided for using watermarks to embed security features on avatars in a virtual world. A watermark engine receives security information for an avatar in a virtual world. The watermark engine creates a watermark for the avatar using the security information and associates the watermark with the avatar. The watermark may comprise at least one of: security preferences for the avatar, contact information for an owner of the avatar, and graphical information to cause alteration of the avatar when the avatar is recorded. | 10-24-2013 |
20130283056 | PROVIDING SECURITY SERVICES ON THE CLOUD - Embodiments are directed to the providing a cloud keying and signing service and to securing software package distribution on the cloud. In an embodiment, a computer system instantiates a signing service configured to sign software packages. The computer system receives a signing request from a computer user requesting that a selected software package be signed. The signing request includes a computed hash of the selected software package. The computer system generates a private and public key pair on behalf of the computer user and stores the private key of the generated key pair in a secure data store. | 10-24-2013 |
20130290725 | METHOD AND APPARATUS FOR ONE-STEP SIGNATURE TRUST FOR DIGITALLY-SIGNED DOCUMENTS - A computer implemented method and apparatus for one-step signature trust of digitally signed documents comprising determining whether a digital signature is otherwise valid except for a lack of trust in a digital certificate; offering a recipient an option to establish trust in the digital certificate; and adding the digital certificate to a list of the recipient's trusted digital certificates when recipient opts to establish trust. | 10-31-2013 |
20130290726 | METHODS FOR SECURE RESTORATION OF PERSONAL IDENTITY CREDENTIALS INTO ELECTRONIC DEVICES - A method and system for securely enrolling personal identity credentials into personal identification devices. The system of the invention comprises the manufacturer of the device and an enrollment authority. The manufacturer is responsible for recording serial numbers or another unique identifier for each device that it produces, along with a self-generated public key for each device. The enrollment authority is recognized by the manufacturer or another suitable institution as capable of validating an individual before enrolling him into the device. The enrollment authority maintains and operates the appropriate equipment for enrollment, and provides its approval of the enrollment. The methods described herein discuss post-manufacturing, enrollment, backup, and recovery processes for the device. | 10-31-2013 |
20130297941 | METHODS AND SYSTEMS FOR ENCODING AND PROTECTING DATA USING DIGITAL SIGNATURE AND WATERMARKING TECHNIQUES - Systems and methods are provided for determining a presence of a watermark in electronic data. In certain embodiments, a plurality of keys is generated, and a plurality of payloads are retrieved from electronic data using the keys. A statistical indicia of randomness is generated based on the payloads, and the presence of a watermark is determined when the indicia is below a threshold. | 11-07-2013 |
20130297942 | METHODS FOR IDENTIFYING AUDIO OR VIDEO CONTENT - The disclosed technology generally relates to methods for identifying audio and video entertainment content. Certain shortcomings of fingerprint-based content identification can be redressed through use of human-reviewers in a social networking site environment. | 11-07-2013 |
20130305052 | SYSTEM AND METHOD FOR OBTAINING AND SHARING MEDIA CONTENT - A device initialization method includes generating a license request for a personal media device. A timeout indicator may be obtained for a subscription associated with the personal media device. The license request and the timeout indicator may be combined to form a device license for the personal media device. The device license may be digitally-signed to form a signed device license. | 11-14-2013 |
20130305053 | SYSTEMS, METHODS, AND APPARATUS TO AUTHENTICATE COMMUNICATIONS MODULES - In one implementation, a communications module includes a host interface, a communications link interface, a memory, and a processor operatively coupled to the host interface, to the communications link interface, and to the memory. The memory includes a signature based on a data set and a private key of a key pair. The processor provides the data set and the signature via the host interface. | 11-14-2013 |
20130311780 | METHODS AND APPARATUS TO MEASURE EXPOSURE TO STREAMING MEDIA - Methods and apparatus to measure exposure to streaming media are disclosed herein. An example method includes identifying metadata from media. The media is converted into converted media having a streaming format. The converted media is encrypted using an encryption key. A manifest is created in association with the converted media, the manifest identifying a first location of the encrypted media and a second location of a decryption key. | 11-21-2013 |
20130311781 | APPARATUS AND METHOD FOR CONTENT ENCRYPTION AND DECRYPTION BASED ON STORAGE DEVICE ID - An apparatus and method for encrypting content based on an identifier (ID) of a storage device and a decrypting apparatus and method corresponding thereto. The content recording device includes a storage device interface to receive a first primitive ID and a second primitive ID to identify first and second portions provided in a storage device from the storage device, and a processor to generate a media ID that is a unique ID of the storage device using the first primitive ID and the second primitive ID and to encrypt one or more contents using an encryption key generated using the media ID, wherein the storage device interface provides the content encrypted by the processor to the storage device. | 11-21-2013 |
20130311782 | Packet Validation Using Watermarks - Methods and systems are disclosed for providing secure transmissions across a network comprising a transmitting device and a receiving device. At the transmitting device, a stream of watermark bits is generated. Next, a plurality of watermarks is generated, each of the plurality of watermarks comprising an index number and a portion of the stream of watermark hits. The watermarks are inserted, into each header of a plurality of outgoing packets. At the receiving device, the plurality of outgoing packets are received and it is determined if a received packet is valid based on the watermark in the header of the received packet. The stream of watermark bits may be generated using a stream cipher such as RC4, a block cipher such as 3DES in CBC mode, or other equivalent pseudo-random stream generating techniques. | 11-21-2013 |
20130311783 | MOBILE RADIO DEVICE-OPERATED AUTHENTICATION SYSTEM USING ASYMMETRIC ENCRYPTION - An approach for signing messages and checking the authenticity of the sender at the receiver is disclosed. For this purpose, a mobile communication network is expanded by a signature function. The transmitted message packet comprises the message and a signature of the message encrypted with a secret key. The mobile radio communication number of the transmitting device is preferably used as the public key. The receiver can check the authenticity of the message by employing a decryption method. | 11-21-2013 |
20130318356 | DISTRIBUTION OF DIGITAL CONTENT PROTECTED BY WATERMARK-GENERATING PASSWORD - A receiver receives digital content scrambled using a control word and a user code for the scrambled content. A user inputs the user code that is forwarded to a code extractor that generates the control word and a user identifier from it. The control word is sent to a descrambler, a watermark information generator and a visible watermark insertion unit. The descrambler descrambles the scrambled content using the control word, an invisible watermark insertion unit inserts invisible watermark information obtained from the watermark information generator into the descrambled content and the visible watermark insertion unit inserts the user identifier as a visible watermark. Also provided are a corresponding method for processing digital content and a method and a device for generating the user code. | 11-28-2013 |
20130318357 | System and Method for Secure Software Update - A secure software update provides an update utility with an update definition, a private encryption key and a public signature key to a target device. A software update package is prepared on portable media that includes an executable update program, a checksum for the program that is encrypted with a symmetrical key, an encrypted symmetrical key that is encrypted with a public encryption key and a digital signature prepared with a private signature key. The update process authenticates the digital signature, decrypts the symmetrical key using the private encryption key, and decrypts the checksum using the symmetrical key. A new checksum is generated for the executable update program and compared to the decrypted checksum. If inconsistencies are detected during the update process, the process is terminated. Otherwise, the software update can be installed with a relatively high degree of assurance against corruption, viruses and third party interference. | 11-28-2013 |
20130326224 | System and Method for Message Verification in Broadcast and Multicast Networks - In a network device, a method for verified communication includes generating a network communication message using a selection of predetermined message elements having digital signatures generated with a private key. The network device generates a signature for the message by applying a homomorphic operation to the digital signatures of the selected predetermined message elements and to a one-time signature corresponding to a random number. The network device transmits the message in association with the signature for the message and the random number to at least one other network device. | 12-05-2013 |
20130326225 | LONG-TERM SIGNATURE TERMINAL, LONG-TERM SIGNATURE SERVER, LONG-TERM SIGNATURE TERMINAL PROGRAM, AND LONG-TERM SIGNATURE SERVER PROGRAM - A client terminal | 12-05-2013 |
20130326226 | INFORMATION PROCESSING DEVICE AND INFORMATION PROCESSING PROGRAM - A long-term signature registration system | 12-05-2013 |
20130339741 | AUTHENTICATION METHOD - According to one embodiment, a authentication method comprising: generating a second key by the first key, the first key being stored in a memory and being prohibited from being read from outside; generating a session key by the second key; generating first authentication information, the secret identification information stored in a memory and being prohibited from being read from outside; transmitting encrypted secret identification information to an external device and receiving second authentication information from the external device, the encrypted secret identification information stored in a memory and readable, the second authentication information generated based on the encrypted secret identification information; and determining whether the first authentication information and the second authentication information match. | 12-19-2013 |
20130339742 | SYSTEMS, METHODS AND APPARATUSES FOR SECURE TIME MANAGEMENT - The systems, methods and apparatuses described herein provide a computing environment that includes secure time management. An apparatus according to the present disclosure may comprise a non-volatile storage to store a synchronization time and a processor. The processor may be configured to generate a request for a current time, transmit the request to a trusted timekeeper, receive a digitally signed response containing a current, real-world time from the trusted timekeeper, verify the digital signature of the response, verify that the response is received within a predefined time, compare a nonce in the request to a nonce in the response, determine that the current, real-world time received from the trusted timekeeper is within a range of a current time calculated at the apparatus and update the synchronization time with the current, real-world time in the response. | 12-19-2013 |
20130339743 | MESSAGE SENDING/RECEIVING METHOD - Provided is a message sending method for sending a message by a process of a computer including a processor and a memory. The method includes the steps of: randomizing a signature generation key sk_s with a random number r to calculate a randomized signature generation key sk′_s=SigningKeyRandomize(sk_s, r); encrypting the random number r with a public encryption key pk_e to calculate an encrypted random number R=Enc(pk_e, r); signing a message m with the randomized signature generation key sk′_s to calculate a signed message s′=Sign(sk′_s, m); and sending the signed message s′ and the encrypted random number R to a recipient, where sk_s represents the secret signature generation key of a sender of the message m, pk_e represents the public encryption key of the recipient, r represents the random number, s represents a signature, Sign represents a signature generation function, s=Sign(sk_s, m) represents a signature for the message m, SigningKeyRandomize represents a function for randomizing the secret signature generation key sk_s, and Enc represents an encryption function. | 12-19-2013 |
20130346755 | Homomorphic Signatures and Network Coding Signatures - The subject disclosure is directed towards a technology by which data is securely distributed using a homomorphic signature scheme and homomorphic network coding signature schemes. A homomorphic signature scheme for signing the data is based upon binary pairing with standard prime order groups. Sets of data are signed based upon dividing a larger block of data into smaller blocks, and separately signing each smaller block. The smaller blocks may be distributed to nodes of a network topology that are configured for network coding. In one alternative, the homomorphic signature scheme protects against changes to the block identifier. Proof data may be provided independent of a random oracle, may be provided by providing parameters for verification in a Groth-Sahai proof system, or may be provided by providing parameters for verification independent of a Groth-Sahai proof system. | 12-26-2013 |
20140006789 | DEVICES, SYSTEMS, AND METHODS FOR MONITORING AND ASSERTING TRUST LEVEL USING PERSISTENT TRUST LOG | 01-02-2014 |
20140006790 | METHOD AND APPARATUS FOR WATERMARKING AN AC-3 ENCODED BIT STREAM | 01-02-2014 |
20140006791 | SYSTEMS AND METHODS USING CRYPTOGRAPHY TO PROTECT SECURE COMPUTING ENVIRONMENTS | 01-02-2014 |
20140013119 | DOCUMENT MODIFICATION DETECTION AND PREVENTION - Methods and apparatus, including computer program products, implementing and using techniques for document authentication. An electronic document is presented to a user. The electronic document has data representing a signed state and a current state. A disallowed difference between the signed state and the current state is detected, based on one or more rules that are associated with the electronic document. A digital signature associated with the electronic document is invalidated in response to the detecting. | 01-09-2014 |
20140013120 | Method, Device and System for Protecting Multimedia Data of Multimedia Message - The present disclosure provides a method, device and system for protecting multimedia data of a multimedia message. By performing digital watermark encryption of the multimedia data in the multimedia message at a sender of the multimedia message and performing digital watermark decryption of the multimedia data in the multimedia message at a receiver of the multimedia message, the encryption protection over the multimedia data in the multimedia message is strengthened, thus implementing the protection over an intellectual property of a user of a terminal, and improving the level and capacity of protection over the intellectual property of the user. | 01-09-2014 |
20140013121 | METHOD AND DEVICE FOR STORING SECURED SENT MESSAGE DATA - Methods and devices for storing sent message data are described. The sent message data corresponds to a message sent to a destination by a communication device via a server. The method includes compiling a first portion of the message which has a plurality of components; applying security encoding to the first portion; and storing the first portion. The first portion includes at least one but not all of the plurality of components in the message, and pointers to the components not included in the first portion. A method of verifying sent message data on a communication device is also described. | 01-09-2014 |
20140019761 | SELF-CONTAINED ELECTRONIC SIGNATURE - Techniques for providing a self-contained electronic signature are disclosed. In some embodiments, techniques for providing a self-contained electronic signature include recording an audit trail for a plurality of events associated with an electronic signature of an electronic document; embedding the audit trail in the electronic document; and digitally signing the electronic document, in which the electronic document including the embedded audit trail and the electronic signature are secured by the digital signature. In some embodiments, the audit trail is embedded in metadata of the electronic document, a body of the electronic document, or both the metadata and body of the electronic document. In some embodiments, digitally signing the electronic document includes a certifying signature provided by a service provider of an electronic signature service. | 01-16-2014 |
20140019762 | Method, Process and System for Digitally Signing an Object - The invention comprises a method of auditing an object signing by creating security events throughout the signature process, including a security event that captures the identity of the signer and any anomalies associated with the signing process. The signature process may include multi-factor authentication, a policy engine that establishes the signer's authority and rights, and compliance checks that ensure the object's readiness for signature. The digital certificate used to sign the object may be stored on the cloud, locally, remotely, or on a hardware token. | 01-16-2014 |
20140019763 | METHODS AND APPARATUS FOR AUTHENTICATION - Message authentication in an ad-hoc network. Upon creation of a message, a message authentication code is created using a key shared with members of a group comprising a subset of nodes of the ad-hoc network. The message authentication code may be created using a cryptographic process having the message and a message identifier as inputs. After or in parallel with broadcast of the message, a pointer to the message is broadcast. The message authentication code is publicly broadcast and those members of the group among which the key has been shared are able to authenticate the message as coming from a particular sender. | 01-16-2014 |
20140019764 | METHOD FOR SIGNING AND VERIFYING DATA USING MULTIPLE HASH ALGORITHMS AND DIGESTS IN PKCS - Methods, systems, and apparatuses are disclosed for signing and verifying data using multiple hash algorithms and digests in PKCS including, for example, retrieving, at the originating computing device, a message for signing at the originating computing device to yield a signature for the message; identifying multiple hashing algorithms to be supported by the signature; for each of the multiple hashing algorithms identified to be supported by the signature, hashing the message to yield multiple hashes of the message corresponding to the multiple hashing algorithms identified; constructing a single digest having therein each of the multiple hashes of the messages corresponding to the multiple hashing algorithms identified and further specifying the multiple hashing algorithms to be supported by the signature; applying a signing algorithm to the single digest using a private key of the originating computing device to yield the signature for the message; and distributing the message and the signature to receiving computing devices. Other related embodiments are disclosed. | 01-16-2014 |
20140019765 | DEVICE AND METHOD FOR ONLINE STORAGE, TRANSMISSION DEVICE AND METHOD, AND RECEIVING DEVICE AND METHOD - The invention relates to a device and a method for online storage, device and method for searching for similar content, a device and a method of transmission and a device and a method. | 01-16-2014 |
20140019766 | Signature Generation and Verification System and Signature Verification Apparatus - A signature generation and verification system including a signature generation apparatus and a signature verification apparatus is provided. Based on signer certification information possessed by a signer, the signature generation apparatus generates a digital signature and verification data corresponding to a given electronic document and outputs the set of the digital signature and the verification data as signature data. Upon receipt of the electronic document and the signature data, the signature verification apparatus verifies the digital signature using the verification data to verify the integrity of the electronic document. As needed, the signature verification apparatus performs user identification ex-post facto by authenticating that the signer certification information from which the verification data was generated belongs to a legitimate user without knowledge of the signer certification information. | 01-16-2014 |
20140019767 | CONTENT SEGMENTATION OF WATERMARKING - The invention relates to a computer-implemented method for providing a data stream comprising a plurality of content elements. At least one of two or more copies of a first content element of the data stream has been watermarked with a different watermark. The method includes watermarking at least one of two or more copies of a second content element with a different watermark. In a rendering order of the data stream, the second content element is at an interval equal to or greater than a watermark interval from the first content element. The watermark interval is set to be sufficiently long so that the output quality of the rendered data stream can either completely recover or at least return to a predetermined acceptable level following the watermarking of the copies of the first content element before watermarking the copies of the next content element. | 01-16-2014 |
20140025954 | INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD, AND COMPUTER PROGRAM PRODUCT - According to an embodiment, an information processing device includes an event processor and a first determining unit. The event processor includes an event detecting unit. The event detecting unit is configured to detect an event and suspend execution of the event. The first determining unit registering unit is configured to register the first determining unit when stored first identification information and identification information of the first determining unit match with each other. The first determining unit includes a second determining unit. The second determining unit registering unit is configured to register a second application as a second determining unit when the verification of a signature of the second application is successful. The event detecting unit cancels suspending of the event and executes the event when the result of determination indicates permission of the execution. | 01-23-2014 |
20140025955 | VERIFYING THE INTEGRITY OF DATA FROM EQUIPMENT ON BOARD A VEHICLE - A method of verifying data integrity performed by on-board equipment in a vehicle, the method comprising:
| 01-23-2014 |
20140032912 | TRUST CONTEXT FOR DOCUMENT SIGNATURES - Apparatus, systems, and methods may operate to access electronic content comprising a document file including document content data, digital signature data, and digital signature trust context data including a previously-stored version number. Additional activities may include executing instructions included in a document processing application to access the digital signature trust context data and to obtain a trusted version number from a digital signature trust settings file, comparing the trusted version number with the previously-stored version number, and indicating the previously-stored version number is not current when the previously-stored version number is not greater than or equal to the trusted version number. Additional apparatus, systems, and methods are disclosed. | 01-30-2014 |
20140032913 | METHODS AND APPARATUS FOR VALIDATING A DIGITAL SIGNATURE - Various embodiments include one or more of systems, methods, software, and data structures for validating a digital signature, wherein common information in a certification chain is maintained in one entry of a Document Secure Store (DSS). The DSS separates the Long Term Validation (LTV) information from the digital signature, allowing amendment of and addition to the LTV information in the DSS after a digital signature is applied to a document. | 01-30-2014 |
20140032914 | POLICY-BASED SIGNATURE AUTHENTICATION SYSTEM AND METHOD - In various example embodiments, a system and method for providing policy-based authentication is provided. in example embodiments, a request to access and sign a document is received from a device of an intended signer. A policy assigned to the intended signer is determined. Based on the policy, a determination is made whether an authentication mechanism is applicable to the intended signer. In response to the determining that the authentication mechanism is applicable to the intended signer, the intended user is required to perform the authentication mechanism. The intended user is provided access to view and sign the document based on the intended user satisfying the authentication mechanism. | 01-30-2014 |
20140032915 | METHOD AND APPARATUS FOR VALIDATING THE INTEGRITY OF INSTALLER FILES PRIOR TO INSTALLATION - A method and apparatus for validating the integrity of computer software installer files prior to installation of computer software comprising: generating at least one signature file for at least one corresponding installer file, the at least one signature file comprising a file name, a file size and a checksum, wherein the checksum is calculated for the corresponding installer file; and packaging the at least one signature file with the corresponding installer file, wherein the checksum in the signature file is used to validate the integrity of the installer file prior to installation of the installer file. | 01-30-2014 |
20140032916 | SECURED FLASH PROGRAMMING OF SECONDARY PROCESSOR - A system and method for securely flashing a controller, where the controller includes at least one main processor and at least one secondary processor, and where the processing duties are distributed between the processors. A programming tool provides a content file to be flashed and a digital signature to the controller. The controller calculates a hash value of the content file, decrypts the digital signature using a public key to generate a decrypted hash value, compares the decrypted hash value to the calculated hash value, and determines that the content file is valid if the decrypted hash code matches the calculated hash value, where one or more of the steps of calculating the hash value, decrypting the digital signature, comparing the decrypted hash value to the calculated hash value and determining that the content file is valid, is performed by the main processor for the secondary processor. | 01-30-2014 |
20140032917 | GROUP SIGNATURE PROCESSING DEVICE FOR PROCESSING A PLURALITY OF GROUP SIGNATURES SIMULTANEOUSLY - A plurality of group signature processes is executed in parallel with a small number of processing devices and small power consumption, without lowering an average response speed. A signature processing device includes subsystems for each type of basic operations included in a signature processing procedure. Each subsystem has a configuration in which one or more basic operation execution units and a dispatcher that monitors operation states thereof and instructs to execute an operation are interconnected. A plurality of signature generation requests or signature verification requests is accepted as a single input, and a plurality of requests is simultaneously processed in parallel. At this time, each subsystem assigns operations in different requests to unoccupied basic operation units and causes the basic operation units to simultaneously execute the operations, without being occupied with a single request. | 01-30-2014 |
20140032918 | METHOD FOR BUIDLING AND TRANSMITTING A WATERMARKED CONTENT, AND METHOD FOR DETECTING A WATERMARK OF SAID CONTENT - The present invention concerns a method for building a watermarked content for sending to at least one user unit having a user unit identifier, the watermarked content comprising a first series of packets, at least some from the first series of packets being available in at least two different qualities, wherein said method comprises the steps of:
| 01-30-2014 |
20140032919 | DOCUMENT DE-REGISTRATION - A document accessible over a network can be registered. A registered document, and the content contained therein, cannot be transmitted undetected over and off of the network. In one embodiment, the invention includes maintaining a plurality of stored signatures in a signature database, each signature being associated with one of a plurality of registered documents. In one embodiment, the invention further includes maintaining the signature database by de-registering documents by removing the signatures associated with de-registered documents. In one embodiment, the invention further includes maintaining the database by removing redundant and high detection rate signatures. In one embodiment, the invention also includes maintaining the signature database by removing signatures based on the source text used to generate the signature. | 01-30-2014 |
20140032920 | Secure Virtual Machine Provisioning - A device and method in a provisioning unit of secure provisioning of a virtual machine on a target platform having a specific configuration is provided. The method comprising: receiving ( | 01-30-2014 |
20140040623 | ETHERNET DECODER DEVICE AND METHOD TO ACCESS PROTECTED CONTENT - The present invention aims to address the issue of deploying costly hardware by proposing a content protection layer with an easy distribution capability to clients. The aim is achieved by an network device for descrambling an access controlled audio/video content stream, said network device being configured to be connected to a network router comprises a memory to store a unique address UA specific to the network device, an network input/output interface, a descrambler to descramble the audio/video content stream, and a watermark engine configured to watermark the descrambled audio/video content stream by applying the unique address. A further object of the invention is a method to access scrambled audio/video content stream in a local or roaming mode by a multimedia reception device connected via an IP network to a network router having an IP port connected to the network device. | 02-06-2014 |
20140052994 | Object Signing Within a Cloud-based Architecture - This invention uses a cloud-based architecture to sign objects by dynamically creating a cloud-based virtual machine with the ability to sign objects, perform network and object isolation, and encrypt and store keys generated by an object signing agent. Multi-user authentication is supported along with mobile access. | 02-20-2014 |
20140059353 | FACILITATING ELECTRONIC SIGNATURES BASED ON PHYSICAL PROXIMITY OF DEVICES - Systems and methods for requesting transmission of a document from a sender device to a signer device, for purposes of obtaining an e-signature from the signer device, are disclosed. In some example embodiments, the systems and methods establish and/or determine a physical proximity between a signer device and a sender device, such as via a handshake between the devices, and a document to be signed is provided to the signer device in response to the established physical proximity. | 02-27-2014 |
20140059354 | Scalable Session Management - Scalable session management is achieved by generating a cookie that includes an encrypted session key and encrypted cookie data. The cookie data is encrypted using the session key. The session key is then signed and encrypted using one or more public/private key pairs. The encrypted session key can be decrypted and verified using the same private/public key pair(s). Once verified, the decrypted session key can then be used to decrypt and verify the encrypted cookie data. A first server having the private/public key pair(s) may generate the cookie using a randomly generated session key. A second server having the same private/public key pair(s) may decrypt and verify the cookie even if the session key is not initially installed on the second server. A session key cache may be used to provide session key lookup to save public/private key operations on the servers. | 02-27-2014 |
20140075197 | METHOD FOR SELECTIVE SOFTWARE ROLLBACK - A system and method for validating a software file to be installed into a controller. The method includes preparing the software file including assigning a software version code to the software file, assigning a security version code to the software file, and signing the software file with the software file version code and the security version code. The signed software file is presented to the controller for installing on the controller and the controller verifies the software file signature to determine if the software file is valid and the security version code is valid. The controller allows the software file to be installed in the controller if both the signed software file is valid and the security version code is valid. | 03-13-2014 |
20140075198 | FULLY AUTHENTICATED CONTENT TRANSMISSION FROM A PROVIDER TO A RECIPIENT DEVICE VIA AN INTERMEDIARY DEVICE - A method, system, and computer readable medium containing programming for handling fully authenticated transmission of video or other data (content) from a provider to a recipient device via an intermediary device. An inner envelope containing the content and/or security features is prepared and digitally signed using a private cryptographic key. The signed inner envelope is then included in a second, outer envelope which may also include some or all of the content. The outer envelope is also digitally signed, thereby forming a data package which may be sent from the provider to the intermediary device. If the signature of the outer envelope is authenticated at the intermediary device, then the inner envelope is sent to the recipient device which then uses the inner signature to verify its authenticity. Authenticated content may then be presented or otherwise used at the recipient device. | 03-13-2014 |
20140075199 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND NON-TRANSITORY COMPUTER-READABLE MEDIUM - There is provided an information processing apparatus including a key selection section configured to select one out of a plurality of different secret keys, in a public key authentication scheme or a digital signature scheme in which each of the plurality of secret keys exists for one public key registered in a verifier, and a process execution section configured to execute, by using the secret key selected by the key selection section, an authentication process with the verifier by the public key authentication scheme or a digital signature generation process to the verifier by the digital signature scheme. | 03-13-2014 |
20140075200 | METHOD FOR MANAGING ELECTRONIC FILE AND ELECTRONIC FILE MANAGEMENT APPARATUS - In accordance with one embodiment, a method for managing an electronic file include creating an electronic signature of a user who is generating an electronic file by encrypting the electronic file using a private key of the user, and embedding the created electronic signature of the user and a public key certificate of the user, in the electronic file. The public key certificate of the user certifying a public key of the user corresponding to the private key of the user and including a link to a certificate list that shows whether or not the public key certificate of the user is valid. | 03-13-2014 |
20140075201 | INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD, AND PROGRAM - There is provided an information processing device including a distribution control unit configured to cause one or two external devices to distributively perform a repetitive process in a process for signature or authentication in which the repetitive process is included, and a processing unit configured to perform the process for signature or authentication using a processing result of each of the external devices. | 03-13-2014 |
20140082366 | MULTI-SYSTEM SECURITY INTEGRATION - In accordance with aspects of the disclosure, a system and methods are provided for managing multi-system security integration by performing state change calls to one or more backend systems by combining a multi-system protection token with a message component for transporting from a user agent to the one or more backend systems for validation by generating an authentication code for proving authenticity of a combined data structure generated by combining a secret cryptographic data key with a portion of the message component and generating a hash code of the combined data structure, generating an arbitrary random number to bind the multi-system protection token to the user agent, and generating the multi-system protection token by combining the authentication code and the arbitrary random number with the message component for transporting from the user agent to the one or more backend systems for validation. | 03-20-2014 |
20140089670 | UNIQUE CODE IN MESSAGE FOR SIGNATURE GENERATION IN ASYMMETRIC CRYPTOGRAPHIC DEVICE - Methods and systems are disclosed for verifying the use of a client device by a host device in a secure system. In one aspect, a method for authenticating a client device includes receiving, by the client device, a message from a host device, accessing, by the client device, a private key and a unique code stored on the client device, where the unique code is different than the private key, generating, by the client device, a digital signature for the message using the private key and the unique code, and providing, by the client device, the digital signature to the host device for verification of the use of the client device by the host device. | 03-27-2014 |
20140095883 | HARDENING OF DIRECT ANONYMOUS ATTESTATION FROM SIDE-CHANNEL ATTACK - Various embodiments are generally directed to hardening the performance of calculations of a digital signature system for authenticating computing devices against side-channel attacks. An apparatus comprises a processor circuit and an interface operative to communicatively couple the processor circuit to a network; a storage communicatively coupled to the processor circuit and arranged to store instructions operative on the processor circuit to digitally sign a message to create a first signature using a modular arithmetic operation arranged to compensate for a value of a variable greater than a modulus without use of a branching instruction; and transmit the first signature to a verifying server via the network. Other embodiments are described and claimed herein. | 04-03-2014 |
20140108809 | Functionality Watermarking and Management - A method, system and non-transitory computer-readable medium product are provided for functionality watermarking and management. In the context of a method, a method is provided that includes identifying a request to perform at least one function of a user device and identifying at least one watermark template. The method further includes applying the at least one watermark template to at least one function of the user device and authorizing the request to perform the at least one function of the user device. | 04-17-2014 |
20140115338 | DIGITAL BROADCAST METHODS USING SECURE MESHES AND WAVELETS - Methods and apparatuses are presented for securely providing digital streaming data to subscriber devices using encrypted wavelet meshes. A recorded image may be subdivided into three sources of data: light sources, camera angles, and the objects themselves. Each of these sources of data may be considered unique from each other, and the totality of the three sources of data may comprise a complete image. Without one of the sources of data, the image may not be complete. Each of the three sources of data may therefore be characterized as key spaces, wherein encrypting part of or the entirety of even one of these key spaces prevents the complete image from being viewed. Methods and apparatuses are provided for utilizing the concept of encrypting at least a portion of at least one of the three key spaces in order to securely and/or privately transmit image data to subscribers. | 04-24-2014 |
20140115339 | METHOD AND APPARATUS FOR SERIAL DEVICE REGISTRATION - Disclosed in the present invention are a method and apparatus for serial device registration. Said method comprises: a first serial device establishes connection with a second serial device; the first serial device reports the device attribute information of the first serial device to the second serial device, so as to initiate the process of registering the first serial device in the second device; in the registration process, after receiving the request of asking for signature certificate from the second serial device, the first serial device sends a first signature certificate to the second serial device; computing the received first challenge code returned from the second serial device, and obtaining a first signature value; sending the first signature value to the second serial device, so as to authenticate the first signature value by the second serial device and return the authentication result to the first serial device; after the authentication, the first serial device accomplishes the registration in the second serial device. The present invention solves the problem of lacking security authentication mechanism at the time of registering, thus improving communication security. | 04-24-2014 |
20140122889 | SYSTEMS, METHODS, AND APPARATUS FOR MARKING, VERIFYING, AND AUTHENTICATING CONSUMER PRODUCTS - Methods for marking a consumer good at a distribution point are described that enable field authentication of the consumer good at an authentication point without connection to a remote database. Methods for authenticating a marked consumer good are described by scanning encrypted indicia without connecting to a remote database are described. Authentication methods for marked consumer goods, apparatus for carrying out the authentication methods, and systems based on the authentication methods are described. | 05-01-2014 |
20140122890 | METHOD AND SYSTEM FOR SECURING THE EXCHANGE OF DATA BETWEEN A CLIENT MODULE AND A SERVER MODULE - A method for securing the exchange of data between a client module and a server module includes steps where: the token module initializes a token and the client module sends the data, which includes a unique identifier and the initialized token to a first security module of the server module; the first security module and the second security module exchange security data bilaterally with one another; the server module transforms the received token; the client module receives the server data, verifies the token and transforms the latter; the client module sends the data, which includes the transformed token to the second security module of the server module, which receives the data, and verifies the identifier and the transformed token; and the second security module communicates with the destination module. | 05-01-2014 |
20140122891 | GENERATING A SECURE SIGNATURE UTILIZING A PLURALITY OF KEY SHARES - A method begins by a module to generate a secure signature on an item by selecting a first key representation index of a set of key representation indexes, wherein a first mathematical encoding of a private key generates a first plurality of key shares as a first key representation. The method continues with the module determining whether a first plurality of signature contributions have been received in response to a signature request for the item based on the first key representation index, wherein one of a first set of dispersed storage (DS) units executes a first mathematical signature function using one of the first plurality of key shares on the item to produce a signature contribution of the first plurality of signature contributions and when the first plurality of signature contributions have been received, generating the secure signature on the item from the first plurality of signature contributions. | 05-01-2014 |
20140129841 | Methods and Apparatus to Identify Media - Methods and apparatus for identifying media are described. An example method includes determining application identification information for a media presentation application executing on a media device, determining a first watermark for the application identification information from a lookup table, requesting media identification information for media from the media presentation application, determining a second watermark for the media identification information from the lookup table, inserting the first watermark in the media prior to output of the media by the media device, and inserting the second watermark in the media prior to the output of the media by the media device. | 05-08-2014 |
20140129842 | UNAUTHORIZED CONTENTS DETECTION SYSTEM - A data processing device for playing back a digital work reduces the processing load involved in verification by using only a predetermined number of encrypted units selected randomly from multiple encrypted units constituting encrypted contents recorded on a DVD. In addition, the data processing device improves the accuracy of detecting unauthorized contents by randomly selecting a predetermined number of encrypted units every time the verification is performed. | 05-08-2014 |
20140156997 | SYSTEM AND METHOD FOR AUTHENTICATING AN ENCODED MULTIMEDIA STREAM USING DIGITAL SIGNATURES - A system and method for authenticating an encoded multimedia stream are disclosed. In one embodiment, one or more digital signatures associated with one or more decodable units in the encoded multimedia stream are generated, in real-time. Further, the generated digital signatures are embedded into the encoded multimedia stream. | 06-05-2014 |
20140164779 | SECURE PROVISIONING IN AN UNTRUSTED ENVIRONMENT - Embodiments include methods for securely provisioning copies of an electronic circuit. A first entity (e.g., a chip manufacturer) embeds one or more secret values into copies of the electronic circuit. A second entity (e.g., an OEM): 1) embeds a trust anchor in a first copy of the electronic circuit; 2) causes the electronic circuit to generate a message signing key pair using the trust anchor and the embedded secret value(s); 3) signs provisioning code using a code signing private key; and 4) sends a corresponding code signing public key, the trust anchor, and the signed provisioning code to a third entity (e.g., a product manufacturer). The third entity embeds the trust anchor in a second copy of the electronic circuit and causes the electronic circuit to: 1) generate the message signing private key; 2) verify the signature of the signed provisioning code using the code signing public key; and 3) launch the provisioning code on the electronic circuit. The electronic circuit can authenticate itself to the OEM using the message signing key pair. | 06-12-2014 |
20140164780 | INFORMATION PROCESSING APPARATUS, SIGNATURE PROVIDING METHOD, SIGNATURE VERIFYING METHOD, PROGRAM, AND RECORDING MEDIUM - An information processing apparatus including a message generating unit that generates N sets of messages based on a multi-order multivariate polynomial set F=(f | 06-12-2014 |
20140173285 | METHOD FOR NON-REPUDIATION OF AD-HOC WORKFLOWS - Described herein is a technique in which the proof that an object (e.g., a document) was processed within a certain task by an entity in a workflow is chain-linked to another proof of the next task. The chain of proofs embedded within the document serves to irrefutably prove that a certain set of tasks were completed before the next task was executed on the object. It is thus difficult, if not impossible, for a user to alter the actions on previous tasks without destroying the chain of proofs. | 06-19-2014 |
20140173286 | Input Challenge Based Authentication - Input challenge based authentication techniques are described in which data regarding a user's input signature is employed for authentication of the user to access resources. Different users have distinct input signatures that are indicative of the manner in which each individual user provides input including at least typing characteristics and timing data. Data regarding input signatures may be captured from user interaction with computing devices and associated with user accounts. Once sufficient data regarding a user's input signature is captured, access to a user account may be controlled at least in part based on the input signature. To do so, an input challenge that indicates a non-secret pattern of input is presented to the user in connection with an authentication sequence. The user reproduces the non-secret pattern of input and selective access to the user account is granted depending upon whether or not the reproduction matches the input signature. | 06-19-2014 |
20140173287 | IDENTIFIER MANAGEMENT METHOD AND SYSTEM - A unique identifier is assigned to each user, and a standard for evaluating the reliability of information dispatched on the Internet using the identifier to reveal the source of the information is achieved by: using the identifier as a search term, and acquiring a corresponding public key from information publicly available on the Internet; using the public key to verify a signature added to text information that includes the identifier; and confirming whether the source of the text information links back to the public key and the identifier. Thereby, an equivalence relation on the text information is established on the basis of the public key and identifier. | 06-19-2014 |
20140173288 | ELLIPTIC CURVE CRYPTOGRAPHY WITH FRAGMENTED KEY PROCESSING AND METHODS FOR USE THEREWITH - A cryptography module includes a key store having a plurality of storage locations for storing a private key as k key fragments. One or more crypto-processing segments each operate based on corresponding ones of the k key fragments to process a message in accordance with elliptic curve digital signature algorithm (ECDSA) to produce a signed message. | 06-19-2014 |
20140181526 | METHODS AND SYSTEMS FOR BYPASSING AUTHENTICITY CHECKS FOR SECURE CONTROL MODULES - Methods and systems are provided for bypassing an authenticity check for a secure control module. In one embodiment, a method includes: receiving authenticity data from a secure source, wherein the authenticity data includes a signature and an identifier that is unique to the control module; programming the control module with the authenticity data; and bypassing the authenticity check of a control program of the control module based on the authenticity data. | 06-26-2014 |
20140181527 | UNSECURE NETWORK SOCKET COMMUNICATION - Disclosed herein are techniques for secure communications through unsecure sockets. It is determined whether an executable file contains a signature from a trustworthy source. If the executable file contains the trustworthy signature, communication from a process is permitted. | 06-26-2014 |
20140181528 | FILE TAMPER DETECTION - This disclosure relates generally to methods and systems for determining when a file has changed. According to one aspect of the present disclosure, a method of determining if contents of a file have changed can include determining if a digital signature created as a function of contents of the file has changed, and when the digital signature has changed, overlaying the contents of the file with a first mark that indicates the contents have changed and blocks a view of the contents of the file. | 06-26-2014 |
20140189360 | SYSTEM AND METHOD FOR IMPLEMENTING TRANSACTION SIGNING WITHIN AN AUTHENTICATION FRAMEWORK - A system, apparatus, method, and machine readable medium are described for performing transaction signing within an authentication framework. For example, one embodiment of a method comprises: executing an online transaction between a first server and a client; providing transaction details of the online transaction to a second server; generating a signature over the transaction details using a key at the second server; transmitting an authentication request to the client with the signature and the transaction details; authenticating a user on the client to generate authentication data, the authentication data specifying whether the user was successfully authenticated on the client; and transmitting the authentication data, the transaction details, and the signature to the second server; using the transaction details and the key to validate the signature and using the authentication details to authenticate the client at the second server, wherein upon validating the signature and authenticating the client, the second server transmits a confirmation for the transaction to the first server. | 07-03-2014 |
20140189361 | NFORMATION PROCESSING APPARATUS, SIGNATURE GENERATION APPARATUS, INFORMATION PROCESSING METHOD, SIGNATURE GENERATION METHOD, AND PROGRAM - Provided is an information processing apparatus including a message generation unit that generates a message based on a pair of multi-order multivariate polynomials F=(f | 07-03-2014 |
20140189362 | METHOD FOR A SECURED BACKUP AND RESTORE OF CONFIGURATION DATA OF AN END-USER DEVICE, AND DEVICE USING THE METHOD - The method for a backup and restore of configuration data of an end-user device comprises the steps: encrypting the configuration data by using symmetric-key encryption with a symmetrical key, signing the encrypted configuration data with a device private key, and sending the encrypted and signed configuration data to a personal computer of a user of the end-user device, and/or to a storage location of a service provider network, for storage. For restoring of configuration data intended for use within the end-user device, a first or a second public key of an asymmetric key encryption system is used for validating signed configuration data provided by the service provider network or for validating signed configuration data stored on the personal computer of the user. | 07-03-2014 |
20140195811 | Method And An Apparatus For Securely Signing Application Data - The invention provides a method and apparatus for the secure electronic signing of electronic documents and data. In a preferred embodiment, a method for generating a first digital signature associated with a set of application data is disclosed. The method comprises the steps of: obtaining a first digital representation in a high level first data format of the set of application data; generating a second digital representation in a low level second data format of the application data whereby said low level second data format is different from said high level first data format; presenting an analog representation of the set of application data to a user, whereby said second digital representation is a precise and accurate representation of said analog representation; obtaining an indication whether said user approves said analog representation for signing; if said indication indicates that the user approves said analog representation for signing, generating said first digital signature over said second digital representation using a first signature key associated with the user. | 07-10-2014 |
20140201534 | NEAR FIELD COMMUNICATION (NFC) DEVICE AND METHOD FOR SELECTIVELY SECURING RECORDS IN A NEAR FIELD COMMUNICATION DATA EXCHANGE FORMAT (NDEF) MESSAGE - A method and apparatus for selectively securing records in a Near Field Communication Data Exchange Format (NDEF) message in a Near Field Communication (NFC) device are provided. The method includes generating a place marker signature record by setting a URI_present field to ‘0’ and setting a signature_type field to a predefined value, wherein a combination of the URI_present field set to ‘0’ and the signature_type field set to the predefined value indicates that a signature Record Type Definition (RTD) is a place marker signature record; and placing the place marker signature record in the NDEF message, wherein a set of records following the place marker signature record are secured. | 07-17-2014 |
20140208119 | Controlling Exposure of Sensitive Data and Operation Using Process Bound Security Tokens in Cloud Computing Environment - Exposure of sensitive information to users is controlled using a first security token containing user identity and user credentials to represent the user who requests services, and a second security token containing two other identities, one identifying the token issuer and the other identifying the owning process. When requesting services, the token-owning process sends a security token to indicate who is making the request, and uses its key to digitally sign the request. The token-owning process signs the request to indicate that it endorses the request. A receiving server accepts a request if (1) the token-owning process endorses the request by signing the request; (2) the token is valid (token is signed by its issuer and the digital signature is verified and unexpired); (3) user entity, which can be a real user or a deployment or a server process, that is represented by the token has the authorization to access the specified resources; and (4) the token-owning process is authorized to endorse the user entity represented by the token to access the specified resources. | 07-24-2014 |
20140208120 | SYSTEM FOR CONTROLLING THE DISTRIBUTION AND USE OF RENDERED DIGITAL WORKS THROUGH WATERMARKING - A trusted rendering system for use in a system for controlling the distribution and use of digital works. A trusted rendering system facilitates the protection of rendered digital works which have been rendered on a system which controls the distribution and use of digital works through the use of dynamically generated watermark information that is embedded in the rendered output. The watermark data typically provides information relating to the owner of the digital work, the rights associated with the rendered copy of the digital work and when and where the digital work was rendered. This information will typically aid in deterring or preventing unauthorized copying of the rendered work to be made. The system for controlling distribution and use of digital works provides for attaching persistent usage rights to a digital work. Digital works are transferred between repositories which are used to request and grant access to digital works. Such repositories are also coupled to credit servers which provide for payment of any fees incurred as a result of accessing a digital work. | 07-24-2014 |
20140208121 | NEAR FIELD COMMUNICATION (NFC) DEVICE AND METHOD FOR SELECTIVELY SECURING RECORDS IN A NEAR FIELD COMMUNICATION DATA EXCHANGE FORMAT (NDEF) MESSAGE - A method and apparatus for selectively securing records in a Near Field Communication Data Exchange Format (NDEF) message in a Near Field Communication (NFC) device are provided. The method includes generating a place marker signature record by setting a URI_present field to ‘0’ and setting a signature_type field to a predefined value, wherein a combination of the URI_present field set to ‘0’ and the signature_type field set to the predefined value indicates that a signature Record Type Definition (RTD) is a place marker signature record; and placing the place marker signature record in the NDEF message, wherein a set of records following the place marker signature record are secured. | 07-24-2014 |
20140208122 | SECURE CONTENT DISTRIBUTION - In an example, a method of securing content is described. The method may include instantiating a content server on a client device. The method may also include operating the content server to retrieve content identified by a Uniform Resource Identifier (URI). The method may also include serving the content from the content server to a content renderer on the client device. The content renderer may be configured to render the content at the client device and to prohibit saving the content in the clear on the client device. | 07-24-2014 |
20140215219 | METHOD FOR VERIFYING AN ELECTRONIC SIGNATURE AND DATA PROCESSING DEVICE - A method for verifying an electronic signature is described including determining a residue class given by the signature; determining an integer having the residue class; determining a field element of a finite field such that the field element corresponds to the integer according to a predetermined mapping of the finite field to the set of integers; determining whether the field element fulfills a predetermined criterion and deciding whether the signature is valid based on whether the field element fulfills the predetermined criterion. | 07-31-2014 |
20140215220 | APPLICATION DISTRIBUTION SYSTEM AND METHOD - The present invention relates to an application distribution system and method, and the application distribution system according to the present invention includes a developer terminal for requesting registration of an application; and an application trading server for registering and posting the application in an application store in response to the request of the developer terminal, in which if the application does not have an electronic signature, the application trading server performs security verification on the application based on preset application security verification criteria, generates an electronic signature for the application and transmits the electronic signature to the developer terminal, and if the application has an electronic signature, the application trading server performs security verification on the application by verifying the electronic signature. | 07-31-2014 |
20140215221 | HITLESS MANUAL CRYPTOGRAPHIC KEY REFRESH IN SECURE PACKET NETWORKS - In a hitless manual cryptographic key refresh scheme, a state machine is independently maintained at each network node. The state machine includes a first state, a second state, and a third state. In the first state, which is the steady state, a current cryptographic key is used both for generating signatures for outgoing packets and for authenticating signatures of incoming packets. In the second state, which is entered when a new cryptographic key is provisioned, the old (i.e. formerly current) key is still used for generating signatures for outgoing packets, however one or, if necessary, both of the old key and the newly provisioned key is used for authenticating signatures of incoming packets. In the third state, the new key is used for generating signatures for outgoing packets and either one or both of the old key and new key are used for authenticating signatures of incoming packets. | 07-31-2014 |
20140215222 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND PROGRAM - Provided an information processing apparatus including a number generation unit configured to generate numbers used in coefficients of terms included in a pair of multi-order multivariate polynomials F=(f | 07-31-2014 |
20140215223 | INFORMATION PROCESSING APPARATUS, SOFTWARE UPDATING METHOD, AND IMAGE PROCESSING APPARATUS - An information processing apparatus which updates a basic software package is disclosed. The information processing apparatus includes an encryption and decryption unit which stores values calculated uniquely from software and encrypts information based on the calculated values and decrypts encrypted information based on the calculated values. The basic software package includes a firmware authenticating module for authenticating a firmware updating file which includes new software for updating the basic software package, a value uniquely calculated from the new software, and a public key signature. The information processing apparatus further includes a software updating module which updates the basic software package by using the authenticated firmware updating file, and an encryption key managing module for encrypting again the information encrypted by the values based on a value changed by updating the basic software package. | 07-31-2014 |
20140215224 | STATUTORY LICENSE RESTRICTED DIGITAL MEDIA PLAYBACK ON PORTABLE DEVICES - Systems and methods are described for, e.g., providing a statutory audio content service on a portable device that complies with the provisions of the Digital Millennium Copyright Act (DMCA). The user can select a playlist subject to DMCA restrictions but cannot access individual items. Content playback, including skipping of content, is restricted to enforce relevant DMCA provisions. Encryption used to implement digital rights management (DRM) may be modified to enforce such content play rules or, alternatively, an additional layer of encryption may be imposed. Limitations on playback are stored along with the playlist structure in a form that is protected against modification. Information logging content playback is maintained in protected form to be uploaded and relayed to the service provider for the purpose of calculating royalty payments. | 07-31-2014 |
20140223184 | METHOD AND SYSTEM FOR AUTHENTICATING AN ACCESSORY - A method, system, and connector interface for authenticating an accessory. the method includes performing a first authentication operation on the accessory by the media player, where an authentication certificate is validated; and performing a second authentication operation on the accessory by the media player, where an authentication signature is validated. According to the system and method disclosed herein, the media player and accessory may utilize a plurality of commands utilized in a variety of environments such as within a connector interface system environment to control access to the media player. | 08-07-2014 |
20140223185 | ACTION VERIFICATION METHODS AND SYSTEMS - The present invention relates to a method of verifying that an action is authorised by a user, including receiving a request from a first user device to a remote service via a first communications channel to perform an action at the remote service, receiving a user identifier from the first user device via the first communications channel, the user identifier identifying the user, associating the user identifier with data relating to the requested action, communicating the data to a second user device associated with the same user identifier via a second communications channel, receiving a user verification code associated with the user identifier, and determining if the user verification code includes the data, which is digitally signed using a code generation algorithm based on at least a key associated with the user identifier, the digitally signed data verifying that the action is authorised by the user. | 08-07-2014 |
20140223186 | SYSTEM AND METHOD FOR VERIFYING DIGITAL SIGNAUTES ON CERTIFICATES - A system and method for verifying a digital signature on a certificate, which may be used in the processing of encoded messages. In one embodiment, when a digital signature is successfully verified in a signature verification operation, the public key used to verify that digital signature is cached. When a subsequent attempt to verify the digital signature is made, the public key to be used to verify the digital signature is compared to the cached key. If the keys match, the digital signature can be successfully verified without requiring that a signature verification operation in which some data is decoded using the public key be performed. | 08-07-2014 |
20140223187 | Method for Authenticating Key Information Between Terminals of a Communication Link - With the help of a key management protocol, the transmitted key information is authenticated by at least one certificate signed by the terminals, and at least one fingerprint of the public keys or certificate, which were used for authenticating the key information, is added to the useful part of an SIP message. The identity information present in the header of an SIP message is additionally copied into a region of the header or the useful part, and a signature is produced by way of the fingerprint, the datum information presented in the header of an SIP message, the copied identity information, and optionally the certificate reference information, and is inserted into a further region of the header of the SIP message. The additional signature that is produced and inserted can remain uninfluenced during a transmission across several networks of different network operators. | 08-07-2014 |
20140237251 | Digital Signature System - A message signing system including a processor operative to receive a seed S | 08-21-2014 |
20140237252 | TECHNIQUES FOR VALIDATING DATA EXCHANGE - Disclosed are various embodiments for confirming transactions between cryptographic applications. A transaction confirmation is generated using metadata for ciphertext data. The transaction confirmation is signed using a private key of a temporary key pair. The signed transaction confirmation and a public key of the temporary key pair are converted into a publication format. The signed transaction confirmation and the public key of the temporary key pair are then published in the publication format. | 08-21-2014 |
20140237253 | CRYPTOGRAPHIC DEVICES AND METHODS FOR GENERATING AND VERIFYING COMMITMENTS FROM LINEARLY HOMOMORPHIC SIGNATURES - A processor of a device generates a cryptographic commitment by receiving a vector {right arrow over (m)}, a public verification key of a homomorphic signature scheme, and a tag; choosing a signature σ in the signature space; generating a commitment c by running the verification algorithm of the homomorphic signature scheme; and outputting the commitment c as intermediate values resulting from the verification algorithm. | 08-21-2014 |
20140237254 | CRYPTOGRAPHIC DEVICES AND METHODS FOR GENERATING AND VERIFYING LINEARLY HOMOMORPHIC STRUCTURE-PRESERVING SIGNATURES - Generation of linearly homomorphic structure-preserving signature σ on a vector (M | 08-21-2014 |
20140245018 | Systems and Methods for Media Recognition - Certain embodiments described herein provide methods and systems for media recognition. One exemplary embodiment involves recognizing a piece of media in two steps. First, a watermark may be recognized that identifies that the media has a media identifying fingerprint. Second, that fingerprint is retrieved and used to recognize the media content. Using a combination of watermarking and fingerprinting techniques provides various advantages, for example, it may address traditional inaccuracies involved with watermarking while reducing the computational power and bandwidth required to analyze every piece of media for a fingerprint. | 08-28-2014 |
20140245019 | APPARATUS FOR GENERATING PRIVACY-PROTECTING DOCUMENT AUTHENTICATION INFORMATION AND METHOD OF PERFORMING PRIVACY-PROTECTING DOCUMENT AUTHENTICATION USING THE SAME - Disclosed herein are an apparatus for generating the privacy-protecting document authentication information and a method of performing privacy-protecting document authentication. The apparatus for generating the privacy-protecting document authentication information includes an electronic signature information generation unit, a multi-dimensional code generation unit, and a multi-dimensional code output unit. The electronic signature information generation unit generates electronic signature information for the content of an input document. The multi-dimensional code generation unit generates a multi-dimensional code corresponding to the generated electronic signature information. The multi-dimensional code output unit outputs the generated multi-dimensional code onto the document. | 08-28-2014 |
20140281555 | GENERALIZED CERTIFICATE USE IN POLICY-BASED SECURE MESSAGING ENVIRONMENTS - Within a secure messaging environment, a determination is made that a request to send a message has been generated by a user. A message protection policy configured to process the message within the secure messaging environment is identified. The message protection policy specifies that, within the secure messaging environment, a secured digital certificate, other than a user-assigned digital certificate of the user, is configured with an associated private key to digitally sign the message on behalf of the user. Based upon the message protection policy, a determination is made to digitally sign the message using the private key of the secured digital certificate. The message is signed on behalf of the user using the private key of the secured digital certificate. | 09-18-2014 |
20140281556 | MEDIA PRESENTATION DESCRIPTION VERIFICATION - Methods and systems are described for verifying the source and integrity of a media presentation description (MPD) defined by the Dynamic Adaptive Streaming over HTTP (DASH) protocol. A streaming client receives an MPD from an MPD publisher. The MPD can include addresses associated with one or more media servers and/or advertising servers. The streaming client can receive from the MPD publisher at least one of a digital signature, cryptographic key, and certificate information associated with the MPD. The streaming client can verify the legitimacy of the MPD by verifying the digital signature using the received cryptographic key. The streaming client may use the certificate information to verify the MPD. The streaming client can prevent playing the media associated with the MPD if the MPD is not legitimate. The legitimacy of servers associated with addresses in the MPD may also be verified using authentication information for servers stored in the MPD. | 09-18-2014 |
20140281557 | DIGITAL RIGHTS TAGGING SYSTEM AND METHOD - A system is provided that includes a receiving component a first encrypting component and a second encrypting component. The receiving component can receive, from a first user, item identification data based on a tangible item and an ownership verification indicator. The receiving component can also receive, from the first user, image data based on the tangible item. The first encrypting component can generate encrypted item identification data based on the item identification data. The second encrypting component operable to generate encrypted image data based on the image data. The resultant set of encrypted information is stored so as to associate the image and the ownership data for use later as proof of ownership of an item and its associated rights. | 09-18-2014 |
20140281558 | GENERALIZED CERTIFICATE USE IN POLICY-BASED SECURE MESSAGING ENVIRONMENTS - Within a secure messaging environment, a determination is made that a request to send a message has been generated by a user. A message protection policy configured to process the message within the secure messaging environment is identified. The message protection policy specifies that, within the secure messaging environment, a secured digital certificate, other than a user-assigned digital certificate of the user, is configured with an associated private key to digitally sign the message on behalf of the user. Based upon the message protection policy, a determination is made to digitally sign the message using the private key of the secured digital certificate. The message is signed on behalf of the user using the private key of the secured digital certificate. | 09-18-2014 |
20140289531 | COMMUNICATION SYSTEM, RELAY DEVICE, AND NON-TRANSITORY COMPUTER READABLE MEDIUM - A communication system includes a first relay device connected to a first network accessible by any user, and a second relay device connected to a second network accessible by a specific user. The first relay device includes a first receiver, a first authentication information acquisition unit, and a first transmitter. The first receiver receives an electronic certificate from a terminal device of the specific user. The first authentication information acquisition unit acquires authentication information. The first transmitter transmits the authentication information to a service device connected to the first network, and transmits the electronic certificate to the second relay device. The second relay device includes a second receiver, a second authentication information acquisition unit, and a second transmitter. The second receiver receives the electronic certificate. The second authentication information acquisition unit acquires authentication information. The second transmitter transmits the authentication information to a service device connected to the second network. | 09-25-2014 |
20140289532 | VALIDITY DETERMINATION METHOD AND VALIDITY DETERMINATION APPARATUS - A validity determination method includes having a receiving apparatus of electronic data identify a public key corresponding to an electronic signature attached to the received electronic data among one or more public keys having respective valid terms, send a resend-request of the electronic data if the identified public key is not valid, and determine validity of the electronic data based on whether the electronic data is resent in response to the resend-request; and having a sending apparatus of the electronic data resend the electronic data to the receiving apparatus in response to receiving the resend-request if the sending apparatus has sent the electronic data relevant to the resend-request in a past. | 09-25-2014 |
20140298031 | Method for Determining Debug Authorization for Motherboard Control Module and Associated Motherboard Control Module - By comparing a chip unique password, certification for activating a debug function can be established on the chip unique password. Thus, even when the chip unique password is lost due to negligence, not only certification for activating debugging on other motherboards of the same model number can remain unaffected, but also risks caused by replacing a chip or by a private key leakage from a system manufacturer are eliminated. | 10-02-2014 |
20140298032 | Authentication System for Gaming Machines - Disclosed is a system and method that uses digital signature technology to authenticate the contents of one or more manifests located on a storage device. Each manifest contains a list of file records, where each record contains the name of a file stored on the storage device, and a SHA1 hash value derived from the contents of the file. At boot time, the gaming machine first authenticates the contents of the manifest and then verifies the contents of the files using the SHA1 value stored in the manifest. Files are verified using the SHA1, as they are needed, during the boot up of the operating system and throughout normal operation. This method reduces the boot time of the gaming machine and eliminates the need to check digital signatures for each individual file or over the entire contents of a non-secure media. | 10-02-2014 |
20140298033 | HYBRID SIGNATURE SCHEME - A signature scheme is provided in which a message is divided in to a first portion which is hidden and is recovered during verification, and a second portion which is visible and is required as input to the verification algorithm. A first signature component is generated by encrypting the first portion alone. An intermediate component is formed by combining the first component and the visible portion and cryptographically hashing them. A second signature component is then formed using the intermediate component and the signature comprises the first and second components with the visible portion. A verification of the signature combines a first component derived only from the hidden portion of the message with the visible portion and produces a hash of the combination. The computed hash is used together with publicly available information to generate a bit string corresponding to the hidden portion. | 10-02-2014 |
20140298034 | DATA AUTHENTICITY ASSURANCE METHOD, MANAGEMENT COMPUTER, AND STORAGE MEDIUM - A data authenticity assurance method carried out by a management computer including: a first step of receiving the first data piece from the computer; a second step of selecting a plurality of second data pieces at predetermined intervals in chronological order from among the plurality of second data pieces held in the data holding part; a third step of performing an arithmetic operation for each of the hash values of the selected plurality of second data pieces; a fourth step of generating signature target data by combining the first data piece received from the computer with the hash values of the selected plurality of second data pieces; and a fifth step of generating a second data piece by assigning the digital signature to the signature target data by using the preset key, and holding the generated second data piece in chronological order sequentially in the data holding part. | 10-02-2014 |
20140304515 | CONTENT INTEGRITY AND INCREMENTAL SECURITY - A media signer produces an array of hash values including a respective hash value for each of multiple different portions of content. The media signer applies a hash function and an encryption key to the array of hash values to create a digital signature associated with the content. Prior to playback of the content, a media verifier retrieves the array of hash values for the different portions of content. The media verifier produces a hash value result for the retrieved array. Based on the hash value result for the retrieved array and a hash value result of the array in the received digital signature, the media verifier verifies the integrity of the retrieved array. If the retrieved array of hash values is found to be trustworthy, the media verifier determines the integrity of a portion of the content by verifying the portion's corresponding hash value from the “trustworthy” array. | 10-09-2014 |
20140304516 | Authentication and Binding of Multiple Devices - Systems and methods are described that relate to authentication and/or binding of multiple devices with varying security profiles. In one aspect, a first device with a higher security profile may vouch for the authenticity of a second device with a lower security profile when the second device requests access for content from a content provider. The vouching process may be implemented by allowing the first device to overlay its digital signature on a registration request that has been signed and transmitted by the second device. The second device with the lower security profile may access content from the content provider or source for a predetermined time period, even when the second device does not access content through the first device. | 10-09-2014 |
20140304517 | METHOD FOR SECURING CREDENTIALS IN A REMOTE REPOSITORY - A method of securing user credentials in a remote repository is provided. In accordance with one embodiment, there is provided a method comprising generating a first private key and a first public key pair from a registered password; generating a second private key and a second public key pair; generating a storage key from the second private key and the first public key; encrypting a set of credentials using the storage key; creating a encrypted credential signature from the encrypted set of credentials and the first private key; and storing the encrypted set of credentials, the encrypted credential signature, and the second public key in the remote repository. | 10-09-2014 |
20140304518 | MOBILE SOLUTION FOR SIGNING AND RETAINING THIRD-PARTY DOCUMENTS - Techniques for signer-initiated electronic document signing via an electronic signature service using a mobile or other client device are described. Example embodiments provide an electronic signature service (“ESS”) configured to facilitate the creation, storage, and management of documents and corresponding electronic signatures. In some embodiments, when a signer user receives an electronic signature document on a mobile device, the signer may use a client module executing on the mobile device to import the document into the ESS. Once the document is imported into the ESS, the signer can access, review, and sign the document at the ESS via the mobile device. After signing the document, the signer can use the mobile device to cause the ESS to provide the signed document to one or more recipients. | 10-09-2014 |
20140304519 | METHOD AND SYSTEM FOR PRESERVING PRIVACY AND ACCOUNTABILITY - A computer implemented method, computer program product, server and clients for preserving privacy and accountability. The server receives from a first client computer pseudonymous, encrypted data and stores the pseudonymous, encrypted data. The -server further receives receiving at from a second client computer a data request for the pseudonymous, encrypted data and provides the pseudonymous, encrypted data to the second client computer in response to the data request. The server receives from the second client computer a signed key request for at least one key, wherein the at least one key is configured to decrypt the pseudonymous, encrypted data and wherein the signed key request comprises a public key of the second client computer. The server receives from the first client computer the at least one key, wherein the at least one key is encrypted with the public key of the second client computer and provides the at least one encrypted key to the second client computer in response to the signed key request. | 10-09-2014 |
20140310528 | DIGITAL RIGHTS MANAGEMENT USING TRUSTED PROCESSING TECHNIQUES - The present invention discloses several methods to strengthen the integrity of entities, messages, and processing related to content distribution as defined by the Open Mobile Alliance (OMA) Digital Rights Management (DRM). The methods use techniques related to the Trusted Computing Group (TCG) specifications. A first embodiment uses TCG techniques to verify platform and DRM software integrity or trustworthiness, both with and without modifications to the DRM rights object acquisition protocol (ROAP) and DRM content format specifications. A second embodiment uses TCG techniques to strengthen the integrity of ROAP messages, constituent information, and processing without changing the existing ROAP protocol. A third embodiment uses TCG techniques to strengthen the integrity of the ROAP messages, information, and processing with some changes to the existing ROAP protocol. | 10-16-2014 |
20140310529 | HNB OR HeNB SECURITY ACCESS METHOD AND SYSTEM, AND CORE NETWORK ELEMENT - A Home (Evolved) NodeB (H(e)NB) security access method and system, and a core network element are disclosed. The method includes a security gateway (SeGW) signing a digital signature for identity information of an H(e)NB and sending the digital signature to the H(e)NB, the H(e)NB sending the identity information of the H(e)NB and the digital signature to the core network element, and the core network element performing a correctness verification on the identity information of the H(e)NB and the digital signature. | 10-16-2014 |
20140317413 | SECURE REMEDIATION OF DEVICES REQUESTING CLOUD SERVICES - In accordance with embodiments disclosed herein, there are provided systems, apparatuses, and methods for implementing secure remediation of devices requesting cloud services. For example, in one embodiment, such means may include means for receiving, at a services provider, a request for services from a client; means for requesting authentication from the client to verify the client is one of a plurality of known subscribers of the services; means for requesting attestation to verify compliance of the client with a policy specified by the services provider; means for receiving an attestation confirmation from an attestation verifier, the attestation confirmation verifying compliance of the client with the policy specified by the services provider; and means for granting the client access to the services requested. | 10-23-2014 |
20140325233 | DIGITAL WATERMARKING FOR SECURE TRANSMISSION BETWEEN A SOURCE COMPONENT AND A NODE DEVICE - A system and method for embedding a watermark into a data file and communicating the data file to a particular node from a source component is described. The system includes a particular node, a source component, a node identifier request, a query, a watermark, a permutation key, an encrypted data file, and a node decryption key. The node identifier request is communicated from the source component to the particular node. The watermark is then embedded into the data file by the source component. The permutation key is configured to permute the watermark and the permutation key is changed so the location of the watermark changes. The encrypted data is decrypted at the particular node with the node decryption key that corresponds to the particular node. The particular node recovers the watermark from the data file with the permutation key. | 10-30-2014 |
20140331054 | VIRTUAL DESKTOP ACCELERATOR WITH ENHANCED BANDWIDTH USAGE - In particular embodiments, a method includes receiving a request for a signature verification. In response to the request, signature data is encrypted. A first data size associated with the signature data is determined. A second data size associated with data of a data packet is determined. The method includes comparing the sum of the first data size and the second data size to a pre-determined data size. When the sum is less than or equal to the pre-determined data size, the encrypted signature data is included in the data packet; and the data packet is transmitted over a network. | 11-06-2014 |
20140331055 | SYSTEM AND METHOD FOR INTERAPPLICATION COMMUNICATIONS - A first executable program on a computer system is enabled to exchange communications with a second executable program on the computer system by determining that the first executable program requests to exchange information with the second executable program, using the second executable program to challenge the first executable program for a digital certificate, and using the second executable program to exchange information with the first executable program when the digital certificate is verified. | 11-06-2014 |
20140331056 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING METHOD, AND PROGRAM - An information processing system comprising interface circuitry configured to receive message-independent information, the message-independent information having been generated by another apparatus and transferred to the interface in advance of a digital signature being generated, send message-dependent information to an external device, and receive a digital signature from the external device; and processing circuitry configured to generate the message-dependent information from a message and at least a part of the message-independent information, and associate the digital signature with the message. | 11-06-2014 |
20140337630 | Use of Multiple Digital Signatures and Quorum Rules to Verify Aircraft Information - A method and apparatus for verifying data for use on an aircraft. A plurality of digital certificates associated with the data is received by a processor unit. The processor unit verifies the data for use on the aircraft using a selected number of the plurality of digital certificates. | 11-13-2014 |
20140337631 | METHOD FOR COPY-PROTECTED STORAGE OF INFORMATION ON A DATA CARRIER - A method for storing digital data information on a data carrier and for reading the information therefrom uses a disk having an individual digital identifier. A signature is formed, and the information includes information items, which can be processed by a first electronic data processing device only if the identifier and the signature are in a predefined relation to one another. To supply a household appliance operated by an electric motor with process control data, while ensuring that only original data are used, the information components can be processed by a second electronic data processing device even if the signature and the identifier are not in the predefined relation to one another. Also, a household appliance operable by an electric motor, in particular a food processor, has an electronic data processing device. A system and an integrated semiconductor circuit also realize the features for storing digital data information. | 11-13-2014 |
20140337632 | CERTIFICATE DISTRIBUTION DEVICE AND METHOD FOR SAME, AND COMPUTER PROGRAM - Distribution of a certificate and a private key via a network includes a certificate/private key storage unit by which a certificate and a private key prepared for distribution to one or more devices are stored; a security level storage unit by which a security level for each device belonging to a device group is stored; and a display/instruction unit by which a selection screen prompting a user to select one or more devices from the device group is displayed. An instruction for the selection made by the user is received; and a certificate/private key distribution unit by which, via the network, the certificate and the private key for each device are distributed to the one or multiple devices for which the instruction for selection was made. For each device, the selection screen displays the device security level. | 11-13-2014 |
20140344581 | Secure Upgrades for Field Programmable Devices - Techniques are provided for securely upgrading a field programmable circuit, e.g., a Field Programmable Gate Array (FPGA), in a device that has been deployed to a customer site. A plurality of keys is stored in the device, e.g., public, private, and/or symmetric keys. The keys are used to authenticate and decrypt a newly received FPGA software image upgrade. The image upgrade is re-encrypted using one of the stored keys and stored in the computing device. The device is booted and the encrypted image upgrade is loaded into the field programmable circuit. The encrypted image upgrade is decrypted to obtain the image upgrade for execution on the field programmable circuit. | 11-20-2014 |
20140344582 | INFORMATION RECORDING DEVICE - The data storage portion stores an encrypted medium device key Enc (Kcu, Kmd_i) generated by encrypting a medium device key (Kmd_i), a medium device key certificate (Certmedia), and encrypted content data generated by encrypting content data, the controller stores a controller key (Kc) and first controller identification information (IDcu), the information recording device being configured to execute, after being connected to an external host device, an one-way function calculation based on the controller key (Kc) and the first controller identification information (IDcu) to generate a controller unique key (Kcu) used when decrypting the encrypted medium device key Enc (Kcu, Kmd_i), and second controller identification information (IDcntr) used when decrypting the encrypted content data. | 11-20-2014 |
20140351598 | SYSTEMS AND METHODS FOR BROADCAST WLAN MESSAGES WITH MESSAGE AUTHENTICATION - Systems, methods, and devices for broadcast wireless local area network messages with message authentication are contained herein. The method includes determining a digital signature for a broadcast packet to be transmitted to a plurality of devices on a wireless local area network, the digital signature encrypted using asymmetric cryptography to enable each of the plurality of devices to verify an identity of a device transmitting the broadcast packet. The method further includes transmitting the broadcast packet on the network, the broadcast packet including the digital signature. | 11-27-2014 |
20140351599 | SYSTEM AND METHOD FOR UPDATING MESSAGE TRUST STATUS - Systems and methods for processing encoded messages within a wireless communications system are disclosed. A server within the wireless communications system performs signature verification of an encoded message and provides, together with the message, an indication to the mobile device that the message has been verified. In addition, the server provides supplemental information, such as, for example, a hash of the certificate or certificate chain used to verify the message, to the device, to enable the device to perform additional checks on the certificate, such as, for example, validity checks, trust checks, strength checks, or the like. | 11-27-2014 |
20140351600 | METHOD AND APPARATUS FOR AUTHENTICATING STATIC TRANSCEIVER DATA AND METHOD OF OPERATING AN AIS TRANSCEIVER - A method and apparatus which ensures that static data entered into a communications device or apparatus is accurate, or at least consistent with data provided to an authentication service. In some embodiments of the invention, the authentication service may maintain a database of static data associated with each communications apparatus and/or verify the validity of at least a portion of the static data | 11-27-2014 |
20140351601 | PRODUCT AUTHENTICATION USING END-TO-END CRYPTOGRAPHIC SCHEME - A system is provided for inside-to-outside or outside-to-inside cryptographic coding that facilitates product authentication along a distribution channel. An association of authenticated, secured codes is generated between inner items (e.g., pharmaceutical doses such as pills, capsules, tablets) and outer items (e.g., packaging containing inner items). For instance, an inner code associated with a first item is used to generate (at least partially) an outer code associated with a second item that contains one or more first items. This process may be repeated multiple times with codes for outer items being a function of codes for inner items. The sequence of items may be authenticated by the dependent relationship between their codes. | 11-27-2014 |
20140359296 | METHODS TO IMPROVE SECURE FLASH PROGRAMMING - Methods are provided for securely loading software objects into an electronic control unit. The methods include receiving a first software object comprising a second level public key certificate, a first encryption signature and a first set of software. Once the first software object is received, validating the first second level public key is validated with the embedded root public key, the first encryption signature with the first second level public key certificate, and the first set of software with the first encryption signature. When the first set of software is valid, then the first second level public key certificate and the first set of software are stored to non-volatile memory. Once stored, a consecutive software object is received comprising only a consecutive encryption signature and a consecutive set of software from the programming source. The consecutive encryption signature is validated with the stored second level public key certificate, and the consecutive set of software is validated with the consecutive encryption signature. | 12-04-2014 |
20140359297 | Systems and Methods for Intermediate Message Authentication in a Switched-Path Network - Systems, methods, and devices are provided for intermediate authentication of a message transmitted through a switched-path network, such as an optical transport network (OTN). In one method, a message transmitted through communication nodes of a switched-path network may be authenticated, at least partially, by authentication logic of one or more of the communication nodes. The one or more communication nodes may identify whether a prior communication node has tampered with or corrupted the message or may generate an authentication tag to enable an authentication authority to authenticate the message. | 12-04-2014 |
20140359298 | SYSTEMS AND METHODS TO SECURE USER IDENTIFICATION - A computing apparatus configured to verify a digital signature applied on a set of data received from a user device, including a user ID assigned by a partner system to uniquely identify a user of the user device among customers of the partner system, and a user device identifier identifying the user device. The digital signature is generated via applying a cryptographic one-way hash function on a combination of the set of data and a secret, shared between the computing apparatus and the partner system via a secure communication channel separate from a channel used to receive the set of data. | 12-04-2014 |
20140365779 | GENERATING DIGITAL SIGNATURES - Methods, systems, and computer programs for generating a digital signature are disclosed. In some aspects, a symmetric key is accessed. The symmetric key is based on an ephemeral public key. The ephemeral public key is associated with an ephemeral private key. A ciphertext is generated based on the symmetric key and a message. An input value is obtained based on the ciphertext independent of a hash function. A digital signature is generated from the ephemeral private key, the input value, and a long term private key. | 12-11-2014 |
20140372763 | DYNAMIC MEDIA ZONES SYSTEMS AND METHODS - Systems and methods are described for applying digital rights management techniques to manage zones in electronic content. In one embodiment, zones are defined in a piece of electronic content, and a license is associated with the electronic content that indicates how the zones are to be accessed or otherwise used. A digital rights management engine governs access to or other use of the zoned content in accordance with the license. | 12-18-2014 |
20140372764 | SCHEMA SIGNING - In one embodiment, an object in a database schema may be verified as having a valid digital signature associated with a trusted entity. An application may be permitted access to the object of the database schema only when the object of the database schema is verified to have a valid digital signature associated with the trusted entity. In another embodiment, an object in a database schema may be verified as having a digital signature associated with at least one trusted entity. An application may be permitted access to the object of the database schema only when the digital signature for the object is verified to be associated with the at least one trusted entity. | 12-18-2014 |
20140372765 | Hashing Prefix-Free Values in a Signature Scheme - Methods, systems, and computer programs for producing hash values are disclosed. A prefix-free value is obtained based on input data. The prefix-free value can be based on an implicit certificate, a message to be signed, a message to be verified, or other suitable information. A hash value is obtained by applying a hash function to the prefix-free value. The hash value is used in a cryptographic scheme. In some instances, a public key or a private key is generated based on the hash value. In some instances, a digital signature is generated based on the hash value, or a digital signature is verified based on the hash value, as appropriate. | 12-18-2014 |
20140380058 | Process Authentication and Resource Permissions - The techniques and systems described herein present various implementations of a model for authenticating processes for execution and specifying and enforcing permission restrictions on system resources for processes and users. In some implementations, a binary file for an application, program, or process may be augmented to include a digital signature encrypted with a key such that an operating system may subsequently authenticate the digital signature. Once the binary file has been authenticated, the operating system may create a process and tag the process with metadata indicating the type of permissions that are allowed for the process. The metadata may correspond to a particular access level for specifying resource permissions. | 12-25-2014 |
20140380059 | AUTHENTICATION OF EMAIL SERVERS - An originating email server is authenticated by a destination email server using a public key provided by the originating email server, thereby making it possible to detect an email with a forged origination address with no action required by a domain owner. A personal computer is authenticated using a reputation report associated with a unique number corresponding to the personal computer, enabling, in one embodiment, spam detection, and, in another embodiment, a decision that a valid user is requesting service registration at a website. | 12-25-2014 |
20150012752 | MULTI-FACTOR DEVICE AUTHENTICATION - A method and system for the secure delivery of data to a remote device that has been registered and which requires authentication through the use of a multifactor signature profile is disclosed, and in particular according to certain disclosed aspects, a method and system for ensuring that an authenticated remote device remains authenticated. | 01-08-2015 |
20150012753 | TERMINAL DEVICE, VERIFICATION DEVICE, KEY DISTRIBUTION DEVICE, CONTENT PLAYBACK METHOD, KEY DISTRIBUTION METHOD, AND COMPUTER PROGRAM - The terminal device | 01-08-2015 |
20150019871 | CERTIFICATION METHOD AND ELECTRONIC DEVICE - A certification method comprises steps of: providing a reliable time clock on a first electronic device; when data of the digital file are generated on the first electronic device, reading a reliable time count from the reliable time clock and adding the reliable time count into the digital file; generating a first abstract code from the digital file; generating a signature of the digital file by encrypting the first abstract code; and, sending the digital file and the signature to a second electronic device. In addition, electronic devices corresponding to the certification method are also disclosed herein. | 01-15-2015 |
20150019872 | METHOD AND DEVICE FOR VERIFYING THE INTEGRITY OF PLATFORM SOFTWARE OF AN ELECTRONIC DEVICE - A method for verifying the integrity of platform software of an electronic device is provided, the method comprising accessing a module of said platform software, obtaining a signature (S), obtaining a verification key (VK), said verification key (VK) corresponding to a signing key (SK), verifying if said signature (S) was derived by signing said platform software module with said signing key (SK), by using said verification key (VK), and establishing a positive verification of said platform software module if said verification is successful. The invention also provides a method for providing a platform software module to perform the aforementioned method, and a device on which the aforementioned method can be performed. | 01-15-2015 |
20150026477 | SYSTEM AND METHOD FOR DELIVERING APPLICATION CONTENT - A system and method for messaging application content that includes providing an application content messaging application programming interface (API); receiving a content delivery request from an account, through the application content messaging API; retrieving device information of a destination endpoint specified in the content delivery request; based on the device information, selecting an application content format from a set of formats and obtaining application content in the application content format; and transmitting the application content. | 01-22-2015 |
20150033023 | PREVENTING PLAYBACK OF STREAMING VIDEO IF ADS ARE REMOVED - A digitally signed manifest file includes metadata that specifies whether a policy regarding the digital signature should be enforced. The policy is then used to generate additional metadata associated with the program and ad content of the video stream. The metadata is tamper resistant so that any modification or removal of the metadata will prevent the video stream from playing. If the metadata indicates that the policy should be enforced, the digital signature of the manifest is verified by the client, and an invalid or missing signature prevents the video stream from being played back. The metadata defines which media players are allowed and/or not allowed to play back a video stream, including media players that are configured to skip or remove ads, and/or includes an encryption key identifier for verifying the digital signature. The ad content is digitally signed to prevent modification or replacement of the ad content. | 01-29-2015 |
20150033024 | DATA DISTRIBUTION PATH VERIFICATION - A method may include receiving data and first path-metadata. The first path-metadata may include a first entity identifier. The first entity identifier may be associated with a first receiving entity that receives the data and the first path-metadata from an originating entity. The first path-metadata may also include a first digital signature associated with the originating entity. The method may further include receiving second path-metadata that may include the first path-metadata and a second entity identifier associated with a second receiving entity. The second path-metadata may also include a second digital signature associated with the first receiving entity. The method may additionally include verifying that the data was communicated by the originating entity to the first receiving entity and from the first receiving entity to the second receiving entity based on the first path-metadata, the second path-metadata, the first digital signature, and the second digital signature. | 01-29-2015 |
20150033025 | Digital Signature Technique - A method for signing a digital message, including the following steps: selecting parameters that include first and second primes, a ring of polynomials related to the primes, and at least one range-defining integer; deriving private and public keys respectively related to a random polynomial private key of the ring of polynomials, and to evaluations of roots of unity of the random polynomial to obtain a public key set of integers; storing the private key and publishing the public key; signing the digital message by: (A) generating a noise polynomial, (B) deriving a candidate signature by obtaining a hash of the digital message and the public key evaluated at the noise polynomial, and determining the candidate signature using the private key, a polynomial derived from the hash, and the noise polynomial, (C) determining whether the coefficients of the candidate signature are in a predetermined range dependent on the at least one range-defining integer, and (D) repeating steps (A) through (C) until the criterion of step (C) is satisfied, and outputting the resultant candidate signature as an encoded signed message. | 01-29-2015 |
20150033026 | DYNAMIC TARDOS TRAITOR TRACING SCHEMES - A fingerprinting method. For each round in a series of rounds: providing to each receiver in a set of receivers a version of a source item of content, the source item of content corresponding to the round. For the round there is a corresponding part of a fingerprint-code for the receiver, the part includes one or more symbols. The version provided to the receiver represents those one or more symbols. One or more corresponding symbols are obtained from a suspect item as a corresponding part of a suspect-code. For each receiver in the set of receivers, a corresponding score that indicates a likelihood that the receiver is a colluding-receiver is updated. | 01-29-2015 |
20150033027 | CRYPTOGRAPHIC SECURITY FUNCTIONS BASED ON ANTICIPATED CHANGES IN DYNAMIC MINUTIAE - Dynamic key cryptography validates mobile device users to cloud services by uniquely identifying the user's electronic device using a very wide range of hardware, firmware, and software minutiae, user secrets, and user biometric values found in or collected by the device. Processes for uniquely identifying and validating the device include: selecting a subset of minutia from a plurality of minutia types; computing a challenge from which the user device can form a response based on the selected combination of minutia; computing a set of pre-processed responses that covers a range of all actual responses possible to be received from the device if the combination of the particular device with the device's collected actual values of minutia is valid; receiving an actual response to the challenge from the device; determining whether the actual response matches any of the pre-processed responses; and providing validation, enabling authentication, data protection, and digital signatures. | 01-29-2015 |
20150039893 | DOCUMENT VERIFICATION WITH ID AUGMENTATION - At least one node in a distributed hash tree document verification infrastructure is augmented with an identifier of an entity in a registration path. A data signature, which includes parameters for recomputation of a verifying value, and which is associated with a digital input record, will therefore also include data that identifies at least one entity in the hash tree path used for its initial registration in the infrastructure. | 02-05-2015 |
20150039894 | SYSTEM AND METHOD FOR AUTHENTICATION FOR TRANSCEIVERS - A method and apparatus of a network element that authenticates a transceiver and/or a field replaceable unit of the network element is described. The network element generates a stored transceiver signature using transceiver data stored in the removable transceiver and a nonce. In addition, the network element generates a hardware transceiver signature using data stored in secure storage of the network element and the nonce. If the stored transceiver signature and the hardware transceiver signature are equal, the network element uses the transceiver to communicate network data for the network element. Otherwise, the network element disables the transceiver. | 02-05-2015 |
20150039895 | SYSTEM AND METHOD FOR AUTHENTICATION FOR FIELD REPLACEABLE UNITS - A method and apparatus of a network element that authenticates a field replaceable unit of the network element is described. The network element authenticates a field replaceable unit of the network element by generating a nonce. In addition, the network element generates a signature using a nonce and a private encryption key that is securely stored in the field replaceable unit. The network element further verifies the signature using a public encryption key that is a pair to the private encryption key and is not securely stored in the field replaceable unit. If the field replaceable unit is verified, the network element uses the field replaceable unit to operate the network element. Otherwise, the network element disables the field replaceable unit. | 02-05-2015 |
20150039896 | SYSTEM AND METHOD FOR POOL-BASED IDENTITY GENERATION AND USE FOR SERVICE ACCESS - A computer-implemented system and method for pool-based identity generation and use for service access is disclosed. The method in an example embodiment includes seeding an identity generator with a private key; retrieving independently verifiable data corresponding to a service consumer; using the independently verifiable data to create signed assertions corresponding to the service consumer; generating a non-portable identity document associated with the service consumer, the identity document including the signed assertions; signing the identity document with the private key; and conveying the signed identity document to the service consumer via a secure link. | 02-05-2015 |
20150039897 | INFORMATION PROCESSING APPARATUS, PROGRAM, STORAGE MEDIUM AND INFORMATION PROCESSING SYSTEM - Provided is an information processing apparatus including a reception unit that receives a request for access to an IC chip from an application having access right information for accessing to the IC chip, an acquisition unit that acquires an authentication information for authenticating the application from an external server based on the access right information contained the request for access received by the reception unit, an authentication unit that authenticates the application based on the authentication information obtained by the acquisition unit, and a control unit that controls an access of the application to the IC chip based on an authentication result by the authentication unit. | 02-05-2015 |
20150046715 | Systems, Methods and Apparatuses for Prevention of Unauthorized Cloning of a Device - A self-authenticating device and a method for authenticating the self-authenticating device may be provided. In one aspect, a device may comprise a sensing circuit, which may comprise a circuit to be measured. The sensing circuit may generate measurement data for one or more physical properties of the device using the circuit to be measured. The device may further comprise a storage to store an authenticity certificate that contains authentication data derived from the measurement data and a communication port to communicate the authenticity certificate and measurement data with a communication partner via a link coupled to the communication port. | 02-12-2015 |
20150046716 | POLICY-BASED SIGNATURE AUTHENTICATION SYSTEM AND METHOD - In various example embodiments, a system and method for providing policy-based authentication is provided. In example embodiments, a request to access and sign a document is received from a device of an intended signer. A policy assigned to the intended signer is determined. Based on the policy, a determination is made whether an authentication mechanism is applicable to the intended signer. In response to the determining that the authentication mechanism is applicable to the intended signer, the intended user is required to perform the authentication mechanism. The intended user is provided access to view and sign the document based on the intended user satisfying the authentication mechanism. | 02-12-2015 |
20150052363 | SYSTEM AND METHOD FOR PROCESS RESOLUTION AND COMPOSITION IN ACTOR SYSTEMS - The various embodiments herein provide an actor oriented system and a method for providing communication between a plurality of processes in the actor system. The system uses actor model as the basis for a large scale process distribution. The system abstracts the plurality of processes and adopts a method of process composition and resolution. The method provides binding of different processes in the system to create a multi-functional distributed application. | 02-19-2015 |
20150058636 | GENERATION OF A DIGITAL SIGNATURE - A method and system for generating a digital signature of a data item. A unique condition digest of at least two condition digests is iteratively processed in each iteration of a loop for a sufficient number of iterations to process all of the condition digests. Each iteration includes concatenating a reference digest with the unique condition digest of the iteration to generate a concatenand and hashing the concatenand to generate a hashed concatenand serving as the reference digest for the next iteration. Each unique condition digest is a different condition digest in each iteration. The regenerated reference digest of the last iteration is a last digest which is encrypted to generate a digital signature block that represents the data item and at least two conditions specified for the digital signature. The digital signature block includes the digital signature. The encrypting includes signing the last digest with the digital signature. | 02-26-2015 |
20150067341 | METHOD AND SYSTEM FOR VALIDATING RIGHTS TO DIGITAL CONTENT USING A DIGITAL TOKEN - A computer implemented method for generating a receipt. The method includes, accessing a universal digital fingerprint associated with an item of content, wherein the fingerprint is invariant across one or more formats of the item of content. The method includes accessing an identification value by the processor. The method includes generating a digital token by cryptographically binding the digital fingerprint and the identification value, wherein the digital token is invariant across the one or more formats of the item of content. The method further includes associating the digital token with at least one right to the item of content. | 03-05-2015 |
20150067342 | SYSTEMS AND METHODS FOR EXECUTING COMPLIANCE VERIFICATION OR REMEDIATION SCRIPTS - Systems and methods for executing compliance verification or remediation scripts. An example method may comprise: identifying, by a computer system, a compliance script to be executed; determining a value of a cryptographic hash function of at least part of the identified compliance script; identifying, based on the value of the cryptographic hash function, an installation path of a corresponding digitally signed compliance script pre-installed on the computer system, the digitally signed compliance script associated with a security context; and executing, within the security context, the digitally signed compliance script. | 03-05-2015 |
20150067343 | TAMPER RESISTANCE OF AGGREGATED DATA - By processing aggregated data in a trusted environment, a system can reduce opportunities for tampering with aggregated data that is processed in a peer-to-peer chain. Each device may pass the predecessor aggregated data to a trusted environment in that device, which obtains local data for that device and aggregates it with the predecessor aggregated data, producing an output aggregated data. Optionally, the system can identify when a device has previously processed the aggregated data, reducing the possibility that the device can be used to aggregate data repeatedly. The aggregated data may be digitally signed or encrypted to enhance the tamper resistance of the data payload. | 03-05-2015 |
20150067344 | Digital Identification Document - Some implementations may include a computer-assisted method for digitizing an identification document, the method including: receiving a digital biometric of a subject; applying the received digital biometric to a digital identification document; applying a digital watermark to the digital identification document, the digital watermark encoding personally identifiable information of the subject identified by the digital biometric; and generating the digital identification document with the applied digital watermark, the digital identification document comprising both the digital watermark and the digital biometric. | 03-05-2015 |
20150067345 | ADVANCED WATERMARKING SYSTEM AND METHOD - A method, computer program product, and computing device for obtaining an uncompressed digital media data file. One or more default watermarks is inserted into the uncompressed digital media data file to form a watermarked uncompressed digital media data file. The watermarked uncompressed digital media data file is compressed to form a first watermarked compressed digital media data file. The first watermarked compressed media data file is stored on a storage device. The first watermarked compressed media data file is retrieved from the storage device. The first watermarked compressed digital media data file is modified to associate the first watermarked compressed digital media data file with a transaction identifier to form a second watermarked compressed digital media data file. | 03-05-2015 |
20150067346 | DIGITAL FINGERPRINTING TRACK AND TRACE SYSTEM - Methods and systems for tracking a physical object to identify or authenticate it utilizing digital fingerprints which are based on natural features extracted from a digital image of the object. Digital fingerprints do not require or rely on any labels, tags, integrated materials, unique identification characters, codes or other items that may be added to the object specifically for the purpose of identification. Consequently, the disclosed digital fingerprint techniques help to detect or prevent unauthorized alterations of documents, apparel, drugs and pharmaceuticals, etc. Further digital fingerprints can be used to better track and trace a wide variety of objects throughout the distribution chain to demonstrate their provenance and to detect counterfeit objects. | 03-05-2015 |
20150067347 | SIGNATURE SYSTEM PORTAL FOR SIGNING ELECTRONIC DOCUMENTS - An system for operating a portal to provide an electronic document including a signature field to a signer for signature, wherein the signer has a personal electronic device that includes a browser application. Providing the document at a remote server. Providing the device with a web link to the document. Forming a connection between the device and the server via a communications network, responsive to activating of the web link. Accepting the signature of the signer. Communicating the document containing the signature of the signer to the server. | 03-05-2015 |
20150074413 | AUTOMATIC CONTENT PUBLICATION AND DISTRIBUTION - A method and system relate to receiving, by a network device, information associated with a client device; determining, by the network device, that the client device is authorized to access digital content associated with a content provider; and forwarding, by the network device, authentication data to the content provider. The authentication data includes, for example, information identifying the client device, and an indication that the client device is authorized to access the digital content. The content provider enables the client device to access the digital content based on the authentication data. | 03-12-2015 |
20150074414 | SYSTEM AND METHOD FOR PROVIDING DIGITAL SIGNATURE BASED ON MOBILE TRUSTED MODULE - Provided are a system and method for providing a digital signature based on a mobile trusted module (MTM). The system includes a control unit configured to activate a mobile application and receive selection of one certificate in a previously set certificate list from a user through the activated mobile application, an MTM configured to generate based on the selected certificate a keypad image in which buttons are irregularly arranged, an MTM table for converting keypad touch information into an actual value, and a terminal table for converting keypad image coordinates into an area, and put a digital signature on the certificate using a certificate password input by the user based on the keypad image, the MTM table, and the terminal table to generate a digital signature value, and a communication unit configured to encrypt the generated digital signature value and transmit the encrypted digital signature to an authentication server. | 03-12-2015 |
20150074415 | Image Verification By An Electronic Device - A method for verifying an image by a first electronic device, the method comprising the first electronic device: sending a request for an image to a second electronic device, wherein the second electronic device is remote from the first electronic device and, optionally, a server; receiving an image and a certificate from the second electronic device, wherein the certificate comprises a protected checksum of at least the image; generating a checksum in dependence on at least the received image; performing a comparison in dependence on said generated checksum and the protected checksum received in the certificate; and verifying the received image in dependence upon the comparison. Advantageously, the first electronic device is able to verify each received image and to prevent the display of any received images that are not authenticated. Applications include the display of card images. | 03-12-2015 |
20150074416 | VERIFICATION OF SIGNED DIGITAL DOCUMENTS - Methods, apparatus, and systems are disclosed for, among other things, secure passphrase handling for computing devices. In one respect, a method is provided. The method includes receiving a plurality of passphrase elements from an input device. The method also includes performing a sequence of secure delay processing operations, each operation generating a delayed output value from an initial value. The passphrase is verified upon completion of the sequence of secure delay processing operations. Further, initial values of respective secure delay processing operations are based on respective passphrase elements and, for each secure delay processing operation after a first secure delay processing operation, a delayed output value from at least one other secure delay processing operations. | 03-12-2015 |
20150074417 | APPARATUS AND METHOD FOR ACCESS CONTROL OF CONTENT IN DISTRIBUTED ENVIRONMENT NETWORK - An apparatus for generating a key for access control of content in a distributed environment network is provided. The apparatus includes a first key distributor configured to generate first encrypted keys by encrypting a first key corresponding to a key for write authorization using each public key of members having write authorization among members included in an access control list including information of at least one user and distribute the access control list and information about access authorization and the first encrypted keys to the members having write authorization, and a second key distributor configured to generate second encrypted keys by encrypting a second key corresponding to a key for read authorization using the first key using each public key of members having read authorization among members included in the access control list and distribute the access control list and second encrypted keys to the members having read authorization. | 03-12-2015 |
20150082044 | APPARATUS AND METHOD FOR INCORPORATING SIGNATURE INTO ELECTRONIC DOCUMENTS - Embodiments relate to methods and apparatus for facilitating the protection from tampering of an electronic document to which an electronic signature is applied. In non-limiting examples, techniques may relate to the handling of document appearance data, dynamic signature biometric data, digital footprints data, pixel history data, and camera-acquired image data. | 03-19-2015 |
20150082045 | ORIGINATOR PUBLISHING AN ATTESTATION OF A STATEMENT - Methods, systems and apparatuses for an originator publishing an attestation of a statement are disclosed. One method includes obtaining information, wherein the information includes the attestation of the statement, wherein the statement includes at least a portion of the information to be attested to, and wherein the attestation includes a context describing conditions of the attestation, and wherein the attestation includes a cryptographic signature of the context and the statement. The method further includes validating the information. The method further includes communicating after validating the information the information to a destination while maintaining at least one of data privacy or data provenance, including creating a new statement by transforming the statement to a form suitable for the destination, creating, by the computing device, a new attestation by signing the new statement with a new context specific to the computing device, and making available the new attestation to the destination. | 03-19-2015 |
20150089233 | RESOURCE LOCATORS WITH KEYS - Requests are pre-generated to include a cryptographic key to be used in fulfilling the requests. The requests may be encoded in uniform resource locators and may include authentication information to enable a service provider to whom the requests are submitted to determine whether the requests are authorized. The requests may be passed to various entities who can then submit the requests to the service provider. The service provider, upon receipt of a request, can verify the authentication information and fulfill the request using a cryptographic key encoded in the request. | 03-26-2015 |
20150089234 | SECURE MEMORY INTERFACE WITH CUMULATIVE AUTHENTICATION - A method includes generating a first sequence of data words for sending over an interface. A second sequence of signatures is computed and interleaved into the first sequence, so as to produce an interleaved sequence in which each given signature cumulatively signs the data words that are signed by a previous signature in the interleaved sequence and the data words located between the previous signature and the given signature. The interleaved sequence is transmitted over the interface. | 03-26-2015 |
20150089235 | METHODS AND APPARATUS TO IDENTIFY MEDIA - Methods and apparatus for identifying media are described. An example method includes determining application identification information for a media presentation application executing on a media device, determining a first watermark for the application identification information from a lookup table, requesting media identification information for media from the media presentation application, determining a second watermark for the media identification information from the lookup table, inserting the first watermark in the media prior to output of the media by the media device, and inserting the second watermark in the media prior to the output of the media by the media device. | 03-26-2015 |
20150095651 | NETWORK SYSTEM, MANAGEMENT SERVER SYSTEM, CONTROL METHOD, AND STORAGE MEDIUM - Provided is a management server system that accepts a transition instruction for transition between tenants of an agent device, generates symmetric keys consisting of a first key and a second key, responds the second key to the agent device, and verifies signature information included in a transition request using the first key when the agent device makes a tenant transition request. Upon successful verification of signature information, the management server system transmits new authentication information for communication between the management server system and the agent device to the agent device. After transition of the tenant, the agent device communicates with the management server system using the new authentication information. | 04-02-2015 |
20150095652 | ENCRYPTION AND DECRYPTION PROCESSING METHOD, APPARATUS, AND DEVICE - An encryption processing method includes: generating, by a device itself, a key pair, where the key pair includes a first key used for encryption and a second key used for decryption; storing, by the device, the key pair in a first storage space; performing, by the device, digest calculation on device running data to obtain a digest of the device running data, where the device running data is stored in a second storage space; and reading, by the device, the first key from the first storage space, and encrypting a digest of the device running data with the first key to obtain a first digital signature. | 04-02-2015 |
20150113281 | MULTIPLE APPLICATION PLATFORM OWNER KEYS IN A SECURE OBJECT COMPUTER SYSTEM - The computer system includes a first memory to store an executable file of a first application platform owner (APO). The executable file includes an owner identification object and an encrypted secure object payload. The computer system includes a key store having one nonvolatile key slot for each of two or more APOs. Each key slot stores one or more keys of a respective APO. The computer system further includes a processor configured upon receiving the executable file to identify a first key slot in the key store corresponding with the owner identification object. The first key slot is associated with the first APO. The processor is configured to determine whether the executable file is authentic using an APO key. Furthermore the processor decrypts the encrypted secure object payload using a first key of the first APO if the executable file is determined to be authentic. | 04-23-2015 |
20150113282 | SYSTEM AND METHOD FOR DIGITALLY SIGNING DOCUMENTS FROM A MOBILE DEVICE - A system and method for embedding a written signature into a secure electronic document is disclosed. In certain embodiments, a user views the electronic document on a first computing device and creates an electronic digital signature on a mobile computing device. The user is securely certified by a system created alphanumeric code and the identification of the mobile device. The signature is then embedded into the electronic document and stored securely on a central server. | 04-23-2015 |
20150121080 | COMPUTER-BASED OPTIMIZATION OF DIGITAL SIGNATURE GENERATION FOR RECORDS BASED ON EVENTUAL SELECTION CRITERIA FOR PRODUCTS AND SERVICES - A system for generating a digital signature may include a record management facility configured to group a first record with a second record and to generate a first digital signature based at least in part on the first record and the second record. | 04-30-2015 |
20150121081 | COMPUTER-BASED OPTIMIZATION OF DIGITAL SIGNATURE GENERATION FOR RECORDS BASED ON EVENTUAL SELECTION CRITERIA FOR PRODUCTS AND SERVICES - A method for generating a digital signature includes grouping, with a processing device, a first record with a second record, and generating a first digital signature based at least in part on the first record and the second record. | 04-30-2015 |
20150121082 | CRYPTOGRAPHIC WATERMARKING OF CONTENT IN FUEL DISPENSING ENVIRONMENTS - Systems and methods for watermarking content and authenticating watermarked content are provided. Content is rendered on a display while watermarking information embedded in portions of the content are obtained. The watermarking information is verified to authenticate the content. If the content is not authentic, or is not authenticated within a period of time, the content can be terminated or otherwise blocked from rendering on the display. | 04-30-2015 |
20150121083 | METHOD, DEVICE, AND TERMINAL FOR INSTALLING BROWSER PLUG-IN - The present invention relates to mobile terminals and provides a method, device, and terminal for installing a browser plug-in. The method includes: receiving an instruction of installing a browser plug-in which is applied in a designated browser; and judging whether the browser plug-in is legal according to digital signature information of the browser plug-in and browser information of the designated browser, if yes, installing the browser plug-in, otherwise, rejecting the installation of the browser plug-in. At the beginning of the installation of the browser plug-in, the browser plug-in is verified according to the digital signature information of the browser plug-in and the browser information of the designated browser corresponding to the browser plug-in, thus, the legality and traceability of the browser plug-in can be determined to prevent the harmful browser plug-in from calling API of the mobile terminal at random and further to improve the safety of the mobile terminal. | 04-30-2015 |
20150121084 | SECURE MESSAGE TRANSMISSION - A method and system are provided for securing messages within a communication network of an industrial process control system, such as a substation automation system. A multi-block message to be transmitted via a communication network is secured by a block-based authentication, encryption and/or integrity information. Only residue of the previous block in the form of block-based information is needed to generate the block based information of the next block. Therefore, the previous block can already be transmitted while block-based information of the next block is generated. The method and system of the present disclosure enable on-the-fly authentication of the multi-block message and authentication at an increased rate. | 04-30-2015 |
20150127948 | UNAUTHORIZED CONTENTS DETECTION SYSTEM - A data processing device for playing back a digital work reduces the processing load involved in verification by using only a predetermined number of encrypted units selected randomly from multiple encrypted units constituting encrypted contents recorded on a DVD. In addition, the data processing device improves the accuracy of detecting unauthorized contents by randomly selecting a predetermined number of encrypted units every time the verification is performed. | 05-07-2015 |
20150134969 | DEVICE AND METHOD FOR PROVIDING SECUIRTY ASSISTANT SERVICE - There are provided a method and device for providing a security assistant service. In an embodiment of the invention, there is provided a device for providing a security assistant service in which a first terminal and a second terminal are included. The device includes the first terminal configured to generate information for requesting verification of an original plaintext to be signed (here, the information for requesting verification of the original plaintext to be signed refers to the original plaintext to be signed or a hash value of the original plaintext to be signed) and transmit an encrypted value in which the information for requesting verification of the original plaintext to be signed is encrypted and the original plaintext to be signed to the second terminal, and the second terminal configured to receive the original plaintext to be signed and the encrypted value, decrypt the information for requesting verification of the original plaintext to be signed by decrypting the encrypted value, display the original plaintext to be signed when the original plaintext to be signed or a hash value of the original plaintext to be signed matches the decrypted information for requesting verification of the original plaintext to be signed, receive a verification signal from a user, generate an original verification message (here, the original verification message refers to information indicating that the original plaintext to be signed is verified by the user and the information can be proved using a key held by the second terminal and verified using the key held by the first terminal) and transmit the original verification message to the first terminal. | 05-14-2015 |
20150134970 | METHOD AND APPARATUS FOR NEAR FIELD COMMUNICATION - A method of updating firmware of a near field communication (NFC) device includes copying metadata, which is included in a firmware image file, from an application processor to the NFC device. One of a certification success signal and a certification fail signal is provided from the NFC device to the application processor after the NFC device verifies an integrity of the metadata. Firmware data, which is included in the firmware image file, is copied from the application processor to the NFC device when the application processor receives the certification success signal from the NFC device. | 05-14-2015 |
20150149784 | Communication method utilizing fingerprint information authentication - A communication method utilizing fingerprint information authentication comprises the following steps: (a) extracting fingerprint information of first, and sending a request instruction to second user via the fingerprint information by a first user on an information exchange platform, and extracting fingerprint information of second user after receiving the request by the second user, and storing the fingerprint information in the information exchange platform and exchanging it with first user by the second user to confirm their identity; (b) inputting a message to be sent in an encrypting unit to obtain encrypted message by the first user after passing authentication, and transmitting the encrypted message to a communication application unit and sending it to second user, and receiving the encrypted message via the communication application unit by the second user; (c) decrypting the encrypted message by means of the decrypting unit by the second user after passing authentication. | 05-28-2015 |
20150295719 | Methods, apparatuses & computer program products for facilitating electronic submission of national letter of intent/scholarship - Esigningday electronic signature and processing database follows the same path established by the NCAA for legitimizing the signature process of the NLI and scholarship letter, with the added speed of electronic processing. The Esigningday electronic process in secure and valid according to the Federal E-Sign Act of 2000, which states that electronic signature are equivalent to written signatures. Since the process is electronic, data is available in real-time. This feature allows coaches, athletic administrator and the conference office the ability to access instant details regarding the acceptance of prospective student-athletes instead of waiting for paper documents to be returned. | 10-15-2015 |
20150295720 | System and Method for Sequential Data Signatures - A digital message is signed and, if a request is approved, receives a time stamp. The request is computed as a first function of the message and a current one of a sequence of passwords computed such that each password corresponds to an index unit. Each of the passwords may be computed as a function, such as a hash function, pseudo-random function, or encryption function, of the subsequent password, whereby the sequence terminates with an initial password that forms a public key parameter for the password sequence. At least one hash tree uses at least a subset of the passwords as inputs to a hash tree used to verify the passwords. | 10-15-2015 |
20150295898 | SYSTEMS AND METHODS FOR DOCUMENT AUTHENTICATION - Disclosed are systems and methods that provide authentication for printed and/or electronic versions of a document through the use of a document authentication device in the form of a computational tag configured for short-range wireless communication only. This document authentication device receives authentication information for a document from a computerized device over a wireless communication link and uses this authentication information to generate encoded data to be embedded in the document in order to establish the authenticity of the document by functioning as an imprimatur. Specifically, when embedded in the document, this encoded data can add a visible feature or non-visible feature that, upon inspection, establishes the authenticity of an electronic version of the document and/or can add a printable feature, which will be readable off a surface of a printed version of the document to establish the authenticity of that printed version. | 10-15-2015 |
20150304113 | Set of Servers for "Machine-to-Machine" Communications Using Public Key Infrastructure - A set of servers can support secure and efficient “Machine to Machine” communications using an application interface and a module controller. The set of servers can record data for a plurality of modules in a shared module database. The set of servers can (i) access the Internet to communicate with a module using a module identity, (i) receive server instructions, and (iii) send module instructions. Data can be encrypted and decrypted using a set of cryptographic algorithms and a set of cryptographic parameters. The set of servers can (i) receive a module public key with a module identity, (ii) authenticate the module public key, and (iii) receive a subsequent series of module public keys derived by the module with a module identity. The application interface can use a first server private key and the module controller can use a second server private key. | 10-22-2015 |
20150312043 | DIGITAL SIGNATURE SERVER AND USER TERMINAL - To reduce a load on a user terminal imposed when verifying signature data and at the same time reduce a load on a server, a signature key matrix KM includes a plurality of signature keys Ki-j arranged in a matrix structure of m rows and n columns, and is stored in a signature key matrix database | 10-29-2015 |
20150312044 | COMMUNICATION APPARATUS, METHOD OF CONTROLLING THE SAME, AND STORAGE MEDIUM - A transmitting side communication apparatus reads an image from an original, adds, in a case where an IFAX mode is selected, signature information related to a user and signature information related to the apparatus to an electronic mail, and adds, in a case where an electronic mail mode is selected, signature information related to the user to the electronic mail. | 10-29-2015 |
20150312227 | PRIVACY PRESERVING ELECTRONIC DOCUMENT SIGNATURE SERVICE - An electronic document signature system preserves the security of an electronic document while tracking a signature process corresponding to the electronic document. In particular, using a client application on a client device, an originating user can protect an electronic document and send the protected electronic document to a tracking server. The tracking server receives only a protected document such that the security the electronic document is preserved. Using a client applications on client devices, one or more participating users can subsequently receive the protected document from the tracking server, access the contents of the electronic document, and sign the electronic document. The tracking server can record events that occur with respect to the protected document to create an event log. | 10-29-2015 |
20150326394 | METHOD FOR CERTIFYING A DISPLAYED PICTURE - The present invention relates to a method for certifying a displayed picture, using a user device Near Field Communication compatible, comprising a secure element, a control device Near Field Communication compatible, said method comprising the steps of: opening a Near Field Communication channel between the user device and the controller device, transmitting an information from the secure element to the control device via said Near Field Communication channel, and displaying an element determined from said information, on the control device. | 11-12-2015 |
20150333913 | DETECTION OF DELETED RECORDS IN A SECURE RECORD MANAGEMENT ENVIRONMENT - An automated secure record management system and method that receives a plurality of digitally signed records subsequent to a resetting of a running counter. In response to each received digitally signed record, the automated secure record management system and method increments the running counter. Further, upon receiving an accumulation record, automated secure record management system and method compares a value of the running counter and a signature record number of the accumulation record, such that a notification is generated whenever the comparison detects that the value of the running counter is not equal to the signature record number. | 11-19-2015 |
20150341176 | Digitally Signing JSON Messages - Systems and techniques are described for digitally signing JavaScript Object Notation (JSON) messages. One of the techniques includes receiving a JavaScript Object Notation (JSON) message; and digitally signing the JSON message, wherein digitally signing the JSON message comprises: generating a digital signature information JSON object; inserting the digital signature information JSON object into the JSON message; generating a canonical representation of the JSON message with the inserted digital signature information JSON object; generating a digital signature of the canonical representation of the JSON message; and inserting the digital signature into the digital signature information JSON object. | 11-26-2015 |
20150347720 | BONDING CONTENTS ON SEPARATE STORAGE MEDIA - Local storage on player instruments provides the ability for adding further amendments and most recent supplements to the optical disc content. A problem arising with this technically applicable possibility is the protection of copyrights bound to disc and supplement data. The present invention describes a technique to ensure a security framework that is able to handle this, by creating a virtual file system (VFS) by merging optical disc data and local storage data based upon a common identifier. | 12-03-2015 |
20150349962 | Electronic method for applying an electronic signature and e-notation without active internet service - An electronic method and system for applying an electronic signature and e-notarization without active internet service is disclosed. An e-notary can sign and notarize one or more documents without an internet connection. | 12-03-2015 |
20150350901 | WIRELESS MEMORY DEVICE AUTHENTICATION - A system for wireless memory device authentication is provided, wherein a communications device receives a certified public key from a wireless memory device. The communications device validates the public key and sends a challenge to the wireless memory device. The wireless memory device sends a signature to the communications device and the communications device validates the signature in order to authenticate the wireless memory device. | 12-03-2015 |
20150356281 | Secure Watermarking of Content - Methods and systems for secure watermarking of at least part of a content item X are described, wherein the method comprises: providing a distorted content item X+y, comprising one or more distorted data units wherein the payload of a distorted data unit comprises a distortion signal y which distorts the rendering of the payload in said distorted data unit; providing a compensating watermark payload w-y comprising one or more compensating watermark signals S−y; using homomorphic encryption for en-crypting at least part of said distorted content item X−y and said compensating watermark payload into an encrypted distorted content item E(X+y) and an encrypted compensating watermark payload E(w-y) on the basis of one or more encryption keys; and, combining said encrypted distorted content item with said encrypted compensating watermark payload on the basis of one or more homomorphic computations, wherein said one or more computations modify a distortion signal y in the payload of a distorted data unit into a non-perceptible watermark signal S. | 12-10-2015 |
20150358166 | USING MULTIPLE DIGITAL IDENTIFICATION DOCUMENTS TO CONTROL INFORMATION DISCLOSURE - A first digital identification document is transmitted from an identification authority to a mobile device of an identified individual. This first digital identification document is digitally signed and includes a set of attributes about the identified individual. In the same manner, a second digital identification document is also transmitted to the identified individual's mobile device. The second digital identification document is also digitally signed but includes a different set of attributes about the identified individual. The identified individual is then confronted by a series of challengers, wherein each challenger requires a different amount of information about the identified individual. Based on the identity of each challenger, the identified individual selects an appropriate identification document and transmits it to the applicable challenger's device. The challenger is then able to confirm both the information he needs about the identified individual and the validity of the identification document that he receives. | 12-10-2015 |
20150358167 | Certificateless Multi-Proxy Signature Method and Apparatus - A certificateless multi-proxy signature method and apparatus, where the method may include computing, by a proxy signature device, a public key and a private key of the proxy signature device according to a public parameter, where the public key is corresponding to the private key, acquiring a verification result of a standard signature and determining, according to the verification result, whether the standard signature is valid, computing a partial proxy signature of the proxy signature device according to the private key if the verification result is used to represent that the standard signature is valid, and sending the partial proxy signature to a proxy signature device administrator, so that after the proxy signature device administrator obtains a multi-proxy signature through computation according to the partial proxy signature, a multi-proxy signature verification device verifies the multi-proxy signature. | 12-10-2015 |
20150358321 | STORAGE DEVICE, INFORMATION PROCESSING APPARATUS, AND INFORMATION PROCESSING METHOD - According to embodiments, a storage device includes a storage unit, a receiving unit, an authenticating unit, and a control unit. Prior to executing erasure processing of data that has been stored in the storage unit, the receiving unit receives, from an external device that clocks time, third information including first information and second information, the first information regarding time counted by the external device and the second information being information for authenticating the external device. The authenticating unit performs authentication processing of the external device by using the second information included in the third information. When the authentication of the external device has succeeded, the control unit generates an erasure log that contains erasure time when the erasure processing has been executed on the basis of the first information included in the third information. When the authentication of the external device has failed, the execution of the erasure processing is prohibited. | 12-10-2015 |
20150365304 | SECURE METERING AND ACCOUNTING FOR CLOUD SERVICES - Managing a service is provided. Information is collected about use of a set of resources by the service. A request is received to verify information regarding a selected portion of a period of time during the use of the set of resources by the service. A description of the use of the set of resources by the service during the selected portion of the period of time is generated using the collected information in response to receiving the request to verify the information regarding the selected portion of the period of time during the use of the set of resources by the service. A response to the request is created using the generated description of the use of the set of resources by the service during the selected portion of the period of time as proof of validity of the information. | 12-17-2015 |
20150365426 | METHOD FOR CHECKING THE INTEGRITY OF A DIGITAL DATA BLOCK - The present invention relates to methods for verifying the integrity of data blocks and for accessing the blocks and relates more particularly to a method for verifying the integrity of a digital data block, the method comprising steps of: searching for a digital fingerprint in a data block of a reference point, calculating a digital fingerprint by applying a fingerprint calculation function to the data block, the fingerprint calculated having a value which depends on each of the bits of the data block excluding the bits of a fingerprint found in the data block, and verifying the fingerprint found in the data block by comparing it with the fingerprint calculated. | 12-17-2015 |
20150372821 | MONITORING SIGNED RESOURCES TRANSFERRED OVER A NETWORK - A system for monitoring resources transferred over a network includes a capture module that is configured to capture content transferred over a network between a requestor device and a server device. The content includes a resource, a digital signature associated with the resource and a digital certificate associated with the digital signature. The system includes a resource monitor module that is configured to receive the captured content from the capture module. The resource monitor module includes at least one memory, at least one processor and a resource analyzer module that is configured to use the at least one processor to inspect one or more attributes of the digital certificate and inspect the digital signature and verify the digital certificate using the attributes and verify the digital signature. | 12-24-2015 |
20150372822 | DNSSEC SIGNING SERVER - Systems and methods for performing DNSSEC signing are described in which digital signature operations may be performed by a network accessible signing server that is configured to interact with a separate client application. Exemplary methods may include receiving a signing request at the signing server from the client application to sign first data. The signing server may determine an active KSK and/or an active ZSK for the first data. The first data may then be transmitted by the signing server to a digital signature modules, which may include, for example, a hardware support module, or software signing applications. The signing server may receive a digitally signed version of the first data from the digital signature module, and provide the signed first data to the client application. | 12-24-2015 |
20150373032 | VOICE AND VIDEO WATERMARK FOR EXFILTRATION PREVENTION - A legitimate voice or video communication application modifies data in a communication session to produce a watermark. The watermark is a piece of information that is part of a communication session that is not readily observable, but can be verified later on. The purpose of a watermark is to verify that the communication session is a legitimate communication session and does not pose a security breach. The video or audio communication session is monitored for a watermark. In response to determining that the communication session contains the watermark, the communication session is allowed continue. In response to determining that the communication session does not contain the watermark, the communication session is identified as a potential security breach. If the communication session is identified as a potential security breach, the communication session can be dropped and a user can be notified of the potential security breach. | 12-24-2015 |
20150373140 | CLIENT SIDE INITIATED CACHING CONTROL - A method, system and related apparatus are described, the system comprising a caching-capable element which is part of a data network, which receives a request from a downstream client device, the request including a content request, the content request including a Universal Resource Identifier (URI) and an explicit caching request, the caching request includes a unique content identifier which is independent of the URI, and optional expiration date information, a comparator included at the caching-capable element which compares the caching request against the existing cached content, and if the requested content is cached then the caching-capable element forwards the cached copy of the requested content to the client device, and if the requested content is not cached, then the caching-capable element forwards the request to a further upstream device, and, upon reception of the requested content from the further upstream device, returns the requested content to the requesting downstream device, and caches the requested content for further distribution to other clients. Related methods, systems and apparatus are also described. | 12-24-2015 |
20150381369 | SYSTEM AND METHOD FOR TRUSTZONE ATTESTED AUTHENTICATORS - A method includes receiving a challenge from an authentication consumer. The method also includes generating for display a figure associated with an identification, a public certificate, and a private key after receiving the challenge. The figure, the identification, the public certificate, and the private key are stored in a TrustZone (TZ) enriched environment. The method further includes receiving an input identification. The method includes verifying that the input identification matches the identification. The method also includes transmitting the challenge to the authentication consumer in response to verifying that the input identification matches the identification. | 12-31-2015 |
20150381370 | SYSTEMS AND METHODS FOR VALIDATED SECURE DATA ACCESS - Methods, systems, and techniques for securing access to stored data are provided. Example embodiments provide a Storage Management System (“SMS”) that is configured to facilitate protected information sharing. The SMS may restrict access to shared information based on one or more criteria that validate an entity's right to access the information. For example, the SMS may restrict access to entities that are located in a particular geographic region, that are using a particular type of hardware or software, that hold particular credentials, or the like. In some cases, the SMS may require that an entity's claim to meet on or more required criteria be validated by a trusted third party. | 12-31-2015 |
20160006569 | INTELLIGENT SENSOR AND CONTROLLER FRAMEWORK FOR THE POWER GRID - Disclosed below are representative embodiments of methods, apparatus, and systems for monitoring and using data in an electric power grid. For example, one disclosed embodiment comprises a sensor for measuring an electrical characteristic of a power line, electrical generator, or electrical device; a network interface; a processor; and one or more computer-readable storage media storing computer-executable instructions. In this embodiment, the computer-executable instructions include instructions for implementing an authorization and authentication module for validating a software agent received at the network interface; instructions for implementing one or more agent execution environments for executing agent code that is included with the software agent and that causes data from the sensor to be collected; and instructions for implementing an agent packaging and instantiation module for storing the collected data in a data container of the software agent and for transmitting the software agent, along with the stored data, to a next destination. | 01-07-2016 |
20160013944 | ATTESTATION OF DATA SANITIZATION | 01-14-2016 |
20160013945 | ATTESTATION OF DATA SANITIZATION | 01-14-2016 |
20160020907 | RECONSTRUCTABLE CONTENT OBJECTS - One embodiment of the present invention provides a system for delivering a content piece over a network using a set of reconstructable objects. During operation, the system obtains a metadata file that includes a set of rules; generates the set of reconstructable objects for the content piece based on the set of rules included in the metadata file; cryptographically signs the set of reconstructable objects to obtain a set of signed reconstructable objects; and delivers, over the network, the set of signed reconstructable objects along with the metadata file to a recipient, thereby enabling the recipient to extract and store a copy of the content piece and then to reconstruct the set of signed reconstructable objects from the stored copy of the content piece and the metadata file. | 01-21-2016 |
20160020908 | DOCUMENT SIGNING VIA MOBILE DEVICE GESTURE - A system, method and computer program product for electronically signing documents on mobile devices. An example method includes receiving an electronic document at a mobile device. The mobile device indicates to a user of the mobile device to sign the electronic document by moving the mobile device through physical space in a trajectory of the user's signature. A recording step records the trajectory of the user's signature from a sensor at the mobile device, such as an accelerometer and/or a camera. A converting step converts the trajectory of the user's signature into an electronic signature object. The signature object is then combined with the electronic document to create a signed electronic document. | 01-21-2016 |
20160028547 | KEY DOWNLOADING METHOD, MANAGEMENT METHOD, DOWNLOADING MANAGEMENT METHOD, DEVICE AND SYSTEM - Disclosed is a key downloading management method, comprising: a device end authorizing the validity of an RKS server by checking a digital signature of a work certificate public key of the RKS server, and the RKS server generating an authentication token (AT); encrypting by using an identity authentication secondary key DK | 01-28-2016 |
20160028548 | KEY DOWNLOADING METHOD, MANAGEMENT METHOD, DOWNLOADING MANAGEMENT METHOD, DEVICE AND SYSTEM - Disclosed is a key download and management method, comprising: a device end authenticating the validity of an RKS server by checking the digital signature of a public key of an operating certificate of the RKS server; the RKS server generating an authentication token (AT); after being encrypted with a device identity authentication public key of the device end, returning a ciphertext to the device end; after being decrypted by the device end with a device identity authentication private key thereof, encrypting the ciphertext with the public key of the operating certificate and then returning same to a key server; after being decrypted with a private key of the operating certificate, the key server contrasting whether the decrypted authentication token (AT) is the same as the generated authentication token (AT); and if so, indicating that the POS terminal of a device is valid, thereby realizing bidirectional identity authentication. | 01-28-2016 |
20160028549 | INFORMATION PROCESSING SYSTEM AND ELECTRONIC DEVICE - An electronic device includes a storage unit configured to store platform information regarding a platform of the electronic device and an expectation value used for verifying an integrity of the platform; a measuring unit configured to measure a measurement value of the integrity of the platform from the platform information; an integrity verifying unit configured to compare the measurement value and the expectation value to verify the integrity of the platform depending on whether the measurement value is equal to the expectation value; an information generator configured to generate integrity information indicating a verification result indicating that the integrity of the platform is impaired when the measurement value is not equal to the expectation value; a signature unit configured to add signature information of the integrity information to the integrity information; and a communication processor configured to transmit the integrity information having the signature information to a management device. | 01-28-2016 |
20160036592 | NON-REPUDIATION OF ELECTRONIC TRANSACTIONS - Providing an electronic message includes constructing a first digital signature of the message and a personal secret known only to a sender of the message, constructing a second digital signature of the first digital signature and the message, and sending to a receiver the message, the first digital signature, and the second digital signature. The personal secret may be initially generated by the sender. The personal secret may be a pseudo-random number. The receiver may archive the message, the first signature, and the second signature. In response to a challenge, the message and the first and second signatures sent with the message may be compared using first and second signatures reconstructed by the sender. In response to at least one of the message and the first signature not matching, the message may be repudiated. Otherwise, the message may be validated. The sender may be a cell phone. | 02-04-2016 |
20160043868 | END-TO-END TAMPER PROTECTION IN PRESENCE OF CLOUD INTEGRATION - The present disclosure involves systems and methods for providing end-to-end tamper protection in a cloud integration environment. One example method includes receiving, at a receiver in a cloud-based integration scenario, a B2B communication from a sender including data associated with a business transaction, the received communication in a target format. The cloud-based integration system transforms the original communication in a source format into the target format of the receiver. A digitally-signed sender fingerprint of critical fields extracted from the set of data associated with the at least one business transaction in the source format of the original B2B communication are received and verified as signed by the sender. A receiver fingerprint in the target format is generated using the critical fields from the received communication based on a pre-defined algorithm. The sender fingerprint and the generated receiver fingerprint are compared to determine if they are identical. | 02-11-2016 |
20160043869 | SECURE REMOTE KERNEL MODULE SIGNING - Implementations for a secure remote kernel module signing are disclosed. In one example, the method includes receiving an indicator of a public key associated with a client computing device, determining that the public key associated with the client computing device is in common with a public key associated with a first server computing device, compiling the script, signing the compiled script with a private key that is associated with the public key that is in common with the client computing device and the first server computing device without generating a new private key, and sending the signed compiled script to the client computing device. | 02-11-2016 |
20160043870 | COMMON MODULUS RSA KEY PAIRS FOR SIGNATURE GENERATION AND ENCRYPTION/DECRYPTION - Various features pertain to embedded key generation and provisioning systems, such as systems installed within smartphones for generating public-key/private-key pairs for use in encryption/decryption and digital signature generation. In some examples, an embedded system is provided that generates two public-key/private-key pairs—one for encryption/decryption and the other for signing/verification—where the two public-key/private-key pairs share a common modulus but are otherwise distinct or uncorrelated. This allows the two key pairs to be generated more efficiently than if two entirely separate key pairs were generated and yet, at least in the context of embedded systems, satisfactory integrity and confidentiality is achieved. Techniques for decrypting and signing messages using common modulus keys are described for use by an embedded component of a mobile device, along with techniques for encrypting and verifying messages for use by a remote system such as a key provisioning server of a partner software vendor. | 02-11-2016 |
20160050074 | CONTENT TRACEABILITY USING SEGMENTED WATERMARK ENCODING - The system for content traceability using segmented watermark encoding disclosed herein provides a method for applying a distinct identifier to digital content, such that the a copy of the digital content can be traced to the original recipient of the content. The method comprises generating multiple copies of the digital content and applying distinct digital watermarks to each copy. The method further comprises interleaving segments of each digitally watermarked copy in a pattern that represents a unique identifier, to create a distinctly identifiable copy of the digital content. The identifier can be extracted from a distinctly identified copy of the digital content by examining the watermark applied to each segment that comprises the digital content. | 02-18-2016 |
20160050160 | SHARING RESOURCES ACROSS MULTIPLE DEVICES IN ONLINE MEETINGS - The subject disclosure relates to methods of sharing resources across multiple devices in online meetings. A server manages an online meeting, in which a first client device, a second client device, and a third client device participate. The first client device is a primary device associated with a first user, the second client device is a secondary device associated with the first user, and the third client device is associated with a second user. The server receives from the first client device a command for the second client device to share a resource with the third client device. The server forwards the command to the second device. Next, the server receives data associated with the resource, the data being sent from the second client device in response to the command. The server then forwards the data to the third client device. Systems and computer readable media are also provided. | 02-18-2016 |
20160055346 | FUNCTIONALITY WATERMARKING AND MANAGEMENT - Disclosed are various embodiments for functionality watermarking and management. A computing device, such as a user device, can identify a request to perform a function of the computing device where at least one resource is generated. A data store can be queried to identify at least one watermark template from a plurality of available watermark templates and a compliance rule based at least in part on the function of the computing device requested to be performed. A device profile describing a state of the computing device can be generated and communicated to a compliance server over a network. The computing device can obtain an authorization received from the compliance server to permit the performance of the function based at least in part on the device profile. | 02-25-2016 |
20160056963 | POLICY-BASED SIGNATURE AUTHENTICATION SYSTEM AND METHOD - In various example embodiments, a system and method for providing policy-based authentication is provided. In example embodiments, a request to access and sign a document is received from a device of an intended signer. A policy assigned to the intended signer is determined. Based on the policy, a determination is made whether an authentication mechanism is applicable to the intended signer. In response to the determining that the authentication mechanism is applicable to the intended signer, the intended user is required to perform the authentication mechanism. The intended user is provided access to view and sign the document based on the intended user satisfying the authentication mechanism. | 02-25-2016 |
20160057091 | ELECTRONIC COMMUNICATIONS MANAGEMENT SYSTEM AND METHOD - A system and methods that prioritize email based on the use of cryptographic signatures are described. The system can allow email to be received without blocking a subset of the email. When email is received, the system can determine whether the email is received from an approved user who has exchanged public keys with the email recipient and determines whether the email includes one or more cryptographic signatures. Emails with signatures that are successfully verified can be identified as having a higher priority level than emails without the cryptographic signatures. The emails with the higher priority level can be presented to the recipient in a priority inbox. Emails without the signatures can be placed in a different folder, which is not presented to the user by default, but can be presented to the user in response to a request from the user. | 02-25-2016 |
20160057190 | SYSTEM AND METHOD FOR RECONSTRUCTABLE ALL-IN-ONE CONTENT SYSTEM - One embodiment provides a system for assembling a reconstructable content stream. The system obtains a content collection that includes a plurality of content components and generates a manifest. An entry in the manifest corresponds to a content component. The system obtains a set of stream-construction rules, generates a stream-construction manifest by attaching the set of stream-construction rules to the manifest, and constructs a set of stream objects based on the stream-construction rules. A respective stream object may include an embedded chunk of a content component. The system signs the set of stream objects and assembles the reconstructable content stream by including the stream-construction manifest followed by the set of stream objects, thereby enabling an intermediate node to extract and store one or more content components and to reconstruct, at a later time, stream objects for the one or more content components based on the stream-construction manifest and the stored components. | 02-25-2016 |
20160063280 | SECURE ACCESS FOR SENSITIVE DIGITAL INFORMATION - Sensitive pieces of information stored on an individual's device can be protected using a device identification system that applies, for each sensitive piece of information, a function that integrates an identifier of the individual with a respective sensitive piece of information to create a respective identity element. Each identity element can be signed with a signature to create a trust group. The identity element and signature can be uploaded to the individual's device using an application that is configured to provide a subset of the sensitive pieces of information in response to a query. | 03-03-2016 |
20160065373 | METHODS FOR SECURE RESTORATION OF PERSONAL IDENTITY CREDENTIALS INTO ELECTRONIC DEVICES - A method and system for securely enrolling personal identity credentials into personal identification devices. The system of the invention comprises the manufacturer of the device and an enrollment authority. The manufacturer is responsible for recording serial numbers or another unique identifier for each device that it produces, along with a self-generated public key for each device. The enrollment authority is recognized by the manufacturer or another suitable institution as capable of validating an individual before enrolling him into the device. The enrollment authority maintains and operates the appropriate equipment for enrollment, and provides its approval of the enrollment. The methods described herein discuss post-manufacturing, enrollment, backup, and recovery processes for the device. | 03-03-2016 |
20160070938 | PROGRAM EXECUTION DEVICE - A program execution device capable of protecting a program against unauthorized analysis and alteration is provided. The program execution device includes an execution unit, a first protection unit, and a second protection unit. The execution unit executes a first program and a second program, and is connected with an external device that is capable of controlling the execution. The first protection unit disconnects the execution unit from the external device while the execution unit is executing the first program. The second protection unit protects the first program while the execution unit is executing the second program. | 03-10-2016 |
20160072629 | CONTROLLING APPLICATION ACCESS TO MOBILE DEVICE FUNCTIONS - There is described a method of controlling application access to predetermined functions of a mobile device. The described method comprises (a) providing a set of keys, each key corresponding to one of the predetermined functions, (b) receiving an application from an application provider together with information identifying a set of needed functions, and (c) generating a signed application by signing the received application with each of the keys that correspond to one of the needed functions identified by the received information. There is also described a device for controlling application access and a system for controlling and authenticating application access. Furthermore, there is described a computer program and a computer program product. | 03-10-2016 |
20160078433 | METHODS AND SYSTEMS OF CREATING A PAYMENT RECORD WITH A CRYPTOGRAPHICALLY SECURE AUDIT TRAIL - A method of creating a secure audit trail for transactions may include, by a host electronic device, for each of a plurality of transactions, receiving, from a client electronic device, a transaction details document that summarizes the transaction, generating a document hash by performing a first cryptographic hash function on the received transaction details document, and identifying metadata associated with the transaction. The method may include generating an entry hash associated with the plurality of transactions by performing a second cryptographic hash function on at least the document hash of each transaction in the plurality of transactions and the metadata associated with each transaction in the plurality of transactions, and storing the entry hash in an entry in a transaction log database. | 03-17-2016 |
20160080156 | SYSTEMS, DEVICES, AND METHODS FOR DETECTING DOUBLE SIGNING IN A ONE-TIME USE SIGNATURE SCHEME - Embodiments relate to systems, devices, and computer-implemented methods for detecting double signing in one-time use signature schemes by receiving a first message, where the first message includes a signature generated using a one-time use private key of a one-time use public/private key pair, determining a one-time use public key of the public/private key pair based on the first message, adding the one-time use public key to a list of public keys, receiving a second message, where the second message includes a signature generated using the one-time use private key of the one-time use public/private key pair, determining the one-time use public key of the public/private key pair based on the second message, determining that the one-time use public/private key pair was used more than once based on the list of public keys; and generating an alert based on determining that the one-time use public/private key pair was used more than once. | 03-17-2016 |
20160080157 | NETWORK AUTHENTICATION METHOD FOR SECURE ELECTRONIC TRANSACTIONS - In a network authentication method, a client device stores a reference first private key portion obtained by encrypting a first private key portion of a private key. The private key and a public key cooperatively constitute an a symmetric key pair. After receipt of a second private key portion of the private key, the client device generates a digital signature for transaction data using a current key which combines the second private key portion and a current key potion obtained by decrypting the reference first private key portion. A verification server verifies, based on the public key, whether a received digital signature is signed with the private key, and obtains the transaction, data when verification result is affirmative. | 03-17-2016 |
20160080340 | COMMUNICATION CONTROL DEVICE - According to an embodiment, a communication control device includes a generation unit and a control unit. The generation unit generates, in a system using a group key block, a group key corresponding to an individual communication group formed by two communication devices by using an manipulation command including a digital signature of the communication control device. The control unit controls a group manipulation of the communication devices by using a group manipulation command message to which an authentication code according to the generated group key is attached. | 03-17-2016 |
20160087799 | METHODS AND APPARATUS TO COLLECT DISTRIBUTED USER INFORMATION FOR MEDIA IMPRESSIONS AND SEARCH TERMS - Disclosed examples involve obtaining encrypted identifiers identifying at least one of a device or a user of the device, sending respective ones of the encrypted identifiers to corresponding database proprietors, receiving user information corresponding to the respective ones of the encrypted identifiers from the corresponding database proprietors, and associating the user information with at least one of a search term collected at the device or a media impression logged for media presented at the device. | 03-24-2016 |
20160087800 | SYSTEM AND METHOD FOR SIGNATURE CAPTURE - A method of signature capture for a document uses a portable digital media device with a touch responsive screen on which the signer traces his signature. An URL address is sent to the device and opened in the web browser. The URL address is valid for a limited period of time, and the signature is stored at a webpage associated with the URL address. | 03-24-2016 |
20160087801 | CRYPTOGRAPHICALLY ENFORCING STRICT SEPARATION OF ENVIRONMENTS - A system and method are disclosed for enforcing site or organization localized provisioning policy using cryptography. In an exemplary method, a signing key is used to generate a signature for an application. The signature of the application is verified using a verifying key in order to determine whether the application adheres to the site or organization localized provisioning policy. The verifying may be performed during initialization of a computing device or during runtime of an operating system at the computing device. | 03-24-2016 |
20160087802 | Homogeneous Atomic Pattern for Double, Add, and Subtract Operations for Digital Authentication Using Elliptic Curve Cryptography - A method of performing finite field addition and doubling operations in an elliptic curve cryptography (ECC) authentication scheme as a countermeasure to side-channel attack. The addition and doubling operations are executed using atomic patterns that involve the same sequence and number of operation types, so that the noise consumption and electromagnetic emanation profile of circuitry performing the operations is identical regardless of operation. A subtraction operation using such an atomic pattern is also disclosed. | 03-24-2016 |
20160087803 | SYSTEM AND METHOD FOR VERIFYING VARIED ELECTRONIC SIGNATURE - The technologies relate to a system and method for electronic signature agnostic verification. The method involves receiving a request to verify an electronic signature, thereafter validating an integrity of the electronic signature on the basis of one or more predefined validation parameters and validation fields, then analyzing the validated electronic signature to obtain one or more features of the validated electronic signature, further decoding the analyzed electronic signature using one or more decode parameters, and finally comparing the decoded electronic signature with a predefined value received from one or more sources, to check the correctness of the decoded electronic signature. The technique supports various electronic signature formats and electronic signature standards. | 03-24-2016 |
20160099808 | Controlling Exposure of Sensitive Data and Operation Using Process Bound Security Tokens in Cloud Computing Environment - Exposure of sensitive information to users is controlled using a first security token containing user identity and user credentials to represent the user who requests services, and a second security token containing two other identities, one identifying the token issuer and the other identifying the owning process. When requesting services, the token-owning process sends a security token to indicate who is making the request, and uses its key to digitally sign the request. The token-owning process signs the request to indicate that it endorses the request. A receiving server accepts a request if (1) the token-owning process endorses the request by signing the request; (2) the token is valid (token is signed by its issuer and the digital signature is verified and unexpired); (3) user entity, which can be a real user or a deployment or a server process, that is represented by the token has the authorization to access the specified resources; and (4) the token-owning process is authorized to endorse the user entity represented by the token to access the specified resources. | 04-07-2016 |
20160099811 | End-to-End Security For Hardware Running Verified Software - A verified software system may be executable on secure hardware. Prior to being executed, the software system may be verified as conforming to a software specification. First credentials attesting to an identity of the software system may be sent to an external application. Second credentials signed by a provider of the secure hardware may be sent to the external application. The second credentials may attest to an identity of the secure hardware. The external application may securely exchange one or more messages with a software application of the software system. For example, the one or more messages may be decryptable only by the external application and the software application to provide confidentiality for each message. As another example, an attestation may vouch for an identity of a sender of each of the one or more messages to attest to an integrity of each message. | 04-07-2016 |
20160099812 | NATURAL VISUALIZATION AND ROUTING OF DIGITAL SIGNATURES - Embodiments are provided for securely visualizing and routing digital signatures in an electronic document generated by an application program executing on a computer system. The application program may generate an electronic document for receiving a signature graphic, and calculate a hash value from the electronic document and the signature graphic, and create a cryptographic signature from the hash value using a cryptographic encryption method. The electronic document is digitally signed by embedding the cryptographic signature therein. The application program may further collect and route digital signatures by automatically collecting signatures from individual signers, one-by-one, and identify the appropriate signature line for each signer to sign. The application program may further generate a user interface for creating and collecting digital signatures. | 04-07-2016 |
20160105287 | DEVICE AND METHOD FOR TRACEABLE GROUP ENCRYPTION - A group encryption system comprising at least one group member device, a group manager device, an opening authority device, a sender device and a tracing agent device. The sender device is configured to encrypt a plaintext using the public key of a group member. The group member device is configured to receive and decrypt the ciphertext using the corresponding private key, and also to claim or disclaim a ciphertext. The opening authority device is configured to disclose at least one user-specific trapdoor that makes it possible to trace, by the tracing agent device, all the ciphertexts for the specified user and only those ciphertexts. | 04-14-2016 |
20160105290 | UNIVERSAL ANONYMOUS CROSS-SITE AUTHENTICATION - The device may receive user information associated with a user. The device may generate a user profile for the user that stores user information and authentication confirmation information. The device may provide a particular cryptographic key and information identifying the user profile. The device may receive a request to authenticate a secure session for a user device from an application server. The device may obtain, based on the user identifier, the authentication confirmation information associated with the user from a data structure storing one or more user profiles. The device may validate the particular response to the particular challenge code based on the authentication confirmation information. The device may provide information to the application server indicating that the secure session is validated for the user device based on validating the authentication information. | 04-14-2016 |
20160105414 | Method for Authenticating a Client Device to a Server Using a Secret Element - The invention relates to an authentication method for authenticating a client device having an authentication token generated by means of a pseudo-homomorphic function and based on a secret element (PIN) known only by the client device, to a server, comprising:
| 04-14-2016 |
20160110546 | COMPUTING DEVICE BOOT SOFTWARE AUTHENTICATION - Various embodiments are generally directed to authenticating a chain of components of boot software of a computing device. An apparatus comprises a processor circuit and storage storing an initial boot software component comprising instructions operative on the processor circuit to select a first set of boot software components of multiple sets of boot software components, each set of boot software components defines a pathway that branches from the initial boot software component and that rejoins at a latter boot software component; authenticate a first boot software component of the first set of boot software components; and execute a sequence of instructions of the first boot software component to authenticate a second boot software component of the first set of boot software components to form a chain of authentication through a first pathway defined by the first set of boot software components. Other embodiments are described and claimed herein. | 04-21-2016 |
20160112202 | MOBILE SYSTEM AND METHOD FOR IMPROVING SAFETY OF IMPROMPTU MEETINGS - A system and method for enabling safety in and for initial impromptu meetings facilitated by electronic devices. Prior to the meeting, participants each download a same generated event ticket and the public key of the other meeting participant. At the meeting location, each individual's electronic device via a mobile application initiates close-proximity communication with the other mobile application; signs the ticket with its stored private key; exchanges signed tickets; verifies the received signed ticket using the downloaded public key; and compares the verified signed ticket with the downloaded ticket to authenticate the other individual. | 04-21-2016 |
20160112203 | Trust Service for a Client Device - Techniques for a trust service for a client device are described. In various implementations, a trust service is implemented remotely from a client device and provides various trust-related functions to the client device. According to various implementations, communication between a client device and a remote trust service is authenticated by a client identifier (ID) that is maintained by both the client device and the remote trust service. In at least some implementations, the client ID is stored on a location of the client device that is protected from access by (e.g., is inaccessible to) device components such as an operating system, applications, and so forth. Thus, the client ID may be utilized to generate signatures to authenticate communications between the client device and the remote trust service. | 04-21-2016 |
20160112204 | METHOD, SYSTEM AND APPARATUS FOR ONE OR MORE OF ENCRYPTING AND SIGNING A MESSAGE USING VOICE PROFILES - A method, system and apparatus for one or more of encrypting and signing a message using voice profiles are provided. At a device comprising: a processor, a memory, and a communication interface, a secure message is generated at the processor from a message and a key by one or more of encrypting the message and signing the message, the key associated with a voice profile, the voice profile comprising a number representative of acoustical characteristics of a user's voice. The secure message is transmitted using the communication interface. | 04-21-2016 |
20160112205 | COMPONENT MANAGEMENT VIA SECURE COMMUNICATIONS - Technologies are generally described for establishing secure communications to manage components of a control system. In some examples, upon receiving a request from a component to join a cluster of components, a class and instance of the component may be verified to authorize the component. A command to be transmitted from the component to another component of the cluster may be marked with a signature, where restrictions may be placed on a type of command that a particular class of component may transmit to one or more other classes of components. Based on the signature, a secure communication path between the components may be established by creating an encrypted virtual private network (VPN). The command may then be transmitted from the component to the other component through the secure communication path. | 04-21-2016 |
20160112210 | SYSTEM AND METHOD FOR INTERAPPLICATION COMMUNICATIONS - A first executable program on a computer system is enabled to exchange communications with a second executable program on the computer system by determining that the first executable program requests to exchange information with the second executable program, using the second executable program to challenge the first executable program for a digital certificate, and using the second executable program to exchange information with the first executable program when the digital certificate is verified. | 04-21-2016 |
20160119147 | Method and System of Online Content Review, Authentication, and Certification - A method and apparatus for the certification, review, and authentication of scientific and academic content produced by a content creator and certified by relevant credible and established entities through a scientific framework that depends on online interoperable systems, and presents such content to consumers through a system that provides automatic measures for notifying the user of the authenticity of the matter. While prior systems have been proposed for content verification, most purely apply for fact checking of numbers and figures and to establish what the end parties guarantee to have exchanged is true. On the other hand, this method and apparatus provides a technical and conceptual framework for authenticating and/or reviewing bodies and the content creators to engage in a revenue model while certifying the content not only with hard facts and figures but also abstract nature and conceptual accuracy. | 04-28-2016 |
20160119148 | SYSTEM AND METHOD FOR VALIDATING PROGRAM EXECUTION AT RUN-TIME USING CONTROL FLOW SIGNATURES - A processor comprising: an instruction processing pipeline, configured to receive a sequence of instructions for execution, said sequence comprising at least one instruction including a flow control instruction which terminates the sequence; a hash generator, configured to generate a hash associated with execution of the sequence of instructions; a memory configured to securely receive a reference signature corresponding to a hash of a verified corresponding sequence of instructions; verification logic configured to determine a correspondence between the hash and the reference signature; and authorization logic configured to selectively produce a signal, in dependence on a degree of correspondence of the hash with the reference signature. | 04-28-2016 |
20160124676 | DEDUPLICATION OF VIRTUAL MACHINE CONTENT - Methods and systems for managing, storing, and serving data within a virtualized environment are described. In some embodiments, a data management system may manage the extraction and storage of virtual machine snapshots, provide near instantaneous restoration of a virtual machine or one or more files located on the virtual machine, and enable secondary workloads to directly use the data management system as a primary storage target to read or modify past versions of data. The data management system may allow a virtual machine snapshot of a virtual machine stored within the system to be directly mounted to enable substantially instantaneous virtual machine recovery of the virtual machine. | 05-05-2016 |
20160127131 | Distributed Validation of Digitally Signed Electronic Documents - Systems and methods are presented for distributed validation of a digitally signed electronic document. A computing device accesses both a representation of the electronic document and a digital signature for the electronic document that includes a digest generated by the digital signature's creator by applying a one-way function to the electronic document. The computing device applies the same one-way function to the accessed representation of the electronic document to generate a new digest, and includes both the digital signature and the new digest in a request sent to a separate validation server. The request does not include the electronic document. The validation server generates validation results that depend on comparing the digest from the digital signature with the new digest, and that do not depend on having the electronic document available to the validation server. The computing device receives the validation results from the separate validation server. | 05-05-2016 |
20160127133 | APPARATUS AND METHOD FOR MULTI-STATE CODE SIGNING - An electronic device includes a memory configured to store a lab certificate, a code authentication certificate and the executable code. The electronic device also includes a processor associated with a unique device identifier. For a first operational condition of the plurality of operational conditions, the processor is configured to: retrieve the code authentication certificate associated with the executable code; determine that a valid lab certificate is present in the memory; authenticate the code authentication certificate by determining that the code authentication certificate is signed with a private developer key and that the signature is valid; and execute the executable code on the electronic device responsive to determining that the lab certificate is valid and authenticating the code authentication certificate. | 05-05-2016 |
20160127897 | USER-PLANE SECURITY FOR NEXT GENERATION CELLULAR NETWORKS - Securing user-plane data traffic between a device and a packet data network gateway (P-GW) may be accomplished at the device (e.g., chip component, client device) by obtaining, at the device, a first shared key, and obtaining, at the device, a second shared key based on the first shared key. The second shared key may be for securing user-plane data traffic during transit between the device and the P-GW. The second shared key is shared by the device and the P-GW. The data traffic may be secured based on the second shared key to produce first secured data traffic. The first secured data traffic may be sent to the P-GW via an access node. The P-GW and the access node are distinct network entities. The second shared key is unknown to the access node. The P-GW obtains the second shared key from a network entity that is distinct from the device. | 05-05-2016 |
20160127904 | Systems and Methods for Remote Authorization of Financial Transactions Using Public Key Infrastructure (PKI) - The invention relates to systems and methods for secure, remote, wireless submission of financial transactions. Authentication and authorization functionality are provided through use of proof of possession tests, a token service that provides a user device with a token that includes user entitlement data, and high assurance digital certificates. | 05-05-2016 |
20160134423 | OFF DEVICE STORAGE OF CRYPTOGRAPHIC KEY MATERIAL - In representative embodiments keys used in authentication are removed from local systems and stored on a key server system. When keys are needed for authentication, requests are routed to the key server system. In some embodiments, the keys do not leave the key server system and the key server system performs requested operations using the keys. In other embodiments, secure protocols are used to temporarily allow the local system to retrieve and use the key. In this latter situation, keys are not maintained on the local system. | 05-12-2016 |
20160134424 | SYSTEM AND METHOD FOR ENCRYPTION - A method and system for generating a signature for a user are described. The system comprises a signature server, an initial transaction device for a user and a validation device for a user. The initial transaction device is configured to display a first message M and send a request to the signature server to create a signature for said first message M. The signature server is configured to generate a validation challenge using a second message M′ which is based on said first message M′ and a first secret shared between said user and said signature server and send said validation challenge to the validation device. The validation device is configured to regenerate said second message M′ using said first shared secret, display said second message M′, receive user confirmation that the displayed second message M′ corresponds to said first message M, generate a validation code confirming the request to create a signature; and send said validation code to said signature server. Thereafter, said signature server generates the sig nature for the user for the first message M. | 05-12-2016 |
20160134425 | SYSTEM AND METHOD FOR RULES-BASED CONTROL OF CUSTODY OF ELECTRONIC SIGNATURE TRANSACTIONS - Techniques for electronic signature processes are described. Some embodiments provide an electronic signature service (“ESS”) configured to facilitate the creation, storage, and management of electronic signature documents. In one embodiment, an electronic signature document may be associated with custody transfer rules that facilitate transfers of custody of an electronic signature document from one user or party to another. A custody transfer may results in a transfer of rights or capabilities to operate upon (e.g., modify, view, send, delete) an electronic signature document and/or its associated data. A custody transfer rule may be trigged by the occurrence of a particular event, such as the receipt of an electronic signature. | 05-12-2016 |
20160134685 | CONTENT DELIVERY METHODS AND SYSTEMS - The present invention relates generally to systems and methods for delivering content from content providers to end users using computer networks. Aspects of the invention enable content providers cost-effective content delivery using, for example, download and peer-to-peer mechanisms, while also allowing content providers the ability to control and restrict usage of the content and combat piracy. These and other aspects of the invention are discussed in more detail herein. | 05-12-2016 |
20160135054 | DATA TRANSMISSION UNIT FOR A VEHICLE - A method for transmitting data between a vehicle and a terminal, in which data to be transmitted are transmitted on the basis of at least one digital signature generated by a security module in a vehicle key for the vehicle, the vehicle key also comprising at least one interface for communicating with the terminal and/or the vehicle and at least one microprocessor, and the microprocessor being used to check a trustworthiness of the data to be transmitted via the interface. Also, a corresponding vehicle key and vehicle having a system for transmitting data. | 05-12-2016 |
20160142409 | OPTIMIZED TOKEN-BASED PROXY AUTHENTICATION - Methods, systems, apparatuses, and computer program products are provided for authentication of users in a service-to-service context. At a first service, a user authentication token is received from a client device that was obtained from an identity provider. The user authentication token was received to enable access to the first service by a user. The user is authenticated based on the user authentication token. A second service is determined to be needed to be accessed by the first service on behalf of the user. The user authentication token is converted into a proxy token that is not convertible back to the user authentication token. The proxy token is forwarded from the first service to the second service to enable access to the second service. A response is received by the first service from the second service due to the user having been authenticated based on the proxy token. | 05-19-2016 |
20160149707 | TRACKING AND NOTIFICATION OF FULFILLMENT EVENTS - An electronic signature system is used to procure one or more electronic signatures on a document. The electronic signature system not only facilitates communication between the document originator and the document recipient, but it also tracks the document status through states such as sent, viewed, executed, and fulfilled. For example, at some point the electronic signature system may receive an incoming notification that an obligation set forth in the signed document has been fulfilled. This incoming fulfillment notification is recorded and the document status is updated accordingly. The electronic signature system can also be configured to generate outgoing fulfillment notifications to announce that an obligation associated with the signed document has been fulfilled. The various notifications and fulfillment events disclosed herein can be tracked so as to allow users to generate status reports that reveal the fulfillment status of a collection of documents administered by the electronic signature. | 05-26-2016 |
20160149708 | ELECTRONIC SIGNATURE SYSTEM - Electronic signature system comprising an electronic key generation device ( | 05-26-2016 |
20160149709 | Systems and Methods for "Machine-to-Machine" (M2M) Communications Between Modules, Servers, and an Application using Public Key Infrastructure (PKI) - Methods and systems are provided for supporting efficient and secure “Machine-to-Machine” (M2M) communications using a module, a server, and an application. A module can communicate with the server by accessing the Internet, and the module can include a sensor and/or an actuator. The module, server, and application can utilize public key infrastructure (PKI) such as public keys and private keys. The module can internally derive pairs of private/public keys using cryptographic algorithms and a first set of parameters. A server can authenticate the submission of derived public keys and an associated module identity. The server can use a first server private key and a second set of parameters to (i) send module data to the application and (ii) receive module instructions from the application. The server can use a second server private key and the first set of parameters to communicate with the module. | 05-26-2016 |
20160149869 | KEY ESTABLISHMENT FOR CONSTRAINED RESOURCE DEVICES - It is disclosed a method and a constrained resource device ( | 05-26-2016 |
20160149912 | Trusted Computing Base Evidence Binding for a Migratable Virtual Machine - In an embodiment, at least one computer readable medium has instructions stored thereon for causing a system to cryptographically sign, at a secure platform services enclave (PSE) of a computing system and using a secure attestation key (SGX AK), a public portion of a trusted platform module attestation key (TPM AK) associated with a trusted computing base of a physical platform, to form a certified TPM AK public portion. Also included are instructions to store the certified TPM AK public portion in the PSE, and instructions to, responsive to an attestation request received from a requester at a virtual trusted platform module (vTPM) associated with a virtual machine (VM) that has migrated onto the physical platform, provide to the requester the certified TPM AK public portion stored in the PSE. Other embodiments are described and claimed. | 05-26-2016 |
20160154745 | MEMORY DEVICE AND HOST DEVICE | 06-02-2016 |
20160154957 | Protecting Data in Memory of a Consumable Product | 06-02-2016 |
20160156475 | GENERALIZED CERTIFICATE USE IN POLICY-BASED SECURE MESSAGING ENVIRONMENTS | 06-02-2016 |
20160164684 | GENERATION OF A DIGITAL SIGNATURE - A method and system. A computer iteratively processes a unique condition digest of at least two condition digests in each iteration of a loop for a sufficient number of iterations to process all condition digests of the at least two condition digests. The processing in each iteration includes concatenating a reference digest with the unique condition digest of the iteration to generate a concatenand and hashing the concatenand to generate a hashed concatenand that serves as the reference digest for the next iteration if the next iteration is performed. Each unique condition digest is a different condition digest in each iteration of the loop. The regenerated reference digest of the last iteration of the loop is a last digest. | 06-09-2016 |
20160191251 | DEVICE FOR ARCHIVING HANDWRITTEN INFORMATION - An electronic pen device configured for use with a remote secure server for registering handwritten signatures, the secure server comprising an authentication database storing authentication information in connection with pre-registered users and a signature registration database for registering handwritten signatures, the electronic pen device comprising: an input/output (I/O) interface; a memory; a tip and capturing means connected thereto for capturing handwritten signatures; a network interface adapted to be connected to a data network, and a processing unit connected to the I/O interface, to the capturing means, to the memory and to the network interface. Further provided is a system for registering handwritten signatures, a method of authenticating handwritten signatures, a method of signing a document by a plurality of contracting user, and an electronic pen device configured to be used with a remote server for archiving handwritten information. | 06-30-2016 |
20160191468 | VIRTUAL DESKTOP ACCELERATOR WITH SUPPORT FOR DYNAMIC PROXY THREAD MANAGEMENT - In particular embodiments, a method includes determining a data flow rate of the active connections at a proxy, comparing the data flow rate to a first pre-determined threshold value, and, when the data flow rate exceeds the first pre-determined threshold value, creating one or more new processing threads associated with the proxy. | 06-30-2016 |
20160192192 | METHOD AND SYSTEM FOR ASSESSING A MESSAGE IN A DECENTRALIZED COMMUNICATION NETWORK - A method for assessing a message transmitted between at least: two parties via a previously unknown third party in a decentralized communication network, wherein all parties share a common trust architecture, includes publishing, on-behalf-of indication and public, security information of the third party; publishing, the message of the first party; evaluating the published information to extract published content of the first party by the second party as intended receiver of the message; verifying a real-world-identity of the third party and/or the signature of the third party based on the previously received trust information and/or based on the self-certifying name and the public security information of the third party; checking a trust information chain according to the common trust architecture from the second party to the third party; and assessing the content of the first party based on the checked trust chain. | 06-30-2016 |
20160197730 | MEMBERSHIP QUERY METHOD | 07-07-2016 |
20160197731 | METHOD OF COLLECTING PEER-TO-PEER-BASED CONTENT SENDING/RECEPTION INFORMATION | 07-07-2016 |
20160197899 | Method of Dynamically Encrypting Fingerprint Data and Related Fingerprint Sensor | 07-07-2016 |
20160204939 | MEDIA STORAGE STRUCTURES FOR STORING CONTENT, DEVICES FOR USING SUCH STRUCTURES, SYSTEMS FOR DISTRIBUTING SUCH STRUCTURES | 07-14-2016 |
20160204944 | PRIVATE ELECTRONIC SIGNATURE SERVICE FOR ELECTRONIC DOCUMENTS | 07-14-2016 |
20160204945 | Tamper Evidence Per Device Protected Identity | 07-14-2016 |
20160204946 | TRUSTED INTERNET IDENTITY | 07-14-2016 |
20160254915 | NON-REPUDIABLE ATOMIC COMMIT | 09-01-2016 |
20160379013 | CRYPTOGRAPHIC ASSURANCES OF DATA INTEGRITY FOR DATA CROSSING TRUST BOUNDARIES - A data integrity system generates a transaction signature associated with a transaction based on transaction data received from a data producer. The transaction signature is unique to the transaction and is generated by applying a hash function to the transaction data. When the transaction data is to be transmitted to a data consumer, the data integrity system redacts the transaction data based on permission information associated with the data consumer and transmits the redacted transaction data to the data consumer. To enable the data consumer to verify the integrity of the received data, the data integrity system also transmits a cryptographic assurance that includes at least the transaction signature associated with the transaction. The data consumer verifies the integrity of the received data by independently generating a transaction signature based on the redacted transaction data and matching the independently generated signature with the transaction signature in the cryptographic assurance. | 12-29-2016 |
20160380773 | Numeric Pattern Normalization for Cryptographic Signatures - A system for numeric pattern normalization for cryptographic signatures is provided. The system includes a resolving client, and an at least one signature server. The at least one signature server includes at least one processor and non-transitory computer readable media having encoded thereon computer software comprising a set of instructions executable by the at least one processor. The set of instructions may be executed by the signature server to generate a message to be transmitted to a resolving client, normalize the message via numeric pattern normalization, generate a hash value for the normalized message, and generate a cryptographic signature based on the hash value. The signature server may then generate a signed message having the message signed with the cryptographic signature, and transmit the signed message to the resolving client. | 12-29-2016 |
20160380970 | CONTROLLING THE SPREAD OF INTERESTS AND CONTENT IN A CONTENT CENTRIC NETWORK - One embodiment of the present invention provides a system for controlling the spread of interests and content in a content centric network (CCN). During operation, the system maintains a routing policy for content data. The system also receives a packet associated with a piece of content or an interest for the content. Next, the system determines that the structured name included in the packet is within the namespace specified in the routing policy. The system further determines that the packet satisfies the condition in the routing policy. Subsequently, the system routes the packet based on in part the action corresponding to the condition as specified in the routing policy. | 12-29-2016 |
20160381075 | METHODS AND APPARATUS FOR GENERATING AND USING SECURITY ASSERTIONS ASSOCIATED WITH CONTAINERS IN A COMPUTING ENVIRONMENT - Methods and apparatus are disclosed to generate a security assertion document associated with a container image, and to use the security assertion document to determine whether a container image is suitable for use to assemble a corresponding container for execution in a host environment. In an example method, the generated security assertion document includes a security assertion resulting from an assessed policy rule. In the example method, the security assertion document is separate from the container image such that the generation of the security assertion document does not alter the container image itself. In an example method, the contents of the security assertion document may be analyzed and/or verified in relation to the associated container image in connection with determining whether or not to use the container image to assemble a corresponding container for execution in the example host environment. | 12-29-2016 |
20170237570 | METHOD AND SYSTEM FOR SERVER BASED SECURE AUDITING FOR REVISIONING OF ELECTRONIC DOCUMENT FILES | 08-17-2017 |
20170237717 | IDENTITY BINDING SYSTEMS AND METHODS IN A PERSONAL DATA STORE IN AN ONLINE TRUST SYSTEM | 08-17-2017 |
20180025151 | Wireless Memory Device Authentication | 01-25-2018 |
20180026792 | METHODS AND SYSTEMS FOR PRIORITIZED AUTHENTICATION BETWEEN MOBILE OBJECTS | 01-25-2018 |
20180026793 | DETERMINISTIC VERIFICATION OF DIGITAL IDENTITY DOCUMENTS | 01-25-2018 |
20180026794 | VIRTUAL NETWORK SYSTEM, VIRTUAL NETWORK CONTROL METHOD, VIRTUAL NETWORK FUNCTION DATABASE, ORCHESTRATION APPARATUS, CONTROL APPARATUS, AND CONTROL METHOD AND CONTROL PROGRAM OF CONTROL APPARATUS | 01-25-2018 |
20180026795 | RFID SECURE AUTHENTICATION | 01-25-2018 |
20180026796 | METHOD FOR DISTRIBUTED TRUST AUTHENTICATION | 01-25-2018 |
20180026969 | METHOD TO PREVENT CLONING OF ELECTRONIC COMPONENTS USING PUBLIC KEY INFRASTRUCTURE SECURE HARDWARE DEVICE | 01-25-2018 |
20190149333 | METHODS AND SYSTEMS FOR SUPPORTING FAIRNESS IN SECURE COMPUTATIONS | 05-16-2019 |
20190149336 | Method and System for Securing a Blockchain with Proof-of-Transactions | 05-16-2019 |
20190149339 | TRUSTED DATA VERIFICATION | 05-16-2019 |
20190149523 | ANONYMOUS COMMUNICATION SYSTEM AND METHOD FOR SUBSCRIBING TO SAID COMMUNICATION SYSTEM | 05-16-2019 |
20190149688 | SYSTEMS AND METHODS FOR MAINTAINING CHAIN OF CUSTODY FOR ASSETS OFFLOADED FROM A PORTABLE ELECTRONIC DEVICE | 05-16-2019 |
20220141029 | USING MULTI-FACTOR AND/OR INHERENCE-BASED AUTHENTICATION TO SELECTIVELY ENABLE PERFORMANCE OF AN OPERATION PRIOR TO OR DURING RELEASE OF CODE - Techniques are described herein that are capable of using multi-factor and/or inherence-based authentication to selectively enable performance of an operation prior to or during release of code. For example, a user-specific digital signature that identifies a user of a code development service is generated based at least in part on factor(s) obtained from the user as a result of initiating or receiving a request to perform an operation with regard to the code prior to or during the release of the code. Multi-factor and/or inherence-based authentication may be selectively performed based at least in part on the user-specific digital signature. The performance of the operation is selectively enabled based at least in part on whether the user is authenticated. | 05-05-2022 |
20220141032 | INFRASTRUCTURE-ENABLED SECURE LEDGER - A method and system for certifying an interaction of an infrastructure component with a device in the course of the device lifecycle are described. The method comprises accessing device identification data that identifies the device, generating validation data on the basis of device identification data and component identification data to certify an interaction of the device with the infrastructure component and communicating a request to store the validation data in a secure ledger. The secure ledger comprises a ledger entry for each interaction of the device with an infrastructure component. | 05-05-2022 |