Abstract: A system and method for preserving privacy of evidence are provided. In the method, an encrypted first image is generated by encrypting a first image acquired at a first location with a symmetric cryptographic key that is based on first information such as a license plate number extracted from the first image and first metadata associated with the first image, such as a time at which the first image was acquired. When a link is established between a second image and the first image, for example, through visual signature matching, the symmetric cryptographic key can be reconstructed, without having access to the first image, but based instead on the first metadata and information extracted from the second image. The reconstructed symmetric cryptographic key can then be used for decryption of the encrypted image to establish evidence that the license plate number was indeed extracted from the first image.

Abstract: A method for data matching includes providing two sets of encrypted data elements by converting data elements to respective sets of vectors and encrypting each vector with a public key of a homomorphic encryption scheme. Each data element includes a sequence of characters drawn from an alphabet. For pairs of encrypted data elements, a comparison measure is computed between the sets of encrypted vectors. An obfuscated vector is generated for each encrypted data element in the first set, which renders the first encrypted data element indecipherable when the comparison measure does not meet a threshold for at least one of the pairs of data encrypted elements comprising that encrypted data element. The obfuscated vectors can be decrypted with a private key, allowing data elements in the first set to be deciphered if the comparison measure meets the threshold for at least one of the data elements in the second set.

Abstract: Disclosed is a relational database fingerprinting system and method to identify a user of the relational database, the fingerprint provided by an originator of the relational database. According to an exemplary method, a fingerprint bit string is generated including a data user identification code and a secret key unknown to the user, and the fingerprint bit string is embedded in a plurality of pseudorandomly selected values based on a pseudorandom function seeded with primary keys associated with the relational database.

Abstract: A system and method provide for shared access to a database in a semi-trusted platform. In the method, for each of a set of users, provision is made for regenerating a respective user key, based on a respective predefined user input, such as a hashed password. One or more of the users is authorized to have access to an encrypted database. For each of these, the method includes encrypting a key for the encrypted database with the respective user's user key to generate an encrypted database key. During a user session, one of the authorized users is provided with access to the encrypted database by decrypting the database key from the encrypted database key with the respective user's user key, and decrypting the database, from the encrypted database, with the database key. The database key and each user's user key are not stored on the platform and are thus inaccessible to platform administrators and unauthorized users between user sessions.

Abstract: A system and method incorporating a multi-function printer (MFP), a mobile device and a server to effect payment of MFP services. The MFP generates and displays a session prepayment code containing identification information for the MFP and for a specific session initiated by a user. The code is entered into the mobile device and the mobile device transmits it to the server. In response, the server transmits a menu of MFP functions and costs to the mobile device, allowing the user to estimate and prepay the cost of the specific session through a service accessible on the mobile device. Once proof of prepayment is received, the server transmits an authorization code to the mobile device and the user inputs it into the MFP. The MFP verifies the authorization code with the server and performs user-selected functions until a time allotted for the specific session ends or until available credit is used, whichever comes first.

Abstract: Disclosed is a relational database fingerprinting system and method to identify a user of the relational database, the fingerprint provided by an originator of the relational database. According to an exemplary method, a fingerprint bit string is generated including a data user identification code and a secret key unknown to the user, and the fingerprint bit string is embedded in a plurality of pseudorandomly selected values based on a pseudorandom function seeded with primary keys associated with the relational database.

Abstract: A method for data matching includes providing two sets of encrypted data elements by converting data elements to respective sets of vectors and encrypting each vector with a public key of a homomorphic encryption scheme. Each data element includes a sequence of characters drawn from an alphabet. For pairs of encrypted data elements, a comparison measure is computed between the sets of encrypted vectors. An obfuscated vector is generated for each encrypted data element in the first set, which renders the first encrypted data element indecipherable when the comparison measure does not meet a threshold for at least one of the pairs of data encrypted elements comprising that encrypted data element. The obfuscated vectors can be decrypted with a private key, allowing data elements in the first set to be deciphered if the comparison measure meets the threshold for at least one of the data elements in the second set.

Abstract: A system and method incorporating a multi-function printer (MFP), a mobile device and a server to effect payment of MFP services. The MFP generates and displays a session prepayment code containing identification information for the MFP and for a specific session initiated by a user. The code is entered into the mobile device and the mobile device transmits it to the server. In response, the server transmits a menu of MFP functions and costs to the mobile device, allowing the user to estimate and prepay the cost of the specific session through a service accessible on the mobile device. Once proof of prepayment is received, the server transmits an authorization code to the mobile device and the user inputs it into the MFP. The MFP verifies the authorization code with the server and performs user-selected functions until a time allotted for the specific session ends or until available credit is used, whichever comes first.

Abstract: A system and method provide for shared access to a database in a semi-trusted platform. In the method, for each of a set of users, provision is made for regenerating a respective user key, based on a respective predefined user input, such as a hashed password. One or more of the users is authorized to have access to an encrypted database. For each of these, the method includes encrypting a key for the encrypted database with the respective user's user key to generate an encrypted database key. During a user session, one of the authorized users is provided with access to the encrypted database by decrypting the database key from the encrypted database key with the respective user's user key, and decrypting the database, from the encrypted database, with the database key. The database key and each user's user key are not stored on the platform and are thus inaccessible to platform administrators and unauthorized users between user sessions.

Abstract: A system and method for preserving privacy of evidence are provided. In the method, an encrypted first image is generated by encrypting a first image acquired at a first location with a symmetric cryptographic key that is based on first information such as a license plate number extracted from the first image and first metadata associated with the first image, such as a time at which the first image was acquired. When a link is established between a second image and the first image, for example, through visual signature matching, the symmetric cryptographic key can be reconstructed, without having access to the first image, but based instead on the first metadata and information extracted from the second image. The reconstructed symmetric cryptographic key can then be used for decryption of the encrypted image to establish evidence that the license plate number was indeed extracted from the first image.