Abstract: The present invention is an authentication method for disclosing identification data of an object and authenticating when referring to data of the object corresponding to the identification data based on the identification data and can associate a tag device and data of a referring entity and authenticate that data of the tag device is referred by a proper referring entity by generating a third value by conducting a predetermined calculation with a temporary first value indicating a most recent referral to the identification data of the object and a temporary reference second value issued to a referring entity of the identification data for each referral, and authenticating a relationship between the object and the referring entity by verifying the third value.

Abstract: A method, a router and a host are introduced for providing secure communication with limited use of processing intensive cryptographic means. Strong cryptographic keys are first used between the host and the router to sign messages therebetween, thereby ensuring that a first communication between the host and the router is secure. The router generates a secret key and forwards it to the host, the secret key being encrypted at the router and decrypted at the host by use of the strong cryptographic keys. Further communication between the host and the router is signed by use of the secret key.

Abstract: Secondary content in encrypted for distribution to client terminals by selecting at least a portion of raw encrypted audio-video data (REAVD) that is provided on a media article as an encryption key, encrypting secondary content using the encryption key, and storing encrypted secondary content at a remotely located host. The media article can then be used for providing access to the encrypted secondary content to client terminals by receiving encrypted secondary content at a client terminal, extracting a decryption key from a media article encoded with REAVD, the decryption key being determined by at least a portion of the REAVD, using the decryption key to decrypt the secondary content, and outputting the decrypted secondary content from the client terminal.

Abstract: A solution is provided for associating network traffic traversing on a networked environment according to a selected category item, such as a user name or other network entity identity-related information, by using a monitor device. The solution includes: obtaining user information from the directory service by obtaining at least one set of user object attributes from the directory service; identifying at least one authentication exchange packet from packets traversing on the networked environment; extracting a user ID and a network address from the authentication exchange packet; filtering or selecting packets traversing on the network environment that each have a network address equivalent to the extracted network address; and associating packets that were selected with user information having a name attribute equivalent to the extracted user ID.

Abstract: A communications protocol is used to provide data privacy, message integrity, message freshness, and user authentication to telemetric traffic, such as to and from implantable medical devices in a body area network. In certain embodiments, encryption, message integrity, and message freshness are provided through use of token-like nonces and ephemeral session-keys derived from device identification numbers and pseudorandom numbers.

Abstract: A mediation server 200 mediates a print demand from a client device 100 to a printing device 300. In order to elude a firewall F/W set between the mediation server 200 and the printing device 300, the printing device 300 first sends an HTTP request to the mediation server 200. The mediation server 200 sends back an HTTP response including a print demand to the printing device 300. Encrypted communication may be established between the client device 100 and the printing device 300 according to the following procedure. The mediation server 200 decrypts cipher data, which is encrypted with a public key by the client device, with a private key, re-encrypts the decrypted data with another private key, and mediates the encrypted data to the printing device 300. The printing device 300 decrypts the encrypted data with the public key and carries out printing. This arrangement enables the printing device to carry out printing in response to a demand from the client device via respective secure network environments.

Abstract: A communications protocol is used to provide data privacy, message integrity, message freshness, and user authentication to telemetric traffic, such as to and from implantable medical devices in a body area network. In certain embodiments, encryption, message integrity, and message freshness are provided through use of token-like nonces and ephemeral session-keys derived from device identification numbers and pseudorandom numbers.

Abstract: The present invention provides a personal information management system, a personal information management program and a personal information protecting method capable of storing personal information in consideration of security protection and facilitating utilization of the stored information. A personal information management system for handling personal information has a function of connection to a personal information dispersion management server that provides functions of encrypting personal information by the secret sharing scheme and decrypting the encrypted personal information with an index key for decrypting. The system has a search keyword management database storing the index key for decrypting and a personal information managing apparatus.

Abstract: The invention provides a method, apparatus, computer readable medium and signal which allows the usage of devices containing PKI private keys such as PKI-enabled smart cards or USB sticks to authenticate users and to sign transactions. The authenticity of the user and/or the message is verified. Furthermore the operation (authentication and/or signing) occurs without the need for an application to have some kind of a direct or indirect digital connection with the device containing the private key. In other words a digital connection that would allow an application to submit data to the card for signing by the card's private key and that would allow retrieving the entire resulting signature from the card is not required. In addition the operation occurs without the need for the PKI-enabled device containing the private key (e.g.

Abstract: Systems and methods to test software applications with schema-based fuzzing are described. In one aspect, the systems and methods automatically generate valid input data for a software application according to a fuzzing data schema. The fuzzing data schema describes characteristics of data format that would be proper or well formed for input into the software application. The systems and methods mutate to the valid input data with one or more fuzzing algorithms to generate corrupted versions, or malformed data. The malformed data is for fuzz testing the software application to identify any security vulnerabilities.

Abstract: Dynamic Root of Trust for Measurement (DRTM) mechanisms can be initiated, not by CPU-manufacturer-specific instructions, but by the execution of code in System Management Mode (SMM) that can modify the values stored in specific Platform Configuration Registers (PCRs) of a Trusted Platform Module (TPM). The SMM code can be verified prior to execution and it can be trusted based on the secure mechanisms used to update such code. The SMM code can restore a known, trusted state of the computing device and can initiate the measuring of subsequently executed code. In such a manner the Trusted Computing Base (TCB) can be limited.

Abstract: The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node.

Abstract: In one embodiment, the present invention is a method and apparatus for adding signature information to electronic documents. One embodiment of the inventive method involves adding the signature information into a signature data field template corresponding to the electronic document, converting the signature data field template, including the added signature information, to an image file, and superimposing the image file over the electronic document to produce a signed electronic document. The inventive method substantially eliminates the potential for human error and security breaches in the signing of electronic documents.

Abstract: A data processing method accepts a removable storage media, which becomes electrically engaged with a system unit within the data processing system, after which the removable storage media and the hardware security unit mutually authenticate themselves. The removable storage media stores a private key of a first asymmetric cryptographic key pair and a public key of a second asymmetric cryptographic key pair that is associated with the hardware security unit, and the hardware security unit stores a private key of the second asymmetric cryptographic key pair and a public key of the first asymmetric cryptographic key pair that is associated with the removable storage media. In response to successfully performing the mutual authentication operation between the removable storage media and the hardware security unit, the system unit is enabled to invoke cryptographic functions on the hardware security unit while the removable storage media remains engaged with the system unit.

Abstract: This invention relates to an optical imaging device that includes an elongate housing. An infrared sensor arrangement is arranged in the housing and is configured to sense information printed on a page with infrared ink. The device also includes a radio frequency transceiver arranged in the housing and operatively connected to the sensor arrangement for communicating said information wirelessly. A pair of orthogonal accelerometers mounted in the housing in a plane normal to an elongate axis of the housing. The accelerometers enable the device to sense direction and speed of motion without reference to a location on the page. Also included is a controller circuit for controlling operation of the sensor arrangement, the transceiver, and the accelerometers.

Abstract: In one embodiment, cryptographic transformation of a message is performed by first performing a table initiation phase to populate a data structure. Then, a first random number multiplied by a public key is added to each value in the data structure, in modulo of a second random number multiplied by the public key. Then an exponentiation phase is performed, wherein each modular multiplication and square operation in the exponentiation phase is performed in modulo of the second random number multiplied by the public key, producing a result. Then the result of the exponentiation phase is reduced in modulo of the public key. The introduction of the random numbers aids in the prevention of potential security breaches from the deduction of operands in the table initiation phase by malicious individuals.

Abstract: Encoded data that is obtained by embedding subdata in advertisement information and embedding the subdata-embedded advertisement information in main data is provided to a user. At the user side, the encoded data is decoded to reproduce the main data and the subdata-embedded advertisement information, and the subdata-embedded advertisement information is decoded to reproduce the advertisement information and the subdata embedded therein.

Abstract: An apparatus (100) used by a plurality of devices to authenticate an accessory (120) is configured to operate with a device (110) of the plurality of devices. The accessory (120) applies an authentication algorithm to a key and a challenge (130) received from the device (110) and generates a response (132) thereto. A challenge and response memory (114) stores a subset of a set of challenges (232) and pre-computed responses (230). The enabling circuit transmits a challenge (130) to the accessory (120) and receives a received response (132) therefrom. The enabling circuit (112) also compares the received response (132) to the stored response (230) corresponding to the stored challenge (232) sent to the accessory (120).

Abstract: A system (100) and method (500) system to authenticate a peer in a peer-to-peer network is provided. The system can include a first peer (110) to locally create a secret key (112) and use the secret key to produce a public-key pair (120) comprising an identifier name (113) and a small public-key (115), and a second peer (160) to locally authenticate the identifier name of the public-key pair by requesting (405) the first peer to produce a unique dataset that does not reveal the secret-key and yet validates that the public-key pair was generated with the secret-key when the large public-key is applied to a portion of the unique dataset without using an external authentication system.

Abstract: The subject disclosure pertains to systems and methods that facilitate managing groups entities for access control. A negative group is defined using a base group, where the negative group associated with a base group includes any entities not included in the base group. Negative groups can be implemented using certificates rather than explicit lists of negative group members. A certificate can provide evidence of membership in the negative group and can be presented for evaluation to obtain access to resources. Subtraction groups can also be used to manage access to resources. A subtraction group can be defined as the members of a first group, excluding any members of a second group.