Abstract: Privacy of data can be preserved while utility of the output is maximized by selecting from an appropriately calculated distribution of noise values to add to an output. A distribution that includes a high likelihood of large noise values may lead to less useful output data. Conversely, a distribution that includes very low likelihood of large noise values may lead to less privacy. A distribution should be calculated to provide an appropriate level of output utility and privacy based on the query that is performed and the desired privacy level.

Abstract: Techniques are provided for injecting noise into secure function evaluation to protect the privacy of the participants. A system and method are illustrated that can compute a collective noisy result by combining results and noise generated based on input from the participants. When implemented using distributed computing devices, each device may have access to a subset of data. A query may be distributed to the devices, and each device applies the query to its own subset of data to obtain a subset result. Each device then divides its subset result into one or more shares, and the shares are combined to form a collective result. The devices may also generate random bits. The random bits may be combined and used to generate noise. The collective result can be combined with the noise to obtain a collective noisy result.

Abstract: A system and method for aggregating rankings from a plurality of ranking sources to generate a maximally consistent ranking by minimizing a distance measure. The ranking sources may be search engines executing queries on web pages that have been deliberately modified to cause an incorrect estimate of their relevance. The invention supports combining partial rankings.

Abstract: A database has a plurality of entries and a plurality of attributes common to each entry, where each entry corresponds to an individual. A query is received from a querying entity query and is passed to the database, and an answer is received in response. An amount of noise is generated and added to the answer to result in an obscured answer, and the obscured answer is returned to the querying entity. The noise is normally distributed around zero with a particular variance. The variance R may be determined in accordance with R>8 T log2(T/?)/?2, where T is the permitted number of queries T, ? is the utter failure probability, and ? is the largest admissible increase in confidence. Thus, a level of protection of privacy is provided to each individual represented within the database. Example noise generation techniques, systems, and methods may be used for privacy preservation in such areas as k means, principal component analysis, statistical query learning models, and perceptron algorithms.

Abstract: A database has a plurality of entries and a plurality of attributes common to each entry, where each entry corresponds to an individual. A query q is received from a querying entity query q and is passed to the database, and an answer a is received in response. An amount of noise e is generated and added to the answer a to result in an obscured answer o, and the obscured answer o is returned to the querying entity. Thus, a level of protection of privacy is provided to each individual represented within the database.

Abstract: Reducing or deterring undesirable electronic communications by requiring a sender of an electronic communication to download a memory-bound function that describes a table. The function initializes and builds a table, hashes each entry in the table, sorts the table. The steps of hashing and sorting the table may be completed as many times as desired. At the conclusion of the iterations, the table may be hashed a final time to unsort the table. The sender then uses the table in proving a computational function. The proof of the function is sent to a recipient of the electronic communication as proof that the sender has spent computational effort to send the e-mail.

Abstract: The present invention provides for generating inputs that can be provided to a message classification module to facilitate more reliable classification of electronic messages, such as, for example, as unwanted and/or unsolicited. In one embodiment, a sending messaging server provides an appropriate response to address verification data thereby indicating a reduced likelihood of the sending messaging server using a forged network address. In another embodiment, it is determined if a messaging server is authorized to send electronic messages for a domain. In yet another embodiment, electronic message transmission policies adhered to by a domain are identified. In yet a further embodiment, a sending computer system expends computational resources to solve a computational puzzle and includes an answer document in an electronic message. A receiving computer system receives the electronic message and verifies the answer document.

Abstract: A system and method for aggregating rankings from a plurality of ranking sources to generate a maximally consistent ranking by minimizing a distance measure. The ranking sources may be search engines executing queries on web pages that have been deliberately modified to cause an incorrect estimate of their relevance. The invention supports combining partial rankings.

Abstract: A machine-readable check comprising a check and a machine-readable image block printed on the check. Preferably, the image block is a two-dimensional print code.

Abstract: A system and method are provided for producing verified signatures on documents such as checks and affidavits. Initially, a customer who is to obtain a verified signature, at some point in time, registers with a signatory authority, and a secret key, having public and private components, is established uniquely for that customer. When a document requires a verified signature, the customer presents the document and proof of his/her identity, such as a preprogrammed computer-interfacable card, to a signature system. Typically, such a system is to be available at an institution, such as an office, bank, or post office, where such services will routinely be used. The system accesses the archive of the private portion of the customer's key, and generates an encoded signature based, in part, on the content of the document. Accordingly, when a recipient of the document later wishes to verify the signature, the recipient uses the customer's public key to decode the signature.

Abstract: An information processing system including an encryption processing logic module and a decryption processing logic module for enabling the encryption of digital information to be decrypted with a decryption key K. The encryption processing module includes logic for encrypting the digital information, distributing the digital information and authorizing a user to decrypt the information. The decryption processing module includes logic for the user to communicate a user number n.sub.i to receive an authorization number a.sub.i from the authorization logic in the encryption processing module and extrication logic for extricating the decryption key. The user number n.sub.i uniquely identifies, and is valuable to, the user, so valuable in fact that the user would be unwilling to publically dislcose it. The extrication logic operates on a digital signet pair (a.sub.i, n.sub.i) consisting of the authorization number and user number, to extract K.

Abstract: An information processing system including an encryption processing logic module and a decryption processing logic module for enabling the encryption of digital information to be decrypted with a decryption key K. The encryption processing module includes logic for encrypting the digital information, distributing the digital information and authorizing a user to decrypt the information. The decryption processing module includes logic for the user to communicate a user number n.sub.i to receive an authorization number a.sub.i (a.sub.i being calculated as equal to ((K.sym.n.sub.i) raised to the power of (1/n.sub.i ' mod .phi. from the authorization logic in the encryption processing module and extrication logic for extricating the decryption key. The user number n.sub.i uniquely identifies, and is valuable to, the user, so valuable in fact that the user would be unwilling to publically disclose it. The extrication logic operates on a digital signet pair (a.sub.i, n.sub.

Abstract: A system and method are provided for facilitating proof that a specific item, such as a document, has been sent via a communication medium, such as the mail service of the United States Postal Service, at a specific time. A bit map image is produced, such as by scanning a hard copy document. Preferably the bit map is compressed into a data string and hashed. The hash file is signed by a certifying authority, such as the USPS, using an existentially unforgeable signature scheme. The original document, a code representation of the string, and a code representation of the signature are sent via the communication medium. As a result, the combination of materials sent provides proof of the authenticity of the content of the document.

Abstract: A method and apparatus are disclosed for managing tasks in a network of processors. After a period of time has elapsed, during which the processors of the network have been executing tasks allocated to them, the processors exchange views as to which pending tasks have or have not been completed. The processors reach a consensus as to the overall state of completion of the pending tasks. In a preferred embodiment, the processors exchange views and update their views based on the views received from the other processors. A predetermined condition determines that a consensus has been reached. The predetermined condition is preferably two sets of exchanges in which a processor has received messages from the same set of other processors. Alternatively, the condition is an exchange which does not result in any updates to a processor's view.

Abstract: A method and apparatus are disclosed for achieving collective consistency in the detection and reporting of failures in a distributed computing system having multiple processors. Each processor is capable of being called by a parallel application for system status. Initially, each processor sends the other processors its view on the status of the processors. It then waits for similar views from other processors except those regarded as failed in its own view. If the received views are identical to the view of the processor, the processor returns its view to the parallel application. In a preferred embodiment, if the views are not identical to its view, the processor sets its view to the union of the received views and its current view. The steps are then repeated. Alternately, the steps are repeated if the processor does not have information that each of the processors not regarded as failed in its view forms an identical union view.

Abstract: A method is provided for authentication of encrypted messages. A non-malleable public-key encryption technique is employed, so that an eavesdropper cannot employ an encrypted message, previously overheard, to generate a message which, when sent to a recipient, which would pass as a message originating from a valid sender. In a preferred embodiment, a protocol is provided in which, in response to a message authentication request from a sender, a recipient sends the sender a string, encrypted according to the sender's non-malleable public key. The sender decrypts the string using its private key, and sends the recipient a message which is a function of the string and the message to be authenticated. Because of the non-malleability of the public keys, an eavesdropper cannot impersonate the sender or the recipient and produce a disinformation message which would nevertheless contain the correct authorization string.

Abstract: A method and apparatus are disclosed for managing tasks in a network of processors. After a period of time has elapsed, during which the processors of the network have been executing tasks allocated to them, the processors exchange views as to which pending tasks have or have not been completed. The processors reach a consensus as to the overall state of completion of the pending tasks. In a preferred embodiment, the processors exchange views and update their views based on the views received from the other processors. A predetermined condition determines that a consensus has been reached. The predetermined condition is preferably two sets of exchanges in which a processor has received messages from the same set of other processors. Alternatively, the condition is an exchange which does not result in any updates to a processor's view.

Abstract: An apparatus and method for secure and private communications in a triple-connected processor network. Communication of a message over at least three data paths is achieved by transmitting the message in coded form over the data paths, determining whether the message is correctly received, and if the message is not correctly received, identifying a non-faulty data path, testing remaining data paths to identify a faulty data path, and transmitting the message in coded form over remaining non-faulty data paths.