Abstract: Disclosed herein are systems, methods and computer readable media for performing authentication. The proposed scheme utilizes new algorithms that introduce randomness using a physical value for authentication. An exemplary method includes sharing an initial state value S(0) with a sender and a receiver, generating a sender S(t, v) based on a parameter t and an identifier v and based at least in part on the value S(0). The method includes generating a receiver S(t, v) from S(0) based on the parameter t and the identifier v wherein the parameter t is related to a physical value in authenticating the identifier v based on a comparison of the sender S(t, v) and the receiver S(t, v). The process of generating the sender S(t, v) and the receiver S(t, v) includes a random variable generated by a process such as by a random number generator, the Brownian Motion or Wiener Process. Other embodiments do not use the physical value for authentication.

Abstract: Disclosed herein are systems, method and computer readable medium for providing authentication of an entity B by an entity A. In the method, entity A selects a value p, a range [a, b] and a granularity epsilon. Entity A sends p, [a, b], and epsilon to entity B. Entity B initializes a value yB=0 and for each x in {a, a+epsilon, . . . , b?epsilon, b} and computes z=E(x)*x. The function E(x) is an encryption scheme and the multiplication is carried out mod p. Entity B updates yB=yB+z. After processing each x, entity B sends yB to entity A. Entity A performs the same calculation and generates a yA value and compares yA with yB. If yB=yA, Entity A authenticate entity B. In one aspect, a light HMAC scheme splits an input x into n blocks with key expansion.

Abstract: A computer enabled method and apparatus for encrypting and decrypting data using a keyless transformation cryptographic technique. Data is protected using a keyless (unkeyed) complex mathematical transformation, in contrast to a traditional cryptographic algorithm using a secret key. This approach is resistant to both static analysis (hacking) performed on executable encryption/decryption code, as well as dynamic analysis performed during execution (runtime) of ciphering or deciphering. The method uses a family of asymmetric data transformations based on Galois field polynomials.

Abstract: Method and apparatus for increasing security of a cryptographic algorithm such as deciphering, enciphering, or a digital signature. A cryptographic algorithm and a key are provided such that a deciphering process, for instance, is partitioned between two portions. The portion of the cryptographic algorithm carried out in the first portion is implemented in a “white box” model such that it is highly secure even against an attack by the user who has full access to internal operations, code execution and memory of the user device, such as a hacker or attacker. The remaining portion of the algorithm is carried out in the second portion. Since this second portion has relaxed security constraints, its code may be implemented using a “black box” approach where its code execution may be more efficient and faster, not requiring the code obfuscation of the white box implementation in the user device. This partitioning may be achieved using a delegation protocol.

Abstract: For purposes of cryptographic authentication, verification and digital signature processes, a derivation function is provided. The derivation function is generated from a Fourier series, using a prime number to compute the initial value in the series.

Abstract: In the computer client-server context, typically used in the Internet for communicating between a central server and user computers (clients), a method is provided for token passing which enhances security for client-server communications. The token passing is opaque, that is tokens as generated by the client and server are different and can be generated only by one or the other but can be verified by the other. This approach allows the server to remain stateless, since all state information is maintained at the client side. This operates to authenticate the client to the server and vice versa to defeat hacking attacks, that is, penetrations intended to obtain confidential information. The token as passed includes encrypted values including encrypted random numbers generated separately by the client and server, and authentication values based on the random numbers and other verification data generated using cryptographic techniques.

Abstract: Method and apparatus for marking individual video frames of an H.264/AVC standard compliant or equivalent digital video stream. Each video frame in a H.264/AVC video stream is conventionally divided into NAL units. There are typically a number of NAL units for each video frame. There is specified in the H.264/AVC standard the SEI (Supplemental Enhancement Information) type. This type includes the user data unregistered type, which can contain arbitrary data. In the present method and apparatus, an NAL unit of this type is provided at the beginning of each video frame, preceding the other NAL units associated with that video frame. The data contained in that special SEI unit is typically control information for downstream control of use of the video content.

Abstract: Some embodiments provide an account-based DRM system for distributing content. The system includes several devices that are associated with one particular account. The system also includes a set of DRM computers that receives a request to access a particular piece of content on the devices associated with the particular account. The DRM computer set then generates a several keys for the devices, where each particular key of each particular device allows the particular device to access the particular piece of content on the particular device. Through a network, the DRM computer set of some embodiments sends the particular piece of content and the generated keys to the devices associated with the particular account. The network is a local area network, a wide area network, or a network of networks, such as the Internet. In some of these embodiments, the DRM computer set sends the content and keys to one device (e.g.

Abstract: Some embodiments of the invention provide a method of verifying the integrity of digital content. At a source of the digital content, the method generates a signature for the digital content by applying a hashing function to a particular portion of the digital content, where the particular portion is less than the entire digital content. The method supplies the signature and the digital content to a device. At the device, the method applies the hashing function to the particular portion of the digital content in order to verify the supplied signature, and thereby verifies the integrity of the supplied digital content.

Abstract: Some embodiments of the invention provide a digital rights management (DRM) method for distributing content to users over a network. Based on a first set of diversity indicia, the method identifies a first security element for distributing a set of content to a first computer. The set of content includes one or more pieces of content. Based on a second set of diversity indicia, the method identifies a second security element for distributing the set of content to a second computer. Based on the first security element, method protects the set of content for the first computer and sends the protected set of content to the first computer through the network. Based on the second security element, the method protects the set of content for the second computer and sends the protected set of content to the second computer through the network.