Abstract: A method of detecting a version of input data content, there being a plurality of different versions of said data content, in which: said data content is arranged as two or more segments according to a segmentation pattern; and said versions of said data content are identifiable by corresponding identification data patterns by which at least some of said segments have respective identification data; said method comprising the steps of: (i) detecting said identification data in respect of said segments of said input data content; (ii) comparing said detected identification data with said identification data patterns corresponding to said different versions of said data content; and (iii) detecting that said input data content comprises at least a contribution from a certain version of said data content if a sum of matches obtained between said detected identification data and said identification data pattern for said certain version exceeds a threshold number.

Abstract: A system allowing a target machine to be booted up from a disk image stored in memory. Instead of reading the boot-up information from a disk drive or other physical device the data is read from memory. No modification is necessary to native operating system, input/output subsystem, bootstrap code, etc., since the invention modifies characteristics, such as vectors used by the operating system, to make the disk image in memory appear to be the same as a standard external device.

Abstract: Methods and apparatus, including computer program products, for providing input to a workflow application. Source documents are received that have respective original signatures but no digital signatures. The source documents can be paper documents, or they can be scanned representations of paper documents. Proxy digital signatures are applied to digital representations of the source documents. The proxy digital signatures are differentiated in that they are annotated with metadata indicating the quality of the respective original signatures.

Abstract: Method of identifying invalid digital signatures involving batch verification by receiving digital messages, digital signatures, and signer identifiers, computing Z0 as a function of the received information, and determining if the digital signatures are valid. If so, stopping. If not, assigning a signature identifier to each digital signature, setting w equal to 1, computing Zw as a function of the received information and signature identifiers, and searching for a multiplicative relationship amongst Z0, Z1, . . . , Zw. If one is found then determining the invalid digital signatures from the multiplicative relationship and stopping. Otherwise, incrementing w and returning to the step of computing for additional processing if desired.

Abstract: There is described an authentication system in which during an enrolment process a distinctive characteristic of a subject being enrolled is measured to generate a reference number representative of the subject. Authentication data is then generated using the reference number, and the authentication data is stored for use in a subsequent verification process. During verification, the representative characteristic of the subject being verified is re-measured to generate a test number representative of the subject being verified and the authentication data during enrolment is retrieved. The authentication system then checks for equality between the test number and the reference number using the retrieved authentication data. If the test number and the reference number are equal, then the authenticity of the subject is verified, otherwise the authenticity is denied.

Abstract: A scalable method and apparatus that detects frequent and dispersed invariants is disclosed. More particularly, the application discloses a system that can simultaneously track frequency rates and dispersion criteria of unknown invariants. In other words, the application discloses an invariant detection system implemented in hardware (and/or software) that allows detection of invariants (e.g., byte sequences) that are highly prevalent (e.g., repeating with a high frequency) and dispersed (e.g., originating from many sources and destined to many destinations).

Abstract: In accordance with various aspects, the present invention relates to methods and systems for sending an identity information document comprising selecting identity information from a self-identity information store for inclusion in the identity information document. The selected identity information is read from a self-identity information store. The identity information document is generated to include the selected identity information and one or more keys, and signed using a key associated with one of the keys included in the identity information document. The identity information document is then sent to a recipient. Receiving an identity information document comprises receiving a signed identity information document from an originator. A determination is made as to whether identity information in the identity information document is reliable. The identity information is saved in a recognized identity information store if the identity information is determined to be reliable.

Abstract: Process for enabling a content provider and its users to easily manage licenses for intended uses for selected or provided content.

Abstract: A document accessible over a network can be registered. A registered document, and the content contained therein, cannot be transmitted undetected over and off of the network. In one embodiment, the invention includes maintaining a plurality of stored signatures, each signature being associated with one of a plurality of registered documents, intercepting an object being transmitted over a network, calculating a set of signatures associated with the intercepted object, and comparing the set of signatures with the plurality of stored signatures. In one embodiment, the invention can further include detecting registered content from the registered document being contained in the intercepted object, if the comparison results in a match of at least one of the signatures in the set of signatures with one or more of the plurality of stored signatures.

Abstract: At each of a plurality of transit readers of a transit system, for each of a plurality of riders, where each rider seeks to conduct an access transaction with the transit system for access into the transit facility by using a payment device issued by an issuer in a payment system, data is read from the payment device. The data includes an encryption code that uniquely corresponds to the payment device and was created by the issuer using one or more encryption keys and a predetermined algorithm. A check will be performed, remotely and/or locally, of one or more lists of other encryption codes to determine if the encryption code is on the list. On the basis of whether the encryption code is on the list, the rider is permitted access to the facility of the transit system. The payment device need not be changed for the rider's fare. Decryption of the encryption code read from the payment device is not required to complete the access transaction.

Abstract: A system and method for providing Digital Rights Management (DRM) using multiple watermarks are disclosed. In one embodiment, upon purchase of a digital asset, a copy of the digital asset that is watermarked with a content specific watermark and a user, or purchaser, specific watermark and a digital certificate including content specific watermark information and user specific watermark information corresponding to the watermarks in the copy of the digital asset are generated. The copy of the digital asset and the digital certificate are provided to the user. Thereafter, access to the copy of the digital asset is controlled based on a comparison of the watermarks in the copy of the digital asset and the watermark information in the digital certificate.

Abstract: A printing device capable of preventing a printing process from being performed in accordance with print information sent from a printer driver in version for which permission of use is not given. In a host computer, a print data generator adds signature data to print data, which is transferred to a printer, by employing a signature algorithm and signature-related data. In a printer, a print data analyzing/processing unit extracts the signature data having been added to the print data transferred from the host computer, and verifies the extracted signature by employing a signature verification algorithm and signature verification data.

Abstract: Digitally signing data for multiple encodings is disclosed. A first signature of the data is generated. A second signature of a second encoding of the data is generated. The first signature and the second signature are associated with the signed data.

Abstract: A robust technique to prevent illicit copying of video information notwithstanding the use of image scaling. A watermark is embedded into the video signal (e.g., DVD's content or other video sources) at different scales (i.e., sizes). The watermark is maintained at each scale for a predetermined time duration that is sufficient to allow the detector circuit in a DVD-recorder, DVHS recorder, DVCR, or any other digital format recorder to detect, extract, and process information contained in the watermark. At the end of the predetermined time duration, the watermark is changed to a different scale preferably on a pseudo-random basis to ensure that each one of all the scales in a predetermined scaling range is achieved a predetermined number of times.

Abstract: A computer-implemented mechanism for granting rights to a resource is described. A license identifies-one or more principals, resources, rights and conditions. At least one condition recited in the license includes a reference to state information. The state information is external to the license. When evaluating the license, a resource or access control module requests the state information from the entity identified in the reference to state information.

Abstract: Embodiments of methods and apparatus for providing an access profile system associated with a broadband wireless access network are generally described herein. Other embodiments may be described and claimed.

Abstract: Systems and methods of providing a desktop framework. The desktop framework may include an application framework component that includes a set of core libraries that provide desktop applications access to data and services, a download component that maintains versions of the desktop applications and core libraries installed on a computer, and a license component that tracks data use and access. The application framework exposes APIs to provide the desktop applications with access to the data and services. The application framework serves as a platform upon which the desktop applications share common data and logic.

Abstract: Application factoring or partitioning is used to integrate secure features into a conventional application. An application's functionality is partitioned into two sets according to whether a given action does, or does not, involve the handling of sensitive data. Separate software objects (processors) are created to perform these two sets of actions. A trusted processor handles secure data and runs in a high-assurance environment. When another processor encounters secure data, that data is sent to the trusted processor. The data is wrapped in such a way that allows it to be routed to the trusted processor, and prevents the data from being deciphered by any entity other than the trusted processor. An infrastructure is provided that wraps objects, routes them to the correct processor, and allows their integrity to be attested through a chain of trust leading back to base component that is known to be trustworthy.

Abstract: The present invention discloses a digital signature scheme based on braid group conjugacy problem and a verifying method thereof, wherein a signatory S selects three braids x?LBm(l), x??Bn(l), a?Bn(l), and considers braid pair (x?,x) as a public key of S, braid a as a private key of S; Signatory S uses hash function h for a message M needing signature to get y=h(M)?Bn(l); generating a braid b?RBn?1?m(l) randomly, then signing M with a and b to obtain Sign(M)=a?1byb?1a; a signature verifying party V obtains the public key of S, calculating the message M by employing hash function h, obtaining the y=h(M); judging whether sign(M) and y, sign(M)x? and xy are conjugate or not, if yes, sign(M) is a legal signature of message M; the present invention reduces the number of braids involved and the number for conjugacy decision without reducing security, thereby improving the operation efficiency of signature.

Abstract: A user provides signature attributes to a computer system for generating a signature, such as content directories, a signature accuracy level, and whether an existing signature database exists. The computer system generates a signature and the user tests the signature against a test file system. Based on the test results, the user may refine the signature using a different file system or a different content installation. In one embodiment, a user may generate a parent signature from existing “child” signatures that correspond to different versions of particular content. For example, a user may wish to generate a “Program” parent signature using children signatures “program v.0,” “program v.1,” and “program v.2.” When the user is satisfied with the signature, the user may use the signature to detect content that is located in a computer device's file system.

Abstract: An inter-record alteration detection code verification unit 36 calculates an inter-record alteration detection code by merging a record alteration detection code stored in a record to read from a database 34 and a record alteration detection code in the immediately previous record so as to generate a code and applying a predetermined hash operation to the generated code. The verification unit verifies whether the calculated inter-record alteration code coincides with the inter-record alteration detection code stored in the record to read. If they coincide with each other, data is determined to be not altered.

Abstract: An information processing apparatus has an authentication/key exchange unit, a round trip time measuring unit, a common key transmitter, a contents key transmitter and a contents transmitter. The round trip time measuring unit sends a round trip time measuring request generated to the communication apparatus through the first communication connection to measure the round trip time, and check whether the measured round trip time is within a predetermined time and whether a transmitting source of the round trip request response is the communication apparatus sharing the first key. The common key transmitter encrypts a second key used for contents transmission by using the first key and transmits the encrypted second key through the first communication connection when the round trip time measuring unit succeeds in the checking.

Abstract: To generate and verify signature data using a known signature algorithm whose safety is ensured from the viewpoint of calculation quantity and ensuring the authenticity thereof over a long time period. A message to be signed is transmitted, a padding-data item is added to the message, and a signature-data item of the message with the padding-data item added thereto is generated by using a hash function and a public-key cryptosystem. The addition step and the generation step are performed a predetermined number of times by using the signature-data item, as the padding-data item, and the signature-data items generated the predetermined number of times and the padding-data items added the predetermined number of times are externally transmitted with the message.

Abstract: The present invention finds candidate objects for remote differential compression. Objects are updated between two or more computing devices using remote differential compression (RDC) techniques such that required data transfers are minimized. An algorithm provides enhanced efficiencies for allowing the receiver to locate a set of objects that are similar to the object that needs to be transferred from the sender. Once this set of similar objects has been found, the receiver may reuse any chunks from these objects during the RDC algorithm.

Abstract: The invention concerns a system enabling a member (M) of a group (G) to produce, by means of customized data (z; K), a message (m) accompanied by a signature (8) proving to a verifier that the message originates from a member of the group (G). The invention is characterized in that the customized data is in the form of an electronic physical medium (26). Advantageously, the latter also incorporates: encrypting means (B3) for producing a customized cipher (C) from the customized data prior to the signature S of the message (m), means (B5) for producing a combination of a message m to be signed and the cipher (C) associated with said message, for example in the form of a concatenation of the message (m) with the cipher (C), and means (B6) for signing (Sig) the message (m) with the customized data (z; K) in the form of a cipher (C) associated with said message. Advantageously, the physical medium is a smart card (26) or the like.

Abstract: A method and system for surreptitiously detecting and analyzing sites suspected of transferring steganographic communications, is accomplished by analyzing a targeted site for steganographic communications via a server that directs a plurality of clients to analyze the targeted site. The clients are dispatched according to the objectives of the server and the data retrieved by previous clients, which have been directed to scan the site. The client's data is aggregated and analyzed to determine if a steganographic communication is present.

Abstract: A system and method for providing distributed security of a network. Several device profilers are placed at different locations of a network to assess vulnerabilities from different perspectives. The device profiler identifies the hosts on the network, and characteristics such as operating system and applications running on the hosts. The device profiler traverses a vulnerability tree having nodes representative of characteristics of the hosts, each node having an associated set of potential vulnerabilities. Verification rules can verify the potential vulnerabilities. A centralized correlation server, at a centrally accessible location in the network, stores the determined vulnerabilities of the network and associates the determined vulnerabilities with attack signatures. Traffic monitors access the attack signatures and monitor network traffic for attacks against the determined vulnerabilities.

Abstract: The present invention protects against denial of service attacks on lookup or hash tables used to store state information for data transfer protocols used to transfer data between two host computers. Two hash tables are provided for holding state information, one for verified remote entities (i.e., those where the remote local address can be traced to a host), and one for unverified entities. A cryptographically secure hash is applied to packets from unverified remote entities, since these are the most likely to attempt attacks on the hash tables. The performance of the local server for packets from verified remote entities, however, is maintained.

Abstract: A voice call system and a method and apparatus for identifying a voice caller are disclosed. The system includes a call originator apparatus 10 and a called party apparatus 20. At least one trusted user identity is formed at the call originator apparatus 10, ideally in a trusted platform module 12 configured according to a Trusted Computing Platform Alliance (TCPA) specification. The called party apparatus 20 checks the trusted user identity when establishing a new voice call. Advantageously, an identity of the voice caller using the call originator apparatus is confirmed in a reliable and trustworthy manner, even when the voice call is transported over an inherently insecure medium, e.g. an open computing system like the internet 30. Preferred embodiments of the invention use IP telephony, such as SIP (session initiation protocol) or H.323 standard voice telephony.

Abstract: An apparatus for recording additional information hard to analyze in an information recording medium, a reproducer, a recording medium, a method, and a computer program for the same are provided. Bit values set at a plurality of DC control bit information setting positions set in a recording frame are decided based on constituent bit information of additional data, and additional data such as key information used for decoding contents is recorded in the information recording medium. In the reproducer, the additional data constituent bit information can be acquired by detecting the bit position set at a selected DC control bit storage position in the additional data-associated recording frame. With the configuration, it is possible to embed additional information such as key information used for decoding contents, key production information, contents reproduction control information, and copying control information with a format hard to analyze and also to accurately read out for data reproduction.

Abstract: A multi signature verification system adds new additional data to original data with a signature attached thereto and verifies validity of the original data and the additional data. The system includes an electronic signature attaching apparatus including an electronic signature attaching unit attaching an electronic signature to original data previously created, acquired trapdoor hash value, and identification information, a data addition apparatus, and an electronic signature verification apparatus.

Abstract: A technique for security and authentication on block-based media includes involves the use of protected keys, providing authentication and encryption primitives. A system according to the technique may include a secure device having a security kernel with protected keys. A disk drive security mechanism may support authentication of data, secrecy, and ticket validation using the security kernel and, for example, a ticket services module (e.g., a shared service that may or may not be used by other storage devices like flash).

Abstract: A method and product are provided that identify properly spelled words from an input string. Separate lexical entries are identified for different parts of an input word. Grammatical information associated with one of the lexical entries is examined to determine if it satisfies a grammatical constraint associated with another of the lexical entries. A properly spelled word is formed by combining the separate lexical entries if the grammatical information satisfies the constraint. Under some embodiments of the invention, the separate lexical entries are identified by performing a first search of a lexicon using a first part of the input string and by performing a second search of the lexicon using a second part of the input string.

Abstract: A system and method for providing distributed security of a network. Several device profilers are placed at different locations of a network to assess vulnerabilities from different perspectives. The device profiler identifies the hosts on the network, and characteristics such as operating system and applications running on the hosts. The device profiler traverses a vulnerability tree having nodes representative of characteristics of the hosts, each node having an associated set of potential vulnerabilities. Verification rules can verify the potential vulnerabilities. A centralized correlation server, at a centrally accessible location in the network, stores the determined vulnerabilities of the network and associates the determined vulnerabilities with attack signatures. Traffic monitors access the attack signatures and monitor network traffic for attacks against the determined vulnerabilities.

Abstract: A method of transferring digital certificates from a digital-certificate transferring apparatus to a communications counterpart. The method includes authenticating the communications counterpart using a common certificate and transferring a normal certificate to the communications counterpart when the authenticating succeeds. The method further includes receiving a first normal certificate at an address from said communications counterpart, and when, it is determined to be necessary, transferring to the communications counterpart a second normal certificate along with the information identifying the communications counterpart and an address corresponding to a second normal certificate. The second normal certificate is of a different type than the first normal certificate.

Abstract: A method of managing digital signature includes the steps of preparing a signature log file storing signature log entry information, generating a new digital signature for a transmission message by reflecting, in the new digital signature, signature log entry information registered to the signature log file in the past; generating signature log entry information associated with the new digital signature and registering the signature log entry information to the signature log file; and preparing a user search file in addition to the signature log file; registering, to the user search file, user identifier information indicating a transmission destination of the transmitted digital signature and a transmission source of the received digital signature, with a correspondence established between the information, the user identifier information, and each signature log entry information in the signature log file.

Abstract: A method for encrypting a message containing a plurality of message segments is described. First, a key is input into a SHA function to generate a first hash value. Then, a first message segment is encrypted into a first cipher segment by use of a part of the first hash value. Next, the first message segment and the first hash value are input into the SHA function to generate a second hash value. Following that, the second message segment is encrypted into a second cipher segment by use of a part of the second hash value. Subsequently, next message segment is repeatedly encrypted and input into the SHA function to generate a next cipher segment and a next hash value, respectively, until the last message segment is encrypted and the last hash value is generated.

Abstract: A method and apparatus for obtaining access to services of service providers. In one embodiment, the method comprises requesting a desired service through a foreign service provider, generating a hash tree and generating a digital signature on a root value of the hash tree, sending the digital signature and the root value to the foreign service provider, providing one or more tokens to the foreign service provider with the next packet if the foreign service provider accepts the signature and continuing to use the service while the foreign service provider accepts tokens.

Abstract: A method of and device (110) for granting access to content on a storage medium (101), comprising obtaining cryptographic data (Y) from a property (102), such as a wobble, of the storage medium (101), reading helper data (W) from the storage medium (101), and granting the access based on an application of a delta-contracting function to the cryptographic data (Y) and the helper data (W). The delta-contracting function allows the choice of an appropriate value of the helper data (W), such that any value of the cryptographic data (Y) which sufficiently resembles said original primary input value leads to the same output value. Substantially different values of the cryptographic data (Y) lead to different values of the output.

Abstract: Distributing information, including the steps of watermarking the digital content, distributing the digital content using a multi-source system, and partially fingerprinting digital content at each stage of moving information from a point of origin to the viewer. “Adaptation” of the digital content to the recipient includes maintaining the digital content in encrypted form at each such intermediate device, including decrypting the digital content with a key unique to both the device and the specific movie, selecting a portion of the watermark locations into which to embed information, embedding fingerprinting information into those locations sufficient to identify the recipient, and encrypting the fingerprinted digital content with a new such key.

Abstract: A method for creating a digital certificate for a user issued by a reliant party, where the reliant party relies on an established cryptographic infrastructure by a registration or certificate authority is described. The registration authority, typically a large financial or credit institution, has already performed the initial overhead steps necessary for a digital authentication system using a chip card. These steps include minting and distributing the chip card, establishing that the key pair and card are given to the right person, and creating the certificate library. The reliant party leverages this cryptographic infrastructure to issue its own digital certificate and certificate chain to a user already having a chip card from the registration authority. Consequently, a user can have additional digital certificates issued to him without having his chip card modified in any way. All additional digital certificates created for a user are stored at a user-specific memory are in a remote certificate library.

Abstract: An anti-tampering signature apparatus is provided with an extraction portion 33 for extracting a characteristic quantity that represents a characteristic of image data according to an instruction from a certifier who has certified display data, an encryption/decryption portion 35 that generates encrypted data by encrypting the characteristic quantity using an encryption key paired with an identifier and decrypts the encrypted data into the characteristic quantity, a media writing portion 34 that appends the identifier and the encrypted data to a rewritable medium, and a controller 37 that judges whether or not the decrypted characteristic quantity and the characteristic quantity extracted from image data generated by reading the display data match.

Abstract: According to an embodiment of the invention, a method and apparatus for session key exchange are described. An embodiment of a method comprises requesting a service for a platform; certifying the use of the service for one or more acceptable configurations of the platform; and receiving a session key for a session of the service, the service being limited to the one or more acceptable configurations of the platform.

Abstract: A server registering a first party as a party relying upon a second party's certificate, revoking the second party's certificate after registering the first party, and initiating communication with the first party to indicate that the second party's certificate has been revoked.

Abstract: A second digital credential that includes a first digital credential and a digital signature is received, and the validity of the second digital credential is determined. A determination is made whether the first digital credential is valid based on the validity of the second digital credential.

Abstract: In accordance with one embodiment of the present invention, there is provided a mechanism for implementing navigation seamlessly between sites in a computing environment in order to access resources without having to require users or user agents to re-authenticate. In one embodiment, there is provided the ability to determine different attribute sets for use with different resources on a target site for a user or user agent authenticated with a first site seeking to access one or more resources of the second site without re-authenticating. In one embodiment, there is provided the ability to map accounts on a first site to accounts on the second site using a set of attributes selected from among attributes provided by an application on the first site. With this mechanism, it is possible for applications or other resources to share information about a user or a user agent across disparate web sites seamlessly.

Abstract: Architecture that facilitates validation of a data mapping of data from a data source to a data target. There is included a signature generation component that generates a source signature of all or a portion of the data source and a target signature of all or a corresponding portion of the data target, and a sampling component that obtains a sample of the source data a corresponding sample of the target data. The data signatures and data samples are compared respectively and processed with a processing component to determine the status of the validation process.

Abstract: The specification discloses a system and related method for tracking access to digital information that involves combining biometric information of a person seeking access with the digital information and a digital signature. Each person who accesses the digital information has their biometric and digital signatures combined in this manner. Thus, the digital information itself reflects who has accessed the information. Where the digital information is a video, the combining of the biometric and digital signatures is done on a frame-by-frame basis.

Abstract: A system (50, 150) for assisting a user (14) to determine whether a hyperlink (152) to a target uniform resource locator (URL) is spoofed. A computerized system having a display unit is provided and logic (158) therein listens for activation of the hyperlink (152) in a message (154). The logic (158) extracts an originator identifier (102) and encrypted data from the hyperlink (152), and decrypts the encrypted data into decrypted data based on the originator identifier (102). The logic (158) determines whether the hyperlink (152) includes the originator identifier (102) and the encrypted data decrypts successfully. Responsive to this it then presents a confirmation of authentication conveying the name of the owner and the domain name of the target URL on the display unit, and it redirects the user (14) to the target URL. Otherwise, it presents a warning dialog to the user (14) on the display unit.

Abstract: A system (50, 150) for assisting a user (14) to determine whether an email (18) comes from a purported originator (16). A computerized system having a display unit is provided. Logic (54) in the computerized system determines whether the email (18) includes an authenticity mark (52) including an originator identifier (102) and encrypted data (104). Logic (54) in the computerized system then decrypts the encrypted data (104) into decrypted data (108-14), based on the originator identifier (102). Logic (54) in the computerized system then presents to the user (14), on the display, whether the email (18) includes the authenticity mark (52), whether the encrypted data (104) decrypts successfully, and information based on the authenticity mark (52) and the decrypted data (108-14).