Class / Patent application number | Description | Number of patent applications / Date published |
713179000 | Including generation of associated coded record | 67 |
20080270801 | Watermarking a Media Signal by Adjusting Frequency Domain Values and Adapting to the Media Signal - A method of imperceptibly embedding a code signal in a media signal encodes auxiliary information in frequency components of the media signal. This method forms a code signal comprising a plurality of frequency components. The method embeds the code signal into the media signal by adjusting the frequency component relative to a neighboring component. The method changes selection of the plurality of frequency components corresponding to the codes signal for different instances of embedding the code signal in the media signal. The code signal may be used to encode a combination of fixed and variable message information in audio and image signals, including video. In one application, the attributes of the code signal are measured to determine broadcast signal quality. In another, the code signal robustly carries auxiliary information in distribution channels where distortion is common, such as compression, broadcast distortion, packet loss, digital to analog conversion, and ambient air transmission. | 10-30-2008 |
20080276095 | Data Processing Apparatus and Its Method - A verification information generation system comprises a first and a second data processing apparatuses. The first data processing apparatus comprises a holding unit adapted to hold a first secret information which is set in advance, a reception unit adapted to receive information associated with the second secret information from the second data processing apparatus, a key information generation unit adapted to generate key information on the basis of the first secret information and the information associated with the second secret information, a key derivation auxiliary information generation unit adapted to generate key derivation auxiliary information which allows the key information to be derived from the second secret information, a verification information generation unit adapted to generate verification information on the basis of information to be verified and the key information, and an output unit adapted to output the information to be verified, the verification information, and the key derivation auxiliary information. The second secret information is information which is set in advance in the second data processing apparatus. | 11-06-2008 |
20080307233 | Encoded Data Security Mechanism - A method and system for securing and tracing confidential data is described. A request to generate a hardcopy printout is received by a computing device. Document output instructions for the request then are generated and data to associate with the document output instructions is determined. Then the determined data is encoded with the generated document output instructions. The encoded data includes information specific to a terminal device associated with the request and an identifier representative of a starting position for reading the encoded data. One ore more software modules within a terminal device, an intermediate server, and/or a printer may perform the operation of encoding the data. A hardcopy printout includes the content requested to be printed in addition to the encoded data. The encoded data may appear as representations of noise on one or more pages of the hardcopy printout. | 12-11-2008 |
20090106557 | METHODS AND SYSTEMS FOR INDICATING TRUSTWORTHINESS OF SECURE COMMUNICATIONS - Embodiments of the present invention enable a message recipient or messaging system to indicate the trustworthiness of a message, especially messages that comprise content that has been digitally signed. In addition, embodiments may alter or control the message to change user behavior by preventing the user from doing things that the message would induce the user into doing. In some embodiments, various characteristics and indicia of the message are determined. For example, for e-mail messages having digitally signed content, certain embodiments may determine the entity or entities asserting a basis for trust, the status or role of the sender, the name of the sender, the affiliation of the sender, the messaging address the location, and the most recent status of the trust relationship. Based on the determined indicia, a plain language notification is composed and the message is displayed with the notification. For example, the notification may be displayed in a display bar above or below the message's contents, or may appear as a pop-up window. In addition, in some embodiments, the recipient may provide his or her assessment of the indicia, such as the accuracy, reliability, and the trustworthiness of the indicia. The history of interactions between various parties related to the message may also be considered. For example, the history of interactions between the sender and recipient may be considered. The trustworthiness of the certification authority or other entity may also be considered. | 04-23-2009 |
20090177891 | METHOD AND SYSTEM FOR INVISIBLY EMBEDDING INTO A TEXT DOCUMENT THE LICENSE IDENTIFICATION OF THE GENERATING LICENSED SOFTWARE - A method and system for embedding into a text document generated by a licensed software a License Identification Signature of the software. | 07-09-2009 |
20090210719 | COMMUNICATION CONTROL METHOD OF DETERMINING WHETHER COMMUNICATION IS PERMITTED/NOT PERMITTED, AND COMPUTER-READABLE RECORDING MEDIUM RECORDING COMMUNICATION CONTROL PROGRAM - In a first information processing device, a specific part of a binary code of a first application program developed in a first memory and a specific function are used to calculate a first identification value. The first identification value is transmitted from the first information processing device to a second information processing device. In the second information processing device, a specific part of a binary code of a second application program developed in a second memory and a specific function are used to calculate a second identification value, and the first identification value received from the first information processing device is compared with the second identification value. If these identification values are identical, connection with the first information processing device is permitted in the second information processing device. | 08-20-2009 |
20090222668 | Group Signature Scheme With Improved Efficiency, in Particular in a Join Procedure - A method for managing a group signature scheme includes in a setup procedure for group initialization, generating, by a group manager, a group public key. In a join procedure for the group manager to add a new member to the group, the method includes generating by the new member, user information, and providing the generated user information to the group manager, and computing, by the group manager, membership information for the new member based on the user information received by the new member and on the group public key, and providing to the new member the computed membership information. In particular, the membership information is computed, by the group manager, as a function of the inverse of a given hash function of the user information. In a signing procedure for a group member to sign a message on behalf of the group, the method includes: using, by the group member, the membership information and the user information. The method further includes the use of digital certificates, in order for the group member to prove to the group manager the possession of said user information. | 09-03-2009 |
20100049984 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, INFORMATION PROCESSING PROGRAM AND INFORMATION PROCESSING SYSTEM - An information processing apparatus according to the present application includes a first application allowed to access the IC chip, including an IC chip in which predetermined data is recorded, an IC chip reading unit that reads the data recorded in the IC chip, and a signature data generation unit that generates signature data by performing encryption processing on the recorded data read by the IC chip reading unit and a second application not allowed to access the IC chip, including a server access unit that requests acquisition of content from an information providing server by receiving the signature data and the recorded data from the first application and transmitting the signature data and the recorded data to the information providing server that provides predetermined content. | 02-25-2010 |
20100077221 | System and Method for Wirelessly Transacting Access to a Set of Events and Associated Digital Content/Products - One or more content providers push data related to: movies, movie products, digital movie content over a network (e.g., a LAN, a WAN, the Internet, or a wireless network) onto an information filling station which, in turn, wirelessly transacts (over a network based on the 802.11b protocol) and transmits any requested data to a portable computer-based device (e.g., laptop, a pen-based computer device, a PDA, a wireless phone, or a pager). The portable device performs financial transactions for: purchasing movie tickets (directly or via auctions), downloading digital entertainment content of interest (e.g., copy of a movie of interest, copy of a movie identified based on a pre-stored profile, copy of soundtrack of a movie of interest), or movie related products. Any purchased digital content is either transferred wirelessly onto the portable device or, optionally, sent on a storage medium to a physical address associated with the profile. | 03-25-2010 |
20100095127 | TUNABLE ENCRYPTION SYSTEM - A method, programmed medium and system are provided for enabling a user to choose a user-preferred encryption type from among a plurality of encryption types listed in a user's Kerberos configuration file. During the ticket granting process in a Kerberos system, a user is requested to select a preferred encryption type to be used in the Kerberos communication from among encryption types contained in the user's Kerberos configuration file. The user-selected encryption type is then implemented for use in encrypting a session ticket (as well as generating the session key of user requested encryption type) for use by the user machine in communicating securely with an Kerberized application server when being communicated by that particular user. Thus, the system allows different users to simultaneously communicate with the same Kerberized application server using a supported encryption type of the user's own choice. | 04-15-2010 |
20100095128 | DOCUMENT INTEGRITY VERIFICATION PREPARATION - A system and method are disclosed for rendering published documents tamper evident. Embodiments render classes of documents tamper evident with cryptographic level security or detect tampering, where such security was previously unavailable, for example, documents printed using common printers without special paper or ink. Embodiments enable proving the date of document content without the need for expensive third party archival, including documents held, since their creation, entirely in secrecy or in untrustworthy environments, such as on easily-altered, publicly-accessible internet sites. Embodiments can extend, by many years, the useful life of currently-trusted integrity verification algorithms, such as hash functions, even when applied to binary executable files. Embodiments can efficiently identify whether multiple document versions are substantially similar, even if they are not identical, thus potentially reducing storage space requirements. | 04-15-2010 |
20100106974 | System For And Method Of Writing And Reading Redundant Data - In accordance with an embodiment of the invention, a method of writing and reading redundant data is provided. Data is written by storing a copy of the data along with a timestamp and a signature at each of a set of storage devices. The data is read by retrieving the copy of the data, the timestamp and the signature from each of a plurality of the set of data storage devices. One of the copies of the data is selected to be provided to a requestor of the data. Each of the storage devices of the set is requested to certify the selected copy of the data. Provided that a proof of certification of the selected copy of the data is valid, the storage devices of the set are instructed to store the selected copy of the data along with a new timestamp. | 04-29-2010 |
20100115284 | SUPPORT OF TAMPER DETECTION FOR A LOG OF RECORDS - Tamper detection of audit records comprises configuring a proxy for adding tamper evidence information to audit information by obtaining audit records from at least one audit record generating source, grouping obtained audit records into subsets of audit records and providing tamper evidence processing to the subsets utilizing a cryptographic mechanism to calculate a signature over each subset of audit records. The proxy groups the subsets such that each subset contains at least one designated carryover audit record that overlaps into a next subset so that each carryover audit record is associated with at least two signatures. As such, the proxy creates an overlapping chain of digitally signed audit records subsets. The proxy further forwards the tamper evident audit records from the tamper evidence adding proxy to a corresponding audit log storage subsystem for storage, storing the calculated signatures. | 05-06-2010 |
20100138662 | DIGITAL SIGNATURE ASSURANCE SYSTEM, METHOD, PROGRAM AND APPARATUS - According to respective embodiments of the present invention, it is possible to verify a security environment of an digital signature and assure validity of the digital signature. For example, in the case of generating the digital signature, the assertion for asserting a key management system and a user authentication system is generated, the conversion processing is applied to both of the digital signature and the assertion, and the acquired digital signature, assertion, and conversion value are outputted. Therefore, it is possible to verify validity of the assertion on the basis of the conversion value and verify the security environment of the digital signature on the basis of the key management system and the user authentication system included in the assertion. Accordingly, the validity of the digital signature can be assured. | 06-03-2010 |
20100138663 | Method Of Providing Security Document - A method of providing a security document is provided in which a computer system generates a digital signature of at least part of an identity associated with the security document, generates a plurality of coded data tags to each encode data on the identity and a respective part of the digital signature, and prints, with a printer networked therewith, the security document with the tags tiled thereacross. The tags are generated and printed so that interaction with only one of the tags to detect the identity and respective signature part encoded thereby allows authentication of the entire digital signature. | 06-03-2010 |
20100138664 | SYSTEMS AND METHODS FOR DISTRIBUTING PRIVATE PLACEMENT DOCUMENTS - Methods of providing a private placement document to a potential investor in a private placement. The methods may comprise the step of generating the private placement document in an encrypted electronic format. The private placement document may include a unique identifier. The methods may also comprise the steps of providing the private placement document to the potential investor, and recording the unique identifier. | 06-03-2010 |
20100146288 | INFORMATION STORAGE SYSTEM - A system for storing information having a predetermined use which requires the information to be secured. The information may comprise credit card details used to complete a transaction. The system includes: (a) A client system for storing an encoded version of the information and an identifier. The encoded version is generated from first data of the information and an encoded version of the second data of the information. The information can be generated from the first data and the second data, and the predetermined use is infeasible with only one of the first data and the second data. (b) A remote server for storing the second data and an encoded identifier generated from the identifier. The client system sends at least the encoded version of the second data to the remote server. The client system or the remote server is able to generate the information from the first data and the second data. Accordingly, only part of the information to be secured is stored locally on the client system, whilst the other part is stored on the remote server, and neither the client system nor the remote server have a record of the entire information. | 06-10-2010 |
20100153734 | Utilizing data reduction in steganographic and cryptographic system - The present invention relates to methods for protecting a data signal using the following techniques: applying a data reduction technique to reduce the data signal into a reduced data signal; subtracting the reduced data signal from the data signal to produce a remainder signal; embedding a first watermark into the reduced data signal to produce a watermarked, reduced data signal; and adding the watermarked, reduced data signal to the remainder signal to produce an output signal. A second watermark may be embedded into the remainder signal before the final addition step. Further, cryptographic techniques may be used to encrypt the reduced data signals and to encrypt the remainder signals before the final addition step. The present invention also relates to a system for securing a data signal including: computer devices for applying a data reduction technique to reduce the data signal into a reduced data signal; means to subtract the reduced data signal from the data signal to produce a remainder signal; means to apply a first cryptographic technique to encrypt the reduced data signal to produce an encrypted, reduced data signal; means to apply a second cryptographic technique to encrypt the remainder signal to produce an encrypted remainder signal; and means to add the encrypted, reduced data signal to the encrypted remainder signal to produce an output signal. | 06-17-2010 |
20100185869 | METHOD AND SYSTEM FOR SIGNING JAVASCRIPT OBJECT NOTATION (JSON) MESSAGES - JSON (JavaScript Object Notation) message integrity is provided using a digital signature scheme. The digital signature scheme implements a set of processing rules for creating and representing digital signatures using a JSON signature syntax. The syntax preferably comprises a set of named elements, including a reference element, a signature information element, and a signature element. In one embodiment, a machine-implemented method for signing a JSON message begins by constructing a reference element for each data object in the JSON message to be signed. The data object is identified by a reference identifier. The reference element includes the reference identifier, a pointer (such as a URI) to a digest method, and a digest generated by applying the digest method to the data object or a given function of the data object. Then, a signature information element is constructed for one or more of the reference elements corresponding to the one or more data objects in the message that are being signed. The signature information element includes a pointer to a signature method, as well as one or more reference elements, or a canonical form of the one or more reference elements. Then, a signature element is constructed. The signature element includes the signature information element, and a signature value generated by applying the signature method (identified in the signature information element) to the signature information element. The signature element is the JSON message signature. The signature enables a sending entity (such as a Web browser or Web server) to generate a digest on all or parts of a JSON message and then to secure the digests using a signing key. | 07-22-2010 |
20100217996 | System and Method for the Electronic Management and Execution of Transaction Documents - One aspect of the invention is a method for generating a certified electronic document that includes receiving identification information associated with a signatory user from a computer. From the same computer, identification information associated with a notary user is also received. At least one electronic document that requires certification is identified on a display. A first user command is received from the computer identifying the assent of the signatory user to the execution of the at least one electronic document. A second user command is received from the computer identifying the assent of the notary user to the certification of the at least one electronic document. Official indicia associated with the notary user is applied to the at least one electronic document to create at least one certified document. | 08-26-2010 |
20100241864 | AUTHENTICATING AN INTEGRATED CIRCUIT BASED ON STORED INFORMATION - Exemplary embodiments provide methods and systems of authenticating an integrated circuit (IC). The manufacturing location of an IC is authenticated by storing in the IC a local signature derived from a GPS signal that was received at the manufacturing location at the time of manufacture. A remote signature is derived from a GPS signal that was received at a remote site nearly simultaneously as the reception of the GPS signal at the manufacturing location. The local signature is compared to the remote signature at an authentication site to determine the authenticity of the IC. | 09-23-2010 |
20100287379 | METHOD FOR COMPATIBILITY CHECKING OF A MEASURING SYSTEM COMPRISING A MEASUREMENT TRANSMITTER AND A SENSOR - In a method for compatibility checking of a measuring system including a measurement transmitter and a sensor, a first signature is externally created for an identifying data set and is stored in the measurement transmitter. After transmission of the identifying data set from the measurement transmitter to the sensor, a second signature is calculated for the identifying data set in the sensor. If the signatures match, then the measurement transmitter and the sensor are compatible and the measurement transmitter can access data and/or functions of the sensor. | 11-11-2010 |
20100299528 | METHOD FOR PROVIDING ACCESS CONTROL TO MEDIA SERVICES - The present invention proposes a solution to prevent a program flow in a processing unit from being modified with respect to an intended program flow, thereby ensuring that important steps such as verifying or authenticating are not bypassed. The invention is particularly aimed at security modules within receiver/decoders in a pay-TV system and involves performing a set of predetermined operations during the processing of entitlement management messages and/or entitlement control messages, said operations being redundant with respect to the normal processing of said messages while leading to the calculation of keys which can then be used to verify that the intended program flow has been respected. | 11-25-2010 |
20110016325 | SIGNATURE AND VERIFICATION METHOD, SIGNATURE GENERATION DEVICE, AND SIGNATURE VERIFICATION DEVICE - The present invention provides a signature generation device and a signature verification device capable of countering a transcript attack that seeks a private key by analyzing a plurality of signed documents (pairs of a message and a signature) signed using the NTRUSign signature scheme. The signature generation device calculates a hash value vector H of message data, adds a vector based on a private distribution to the hash value vector H to calculate a converted hash value vector H′, and seeks, as a signature vector S, the closest lattice point to the converted hash value vector H′ in a lattice defined by private key basis vectors. The signature verification device determines whether the distance between the hash value vector H of the message data and the signature vector S is equal to or less than L′ and, if so, recognizes the message data as valid. | 01-20-2011 |
20110022847 | DATA PROCESSING APPARATUS AND METHOD - Generating a cryptographic key, for example using a received external key. A system to generate a cryptographic key may include a first data store which may store an authorization key. A system may include a second data store which may store a secure key and/or a public key. A system may include an access controller, which may allow access to a secure key, for example to an access request which may be accompanied by a digital signature. A system may include a key generator, which may generate a private key, for example using a received external key, a stored authorization key and/or a mapping function. A system may include an access request signal generator which may generate a digital signature and/or which may transmit an access request, for example including a generated digital signature, to an access controller to retrieve a secure key. | 01-27-2011 |
20110072273 | DATE-PROVABLE REGISTRATION SYSTEM FOR PUBLISHED DOCUMENTS - A system and method are disclosed for rendering published documents tamper evident. Embodiments render classes of documents tamper evident with cryptographic level security or detect tampering, where such security was previously unavailable, for example, documents printed using common printers without special paper or ink. Embodiments enable proving the date of document content without the need for expensive third party archival, including documents held, since their creation, entirely in secrecy or in untrustworthy environments, such as on easily-altered, publicly-accessible internet sites. Embodiments can extend, by many years, the useful life of currently-trusted integrity verification algorithms, such as hash functions, even when applied to binary executable files. Embodiments can efficiently identify whether multiple document versions are substantially similar, even if they are not identical, thus potentially reducing storage space requirements. | 03-24-2011 |
20110078453 | METHODS AND APPARATUS FOR COMPENSATION FOR CORRUPTED USER IDENTIFICATION DATA IN WIRELESS NETWORKS - Methods and apparatus that correct for corrupted user identification or other data based on reciprocal transmission channel characteristic. In one embodiment, a level of tolerance is disclosed which provides a degree of leniency in user identification. In alternate embodiments, a level of tolerance is disclosed which provides a narrow window for “guessing” of user identification. Various methods for quantization and specification of tolerances are also disclosed. Methods and apparatus useful for implementing variation-tolerant encryption schemes are also provided. | 03-31-2011 |
20110093717 | NODE APPARATUS, METHOD AND STORAGE MEDIUM - A node apparatus changes a first access key unique to itself; changes a shared key same for node apparatuses; encrypts, using the shared key, the first access key and transmits it; receives an access key notification frame; decrypts it using the shared key, thereby obtaining a second access key; attaches, to a first plaintext frame, first signature data obtained by encrypting, using the shared key, data including a first value calculated from the first plaintext frame; encrypts the first plaintext frame using the second access key and transmits thus encrypted frame; receives a second encrypted frame; decrypts it by the first access key to obtain a second plaintext frame; obtains a second value by decrypting, using the shared key, a second signature data attached to the second plaintext frame; calculates a third value from the second plaintext frame; and confirms whether the second and third values are consistent. | 04-21-2011 |
20110154046 | METHOD AND APPARATUS FOR STORAGE OF DATA FOR MANUFACTURED ITEMS - Exemplary embodiments are directed to a method and apparatus for storage of data for a batch of manufactured items. The method comprises defining, by a lower limit identifier and an upper limit identifier, a range of unique item identifiers for the batch, wherein each manufactured item in the batch is allocated a unique item identifier falling within the range. The number of unique item identifiers allocated to the manufactured items is smaller than the number of unique item identifiers in the range. The unique item identifiers allocated to the manufactured items are defined by the lower limit item identifier of the range, the upper limit item identifier of the range and an indication of those item identifiers in the range which are not allocated to a manufactured item. | 06-23-2011 |
20110173452 | METHOD OF GENERATING COMPOUND TYPE COMBINED PUBLIC KEY - The present invention constructs a compound type combined public key system on the basis of a combined public key CPK system. The combined key is combined by an identity key and a randomly defined key. The randomly defined key can be defined by a center, called a system key; and can be self-defined, called updating key. Combination of the identity key and the system key generates a first-order combined key. The first-order combined key is then combined with the updating key to generate a second-order combined key. The first-order combined key can be used for centralized digital signature and key exchange. The second-order combined key can be used for distributed digital signature, to provide individual with convenient key exchange and absolute privacy. A combining matrix, as a trust root, provides proof of integrity of identity and key, with no need of third party proof. The present invention can be widely used in fields such as trusted connecting (communication), code authentication (software), e-bank (note), trusted transaction, trusted logistics, and network management. | 07-14-2011 |
20110208971 | Method of Using ECDSA with Winternitz One Time Signature - A method is provided of authenticating a digitally signed message. A chain of messages is generated. A Winternitz pair of keys is generated for each respective message. A sequence number is assigned to each of the messages. Each of the sequence numbers cooperatively identify an order of Winternitz verifiers assigned to each of the messages. A signature to a first message in the chain of messages is signed using a digital signature algorithm private key. Signatures to each of the following messages in the chain of messages are signed using both Winternitz private keys and digital signature algorithm private keys. The signed messages are broadcast from a sender to a receiver. The first signed broadcast message is authenticated at the receiver by verifying the digital signature algorithm signature. At least some of the following signed broadcast messages are authenticated at the receiver by verifying only the Winternitz signature. | 08-25-2011 |
20110208972 | METHOD OF SIGNING A MESSAGE - A method of signing a message, a base station for a wireless sensor network, a node for a wireless sensor network and a wireless sensor network are provided. The method comprises, generating a secret key for signing the message, the secret key being based on an identity of a signer; generating an offline signature; generating an online signature based on at least the offline signature and the secret key; and wherein the online signature is verifiable using a verification algorithm that does not require a pairing operation. | 08-25-2011 |
20110264918 | INTER-VEHICLE COMMUNICATION SYSTEM - A communication system for transmitting and receiving communication data together with signature data attached thereto for verifying the communication data. A transmission-side in-vehicle device of the system generates the signature data for each unit of communication data consisting of M×N (M>=N>=2) pieces of communication data, and repeatedly transmits M pieces of divided signature data in N rounds, attached to M×N corresponding pieces of communication data. A reception-side in-vehicle device of the system reconstitutes the unit of communication data from M×N pieces of received communication data, reconstitutes the signature data from M pieces of received divided signature data, and then verifies the reconstituted unit of communication data with the reconstituted signature data. This can prevent data missing of the signature data due to communication errors to thereby reliably verify the communication data. | 10-27-2011 |
20110302418 | INFORMATION PROCESSING DEVICE - One embodiment is an information processing device for obtaining an HMAC, including a padding circuit for generating first key data by adding a first constant with respect to secret key data when a secret key length of input secret key data is shorter than a block length of a hash function, setting the secret key data as second key data when the secret key length is equal to the block length, generating third key data by adding the first constant with respect to a first digest value when the secret key length is longer than the block length, and performing an exclusive OR operation with a second constant with respect to one of the first key data, the second key data, or the third key data to calculate first data; a hash calculation circuit for obtaining the first digest value and obtaining a second digest value; and a control unit for managing a processing state for calculating the HMAC, wherein the hash calculation circuit outputs a first midway progress value when interrupting a calculation process of the first digest value in the middle, and resumes the calculation process of the first digest using the first midway progress value when a signal indicating resuming instruction of the calculation process of the first digest value is input to the control unit. | 12-08-2011 |
20110302419 | IMAGE MANAGING METHOD AND IMAGE MANAGING SYSTEM - An image managing method includes dividing the original moving image into a header and a body and generating the group hash value of the header portion, generating the hash value of each item of still image data, connecting the group hash value of the header portion and the hash value of each item of still image data to generate connected hash values, generating a group of the connected hash values as a hash value list, generating the hash value of a Huffman table on the basis of cutting out one still image, and signing to generate signature information of the original moving image, using the group hash value of the header portion, the hash value of the Huffman table, and the hash list as verification data of the original moving image, by adding a digital signature of a video recording terminal to it. | 12-08-2011 |
20110314293 | Method of Handling a Server Delegation and Related Communication Device - A method of handling a server delegation for a first server in a service system supporting a device management (DM) protocol is disclosed. The method comprises receiving a delegation message with a first signature from a second server via a delegation session, wherein the second server has a control of a plurality of management objects of a client; generating a delegation request message comprising the delegation message and the first signature; and sending the delegation request message with a second signature to the client in the service system, to obtain the control of the part of the plurality of management objects of the client. | 12-22-2011 |
20120011369 | DIGITAL SIGNATURE GENERATION APPARATUS, DIGITAL SIGNATURE VERIFICATION APPARATUS, AND KEY GENERATION APPARATUS - A digital signature generation apparatus includes memory to store finite field F | 01-12-2012 |
20120023336 | System and method for designing secure client-server communication protocols based on certificateless public key infrastructure - A system and method for facilitating secure client server communication using elliptical curve cryptography and certificateless public key infrastructure has been disclosed. The system includes a secret key generation means which generates a secret key of m-bits based on the elliptic curve diffie hellman algorithm. The system further includes a session key generation means which makes use of said secret key and elliptic curve diffie hellman algorithm to generate a session key. The session key is used to facilitate secured communication between the client and the server. | 01-26-2012 |
20120096277 | SYSTEM AND METHOD FOR PERSONAL AUTHENTICATION USING A MOBILE DEVICE - A system and method is for personal authentication with respect to a service provider using a mobile device. The method includes providing the user of the mobile device ( | 04-19-2012 |
20120124385 | METHOD, CONTROLLER AND SYSTEM FOR DETECTING INFRINGEMENTS OF THE AUTHENTICITY OF SYSTEM COMPONENTS - In a method for detecting infringements of the authenticity of a system component an authentication request is sent from a controller to an authentication device of the system component. A first authentication code is calculated in the authentication device by applying a shared one-way function to an identification code, stored in the authentication device, for the system component. A second authentication code in the controller is calculated by applying the shared one-way function to an identification code, stored in the controller, for the system component, and an authentication response including the first authentication code is sent from the authentication device to the controller. The first authentication code is compared with the second authentication code in the controller for detecting infringements of the authenticity of the system component. | 05-17-2012 |
20120159179 | DIGITAL SIGNATURES WITH ERROR POLYNOMIALS - Representations of polynomials a, s, t, e | 06-21-2012 |
20120239937 | INFORMATION PROCESSING DEVICE, COMPUTER PROGRAM PRODUCT, AND ACCESS CONTROL SYSTEM - According to an embodiment, an information processing device includes a key set generating unit configured to generate a key set including at least a public key and a master key; a secret key generating unit configured to generate different secret keys for each server device accessing the information processing device by using the master key included in the key set; a secret key providing unit configured to provide each of the secret keys generated by the secret key generating unit to a corresponding server device; and a public key providing unit configured to provide the public key to a verification device to make the verification device verify signature information generated by using the secret key in each of the server devices. | 09-20-2012 |
20120265994 | SYSTEM AND METHOD TO ESTABLISH AND/OR MANAGE A TRUSTED RELATIONSHIP BETWEEN A HOST TO STORAGE ARRAY CONTROLLER AND/OR A STORAGE ARRAY TO STORAGE ARRAY CONTROLLER - A method for establishing a secure connection between a first computer and a second computer, comprising the steps of (A) generating a signature authentication pair on the first computer, (B) receiving a plurality of authentication pairs that may or may not include the signature authentication pair, (C) detecting whether the signature authentication pair is received in the authentication pairs and (D) if the signature authentication pair is detected, creating a secure connection between the first computer and the second computer. | 10-18-2012 |
20120265995 | Exploiting Application Characteristics for Multiple-Authenticator Broadcast Authentication Schemes - A method for securing communications in a vehicle-to-vehicle (V2V) system including an on-board computer of a broadcasting vehicle predicting a value for a vehicle parameter, generating a heavyweight signature corresponding to the predicted value, and obtaining an actual value for the vehicle parameter. The method also includes the computer comparing the predicted value to the actual value to determine if the predicted value bears a first relationship to the actual value. If the computer determines that the predicted value bears the relationship to the actual value, the on-board computer generates a lightweight authenticating signature to correspond to the predicted value and broadcasts a data message having the predicted value with the corresponding heavyweight authenticating signature and the corresponding lightweight authenticating signature. | 10-18-2012 |
20120297197 | Dynamic Domain Name Server Console for Disaster Recovery Server Management - Methods, systems, and computer-readable media for updating a domain name server are provided. A console may receive a first request to access the console. The console may verify first permission to access the console. The console may receive a second request to access the domain name server. The console may verify second permission to access the domain name server. The console may receive an instruction to modify an entry in the domain name server. The instruction may specify that a previous Internet Protocol address in the entry is replaced with a new Internet Protocol address. The console may transmit the instruction from the console to the domain name server. The domain name server may be configured to replace the previous Internet Protocol address with a new Internet Protocol address in the entry in response to the instruction. | 11-22-2012 |
20120297198 | Privacy-Preserving Metering with Low Overhead - Privacy-preserving metering with low overhead is described. In an embodiment consumption of a resource such as electricity, car insurance, cloud computing resources is monitored by a meter and bills are created in a manner which preserves privacy of a customer but at the same reduces bandwidth use between a meter and a provider of the resource. For example, fine grained meter readings which describe customer behavior are kept confidential without needing to send large cryptographic commitments to meter readings from a meter to a provider. In an example, meter readings are encrypted and sent from a meter to a provider who is unable to decrypt the readings. In examples a cryptographic signature is generated to commitments to the meter readings and only the signature is sent to a provider thus reducing bandwidth. For example, a customer device is able to regenerate the commitments using the signature. | 11-22-2012 |
20120311341 | CENTRALIZED KERNAL MODULE LOADING - Methods and systems for centralized kernel module loading are described. In one embodiment, a computing system detects a kernel module load event to load a kernel module into a kernel of a client. Upon detection of the kernel module load event, the computing system computes a cryptographic hash of the kernel module, and sends the cryptographic hash to an access control server to verify whether the cryptographic hash is a permitted hash. The computing system receives a response from the access control server to permit or deny the kernel module load event, and permits or denies the kernel module load event based on the response. | 12-06-2012 |
20120324233 | Verifying Requests for Access to a Service Provider Using an Authentication Component - The subject disclosure is directed towards processing requests for accessing a service provider. After examining at least one security token, a public key and a portion of attribute information are identified. An authentication component is accessed and applied to the public key. A unique user identifier is employed in generating the public key. The authentication component is generated using information from at least one revoked security token or at least one valid security token. The authentication component is configured to prove validity of the at least one security token. | 12-20-2012 |
20130007464 | Protocol for Controlling Access to Encryption Keys - A secure remote-data-storage system stores encrypted data and both plaintext and encrypted keys at a server, where data at the server is inadequate to recover the plaintext of the encrypted data; and stores at least one encrypted key at a client system. To decrypt the data, the client must obtain a copy of the encrypted data from the server, and a key to decrypt its locally-stored encrypted key. Once decrypted, the locally-stored key can be used to decrypt the encrypted data, or to decrypt an encrypted key from the server, which may then be used decrypt the encrypted data. | 01-03-2013 |
20130091362 | GENERATING IMPLICIT CERTIFICATES - Methods, systems, and computer programs for using an implicit certificate are disclosed. In some implementations, an identifier for an entity is obtained. A first cryptographic pair that includes a first private value and a first public value is generated. A second cryptographic pair that includes a second private value and a second public value is generated. Based on the first public value and the identifier for the entity, an implicit certificate IC is generated at a first computing device. Based on the implicit certificate IC, the first private value, and the second private value, a private key for the entity is generated at the first computing device. The implicit certificate IC is then sent with the second public value from the first computing device to the second computing device. The implicit certificate IC can be used, for example, to generate or verify digital signatures, to encrypt or decrypt messages, etc. | 04-11-2013 |
20130138966 | INFORMATION PROCESSING APPARATUS AND METHOD THEREFOR - Electronic data is input. The electronic data is divided into N (N is an integer satisfying N≧2) segments. Examination data is generated by repeating, up to the Nth segment, the computation processing of using the computation result obtained by performing predetermined computation on the data of the Mth (M is an integer satisfying 1≦M≦N−1) segment as an input for predetermined computation of the data of the (M+1)th segment. Verification data for the electronic data is generated so as to contain, as intermediate data, the examination data and a computation result in the middle of generating the examination data. | 05-30-2013 |
20130166917 | AUTHENTICATED CHECKIN VIA PASSIVE NFC - The present disclosure involves a method of verifying user check-ins to a venue. The method includes initializing a digital check-in chain for a venue. The method includes expanding, electronically by a processor, the check-in chain with a plurality of check-in entries that each correspond to a visit to the venue by a respective user. Each check-in entry on the check-in chain is generated in response to one or more preceding check-in entries on the check-in chain. The method includes detecting fraudulent check-in entries in response to a split in the check-in chain. The method includes removing the fraudulent check-in entries from the check-in chain. | 06-27-2013 |
20130179692 | SYSTEMS AND METHODS FOR THREE-FACTOR AUTHENTICATION - In one aspect, systems and methods for three-factor authentication include receiving a user's identification and password transmitted from the user's mobile device, generating a One Time Password (OTP), encrypting the OTP, and encoding the encrypted OTP in a two-dimensional barcode. The two-dimensional barcode of the encrypted OTP is transmitted to a computing device of the user, and an image of the two-dimensional barcode of the encrypted OTP displayed on the user's computing device is captured using the user's mobile device. The two-dimensional barcode of the encrypted OTP is decoded using the user's mobile device to obtain the encrypted OTP. The encrypted OTP is decrypted using the user's mobile device and displayed. The OTP then is spoken by the user, and the user's voice and the OTP are recognized to authenticate the user. | 07-11-2013 |
20130227298 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, INFORMATION PROCESSING PROGRAM AND INFORMATION PROCESSING SYSTEM - An information processing apparatus according to the present application includes a first application allowed to access the IC chip, including an IC chip in which predetermined data is recorded, an IC chip reading unit that reads the data recorded in the IC chip, and a signature data generation unit that generates signature data by performing encryption processing on the recorded data read by the IC chip reading unit and a second application not allowed to access the IC chip, including a server access unit that requests acquisition of content from an information providing server by receiving the signature data and the recorded data from the first application and transmitting the signature data and the recorded data to the information providing server that provides predetermined content. | 08-29-2013 |
20130268765 | Instant Messaging Private Tags - Systems for instant messaging private tags preferably comprise a parser for parsing an instant message for sensitive data and an encryption engine for encrypting the sensitive data. A modified uuencoder is also preferably included for converting the encrypted sensitive data into a data stream that complies with an XML format. Other systems and methods are also provided. | 10-10-2013 |
20140025956 | METHOD AND DEVICE FOR PRODUCT AND DOCUMENT AUTHENTICATION - Counterfeit articles are distinguished from genuine articles by a combination of a party-specific code and a product authentication code of the article. After authenticating a genuine article, a replacement authentication code is generated based on the original authentication code and party-specific code. Documents and currencies can be authenticated independently of any party-specific code by an addition to or alteration of their authentication code with each authentication event. | 01-23-2014 |
20140108810 | PERFORMING CLIENT AUTHENTICATION USING CERTIFICATE STORE ON MOBILE DEVICE - Techniques are disclosed for authenticating users to a computing application. A relying application transmits a login page to a user requesting access to the application. The login page may include a QR code (or other barcode) displayed to the user. The QR code may encode a nonce along with a URL address indicating where a response to the login challenge should be sent. In response, the user scans the barcode with an app on a mobile device (e.g., using a camera on a smart phone) to recover both the nonce and the URL address. The mobile device may also include a certificate store containing a private key named in a PKI certificate. The app signs the nonce using the private key and sends the signed nonce in to the URL in a response message. | 04-17-2014 |
20140359299 | Method for Determination of User's Identity - Method and system for determination of user's identity described herein, ensures a secure user authentication process using mobile device, e.g. a phone. Method can be used with any service provider resource site, not limited to a website on Internet accessed from the personal computer. The only technological pre-requisite for such a resource site, is capability to display a dynamically generated login/enrollment image. Method can be implemented for any operating system, browser or software API. | 12-04-2014 |
20150143128 | METHOD AND DEVICE FOR PRODUCT AND DOCUMENT AUTHENTICATION - Counterfeit articles are distinguished from genuine articles by a combination of a party-specific code and a product authentication code of the article. After authenticating a genuine article, a replacement authentication code is generated based on the original authentication code and party-specific code. Documents and currencies can be authenticated independently of any party-specific code by an addition to or alteration of their authentication code with each authentication event. | 05-21-2015 |
20150149785 | GENERATING FINGERPRINTED CONTENT DATA FOR PROVISION TO RECEIVERS - A method for generating, from initial content data, output content data for provision to one or more receivers, wherein the initial content data is encoded according to a coding scheme, wherein for a quantity of data encoded according to the coding scheme, the coding scheme provides a mechanism for including in the quantity of encoded data additional data such that a decoder for the coding scheme, upon decoding the quantity of encoded data, does not use the additional data to generate decoded data, the method comprising: selecting one or more portions of the initial content data; for each selected portion, generating a data construct that comprises a plurality of data structures, each data structure comprising data, including a version of the selected portion, that is encrypted using a corresponding encryption process different from each encryption process used to encrypt data in the other data structures, wherein the data construct is arranged such that using a decryption process that corresponds to the encryption process for one data structure on the encrypted data in each data structure in the data construct produces a quantity of data encoded according to the coding scheme that uses the mechanism so that a decoder for the coding scheme would not use any data structure in the data construct other than said one data structure; and using the generated data constructs in the initial content data instead of their corresponding selected portions to form the output content data. | 05-28-2015 |
20150304112 | System and method for administering licenses stored by a product unit, and administration of said unit in the field - The product unit disclosed herein has identification data that are stored internally in memory. This stored identification data can be viewed as the product unit's “digital nameplate,” in that the data can represent the product unit's identifier, brand, and so on. Each data set is digitally signed while on the production line by using an encryption technique. The digitally signed data set is then written into the product unit's memory where it can be used for verification. A first digitally-signed data set can be used to control the use of one or more software modules that are provided by a software owner. The data that are undergoing signature contain at least one globally-unique identifier, which can be used to identify cloning attempts. Additionally, more than one digital signature can be used, in order to protect and control the use of features other than the software, such as the product brand. | 10-22-2015 |
20150310386 | METHOD AND APPARATUS FOR STORAGE OF DATA FOR MANUFACTURED ITEMS - Exemplary embodiments are directed to a method and apparatus for storing data for a batch of manufactured items. The method comprises defining in a processor, using a lower limit identifier and an upper limit identifier, a range of unique item identifiers for the batch, wherein each manufactured item in the batch is allocated a unique item identifier falling within the range. The item identifiers are stored in allocated storage space. If an upper limit identifier is specified for each time interval, an amount of storage specified for all manufactured items during a production time period is calculated as a sum of a first product and a second product, the first product being a product of a production time and a size allocated to each upper limit identifier, and the second product being a product of the production time, a total number of manufactured items, and a percentage of unused identifiers. | 10-29-2015 |
20150333914 | METHOD AND SYSTEM FOR AUTHENTICATION - A method and system of authenticating communications sessions between two or more parties over one or more simultaneous communications channels using one or more communicating devices is provided including having a first party create a first set of signatures, wherein the first set of signatures includes a signature for each communications channel, communicating with at a second party over at least one communications channel, whereby the second party authenticates the first party's signature associated with the at least one communications channel and accepts communication with the first party. | 11-19-2015 |
20150358163 | SYSTEMS AND METHODS FOR QR CODE VALIDATION - Embodiments described herein combine both glyph technologies and cryptography technologies by encrypting data with a private key of an entity tasked with issuing controlled documents, and then converting the resulting encryption as a visual glyph, such as a QR code. This permits validation of the printed document by scanning the QR code using a smartphone and decrypting using the issuing entity's public key. In some embodiments, a purpose-built software application executed by the smartphone may automatically recognize QR codes on a document presented for review and then automatically decrypt the QR code using the public key of the issuing entity. A user performing the validation may then compare the document's content with the decrypted data on the smartphone. | 12-10-2015 |
20150358164 | SYSTEMS AND METHODS FOR QR CODE VALIDATION - Embodiments described herein combine both glyph technologies and cryptography technologies by encrypting data with a private key of an entity tasked with issuing controlled documents, and then converting the resulting encryption as a visual glyph, such as a QR code. This permits validation of the printed document by scanning the QR code using a smartphone and decrypting using the issuing entity's public key. In some embodiments, a purpose-built software application executed by the smartphone may automatically recognize QR codes on a document presented for review and then automatically decrypt the QR code using the public key of the issuing entity. A user performing the validation may then compare the document's content with the decrypted data on the smartphone. | 12-10-2015 |
20160253622 | TRACKING UNITIZATION OCCURRING IN A SUPPLY CHAIN | 09-01-2016 |
20220141031 | METHOD FOR GENERATING A DIGITAL PROOF OF THE TRANSMISSION OF A MESSAGE BY A UWB RADIO TAG, ASSOCIATED SYSTEM - A method for generating a composite signature of a datum transmitted by a UWB radio tag, includes transmission of a message by a UWB radio tag; reception of the transmitted message by at least two reception beacons; generation of an enriched message including a temporal datum calculated from the arrival date of the first message and at least one signature by each of the beacons; and reception of the enriched messages by a calculator to determine a proof from the temporal data and signatures of each enriched message received. | 05-05-2022 |