Abstract: A prover of a data processing system may prove to a verifier of the system that the prover satisfies a condition imposed by the verifier. The prover holds in memory at least one cryptographic credential in which are encoded a biometric template characteristic of the prover and a set of prover attributes such that each of the template and attributes are bound to a common secret value of the prover. A biometric measurement is made of the prover, which then communicates with the verifier to make a cryptographic proof demonstrating: possession of the cryptographic credential; that the biometric measurement matches the biometric template encoded in the cryptographic credential; and that the set of prover attributes encoded in the cryptographic credential satisfies the condition imposed by the verifier. The cryptographic proof is made without revealing the template or the at least one credential to the verifier.

Abstract: Methods and apparatus for forming and presenting confidential presentations within a computing environment associated with a virtual application are presented. For example, a method for forming a confidential presentation includes obtaining a correspondence indicator from an asset server, obtaining a first texture from the asset server, and overlaying the first texture onto a first object. The correspondence indicator indicates the first texture corresponds to the first object. The first object is within the computing environment associated with the virtual application. The first texture and the asset server are inaccessible by the computing environment associated with the virtual application. The confidential presentation comprises the first texture.

Abstract: A method for resolving an exchange of a first object and a second object in a communication network. The first object is sent by a first entity to a second entity, the second object having been requested by the first entity from the second entity. A number of verifiers verify a transfer of the first object from the first entity, a number of trustees provide the second object or an equivalent to the second object. There are at least two verifiers or two trustees. Transfer verification is provided by at least one verifier. If the transfer of the first object from the first entity is verified, and a step of transferring the second objector the equivalent to the first entity by at least one trustee of the number of trustees based on the transfer verification.

Abstract: Data security devices are provided which store user data and interact with terminal devices to provide information about the stored user data. Security device has memory for storing user data, an interface for transmission of data communications connectable to a data communications network, and a controller. The controller processes a request from the terminal device for information about said user data by first generating a message. The message is generated to permit verification, using secret data, that the message was generated by the controller. The controller sends the message to the terminal device for communication to a publication entity for publication of the message. The controller then receives from the terminal device a cryptographic construction. The controller checks validity of the cryptographic construction for said message, and subsequent supply of the information requested about the user data to the terminal device is then dependent on said cryptographic construction.

Abstract: The invention relates to a method for providing an assertion message (200) from a proving party (20) to a relying party (40), the method comprising the steps of: —creating an assertion (A) comprising one or more statements, —creating an assertion proof (p A), —creating a temporary private key and a corresponding temporary public key (K) from the assertion (A) and the assertion proof (p A), —creating a key proof (PK) for the temporary public key (K), —creating an assertion message signature (S) by means of the temporary private key, —creating the assertion message (200) comprising the temporary public key (K), the assertion proof (PA), the key proof (PK), the assertion (A), a message body (220) and the assertion message signature (S) to the relying party (40).

Abstract: Data security devices are provided which store user data and interact with terminal devices to provide information about the stored user data. Security device has memory for storing user data, an interface for transmission of data communications connectable to a data communications network, and a controller. The controller processes a request from the terminal device for information about said user data by first generating a message. The message is generated to permit verification, using secret data, that the message was generated by the controller. The controller sends the message to the terminal device for communication to a publication entity for publication of the message. The controller then receives from the terminal device a cryptographic construction. The controller checks validity of the cryptographic construction for said message, and subsequent supply of the information requested about the user data to the terminal device is then dependent on said cryptographic construction.

Abstract: Method and apparatus for generating cryptographic credentials certifying user attributes and making cryptographic proofs about attributes encoded in such credentials. Attributes are encoded as prime numbers E in accordance with a predetermined mapping and a cryptographic credential is generated encoding E. To prove that an attribute encoded in a cryptographic credential associated with a proving module of the system is a member of a predetermined set of user attributes, without revealing the attribute in question, the proving module determines the product Q of respective prime numbers corresponding to the attributes in the set in accordance with the predetermined mapping of attributes to prime numbers. The proving module demonstrates to the receiving module possession of a cryptographic credential encoding a secret value that is the prime number E, and then whether this secret value divides the product value Q.

Abstract: Methods and apparatus for forming and presenting confidential presentations within a computing environment associated with a virtual application are presented. For example, a method for forming a confidential presentation includes obtaining a correspondence indicator from an asset server, obtaining a first texture from the asset server, and overlaying the first texture onto a first object. The correspondence indicator indicates the first texture corresponds to the first object. The first object is within the computing environment associated with the virtual application. The first texture and the asset server are inaccessible by the computing environment associated with the virtual application. The confidential presentation comprises the first texture.

Abstract: Method and apparatus for generating cryptographic credentials certifying user attributes and making cryptographic proofs about attributes encoded in such credentials. Attributes are encoded as prime numbers E in accordance with a predetermined mapping and a cryptographic credential is generated encoding E. To prove that an attribute encoded in a cryptographic credential associated with a proving module of the system is a member of a predetermined set of user attributes, without revealing the attribute in question, the proving module determines the product Q of respective prime numbers corresponding to the attributes in the set in accordance with the predetermined mapping of attributes to prime numbers. The proving module demonstrates to the receiving module possession of a cryptographic credential encoding a secret value that is the prime number E, and then whether this secret value divides the product value Q.

Abstract: Methods and apparatus for forming and presenting confidential presentations within a computing environment associated with a virtual application are presented. For example, a method for forming a confidential presentation includes obtaining a correspondence indicator from an asset server, obtaining a first texture from the asset server, and overlaying the first texture onto a first object. The correspondence indicator indicates the first texture corresponds to the first object. The first object is within the computing environment associated with the virtual application. The first texture and the asset server are inaccessible by the computing environment associated with the virtual application. The confidential presentation comprises the first texture.

Abstract: A policy data structure defines predetermined authorizations, each relating to authorization of at least one user to access at least one resource as well as to dynamic access requests. Each dynamic access request indicates a condition to be satisfied by a respective set of attributes associated with a user request to access a resource and for the request to be granted in absence of an authorization determinative of the request. If the structure does not define an authorization for a request to access a resource, it is determined whether the structure defines a dynamic access requirement determinative for the request, and if so, whether to grant the request in accordance with the respective set of attributes associated with the request. For at least one request, after determining whether to grant the request, a dynamic authorization relating to authorization to access the resource within the request is added to the structure.

Abstract: Techniques are disclosed for issuing inoperative credentials, and making the inoperative credential operative at a subsequent point in time. For example, a method of forming a credential comprises the step of forming, at a first point in time, an inoperative credential. The inoperative credential is adapted to become operative, at a second point in time, to form an operative credential. The second point in time occurs after the first point in time.

Abstract: A prover of a data processing system may prove to a verifier of the system that the prover satisfies a condition imposed by the verifier. The prover holds in memory at least one cryptographic credential in which are encoded a biometric template characteristic of the prover and a set of prover attributes such that each of the template and attributes are bound to a common secret value of the prover. A biometric measurement is made of the prover, which then communicates with the verifier to make a cryptographic proof demonstrating: possession of the cryptographic credential; that the biometric measurement matches the biometric template encoded in the cryptographic credential; and that the set of prover attributes encoded in the cryptographic credential satisfies the condition imposed by the verifier. The cryptographic proof is made without revealing the template or the at least one credential to the verifier.

Abstract: A method for receiving input from a user of a virtual world, the method including: interacting with an object displayed in the virtual world; displaying another object in the virtual world in response to the interacting, the another object adapted to interact with the user; displaying at least one of a user specific label and a service specific label in place of a generic label associated with the another object; selecting the another object; and receiving the generic label and the at least one of the user specific label and the service specific label as the input in response to the selecting.

Abstract: A shredder for reducing material which includes a conical cutting drum rotatably positioned within a housing and having an imperforate outer surface so as to carry shredded material radially with and externally of the drum; at least one cutting implement disposed about the outer surface of the cutting drum; an anvil disposed adjacent to the cutting drum; a bellyband wrapping around and conforming to the drum; and a transition interconnecting the bellyband with a discharge port and having a cross sectional configuration that inversely mirrors the cross sectional configuration of the bellyband.

Abstract: A card-reader apparatus includes has a card interface for receiving data from a card presented to the card interface, a display, and a keypad having a plurality of keys for input of respective characters of user codes associated with cards presented to the card interface. The apparatus includes a controller for verifying a user code input for a card by processing the user code and the data received from the card by the card interface. The controller is adapted to generate a random mapping of user code characters to respective keys of the keypad, to control the display to indicate the mapping to a user, and to identify an input code character in accordance with the mapping. The apparatus is further adapted such that the mapping is displayed to the user with a limited viewing angle to inhibit unauthorized viewing.

Abstract: A shredder having a sizing chamber and a reducing chamber for sizing and reducing material.

Abstract: A shredder for reducing material which includes a conical cutting drum rotatably positioned within a housing and having an imperforate outer surface so as to carry shredded material radially with and externally of the drum; at least one cutting implement disposed about the outer surface of the cutting drum; an anvil disposed adjacent to the cutting drum; a bellyband wrapping around and conforming to the drum; and a transition interconnecting the bellyband with a discharge port and having a cross sectional configuration that inversely mirrors the cross sectional configuration of the bellyband.

Abstract: Processes are described for provision of privacy-sensitive sample analysis results to a sample provider. The sample provider generates a cryptographic commitment encoding a secret value, r, and a sample identifier, s, associated with a sample container. The sample provider provides the commitment to an analysis provider in association with the sample container containing a sample for analysis. The analysis provider analyzes the sample to obtain a set of analysis results corresponding to the sample identifier, s, and generates a cryptographic pre-credential, ??, corresponding to the sample identifier, s. The pre-credential, ??, encodes the set of analysis results and the commitment. Completion of the pre-credential, ??, requires knowledge of the secret value, r, in the commitment.

Abstract: A policy data structure defines predetermined authorizations, each relating to authorization of at least one user to access at least one resource as well as to dynamic access requests. Each dynamic access request indicates a condition to be satisfied by a respective set of attributes associated with a user request to access a resource and for the request to be granted in absence of an authorization determinative of the request. If the structure does not define an authorization for a request to access a resource, it is determined whether the structure defines a dynamic access requirement determinative for the request, and if so, whether to grant the request in accordance with the respective set of attributes associated with the request. For at least one request, after determining whether to grant the request, a dynamic authorization relating to authorization to access the resource within the request is added to the structure.