Abstract: There is described a validation and authentication system and method for authenticating and validating messages. The system comprises a data store storing one or more digital fingerprints associated with user imaging devices. There is also a communication module configured to: receive a message M; receive a request for validation and authentication and receive an image PM of the message M captured using a user imaging device. The system comprises an image validation module for analysing the received image PM using one or more image processing techniques to determine if the image is valid and authentic. If the received image PM is determined to be authentic and valid, the image validation module generates a response to the request.

Abstract: A method for validating a signature request for a first message M, comprising: receiving, a validation challenge (VC) from a signature creation device (SCD), the VC created by the SCD, in response to receiving the signature request and message M from a user, using a second message M? which is based on message M and a secret shared between the SCD and user, the VC generated by encrypting message M? using the secret; generating, the message M? from the VC by decrypting the VC using the secret; displaying the message M? to the user; receiving confirmation from the user that the displayed message M? corresponds to the message M; generating, a validation code confirming the signature request to create a signature; and outputting the code to the SCD, to cause the SCD to generate the signature for the user for message M based on successfully verifying the code.

Abstract: There is described a validation and authentication system and method for authenticating and validating messages. The system comprises a data store storing one or more digital fingerprints associated with user imaging devices. There is also a communication module configured to: receive a message M; receive a request for validation and authentication and receive an image PM of the message M captured using a user imaging device. The system comprises an image validation module for analysing the received image PM using one or more image processing techniques to determine if the image is valid and authentic. If the received image PM is determined to be authentic and valid, the image validation module generates a response to the request.

Abstract: A method for validating a signature request for a first message M, comprising: receiving, a validation challenge (VC) from a signature creation device (SCD), the VC created by the SCD, in response to receiving the signature request and message M from a user, using a second message M? which is based on message M and a secret shared between the SCD and user, the VC generated by encrypting message M? using the secret; generating, the message M? from the VC by decrypting the VC using the secret; displaying the message M? to the user; receiving confirmation from the user that the displayed message M? corresponds to the message M; generating, a validation code confirming the signature request to create a signature; and outputting the code to the SCD, to cause the SCD to generate the signature for the user for message M based on successfully verifying the code.

Abstract: A method and system for generating a signature for a user are described. The system comprises a signature server, an initial transaction device for a user and a validation device for a user. The initial transaction device is configured to display a first message M and send a request to the signature server to create a signature for said first message M. The signature server is configured to generate a validation challenge using a second message M? which is based on said first message M? and a first secret shared between said user and said signature server and send said validation challenge to the validation device. The validation device is configured to regenerate said second message M? using said first shared secret, display said second message M?, receive user confirmation that the displayed second message M? corresponds to said first message M, generate a validation code confirming the request to create a signature; and send said validation code to said signature server.

Abstract: A method and system for generating a signature for a user are described. The system comprises a signature server, an initial transaction device for a user and a validation device for a user. The initial transaction device is configured to display a first message M and send a request to the signature server to create a signature for said first message M. The signature server is configured to generate a validation challenge using a second message M? which is based on said first message M? and a first secret shared between said user and said signature server and send said validation challenge to the validation device. The validation device is configured to regenerate said second message M? using said first shared secret, display said second message M?, receive user confirmation that the displayed second message M? corresponds to said first message M, generate a validation code confirming the request to create a signature; and send said validation code to said signature server.

Abstract: A data input is divided into two segments. The second segment is raised to a power of a function of the first segment, the power being relatively prime to a function of a predefined modulus. The modulus is then applied to the result. The transformed data is assembled from the first segment and the remainder modulo the modulus. This data transformation can be applied in combination with a key derivation algorithm, a key wrapping algorithm, or an encryption algorithm to enhance the security of these other applications.

Abstract: A data input is divided into two segments. The second segment is raised to a power of a function of the first segment, the power being relatively prime to a function of a predefined modulus. The modulus is then applied to the result. The transformed data is assembled from the first segment and the remainder modulo the modulus. This data transformation can be applied in combination with a key derivation algorithm, a key wrapping algorithm, or an encryption algorithm to enhance the security of these other applications.

Abstract: Key derivation algorithms are disclosed. In one key derivation application, a segment of the master key is hashed. Two numbers of derived from another segment of the master key. A universal hash function, using the two numbers, is applied to the result of the hash, from which bits are selected as the derived key. In another embodiment, an encoded counter is combined with segments of the master key. The result is then hashed, from which bits are selected as the derived key.

Abstract: A data input is divided into two segments; the second segment is also divided into groups. Bits in the first segment are used to control the application of permutation functions to bit groups in the second segment. The transformed data is assembled from the first segment and the permuted groups of the second segment. This data transformation can be applied in combination with a key derivation algorithm, a key wrapping algorithm, or an encryption algorithm to enhance the security of these other applications.

Abstract: Key derivation algorithms are disclosed. In one key derivation application, a segment of the master key is hashed. Two numbers of derived from another segment of the master key. A universal hash function, using the two numbers, is applied to the result of the hash, from which bits are selected as the derived key. In another embodiment, an encoded counter is combined with segments of the master key. The result is then hashed, from which bits are selected as the derived key.

Abstract: Key derivation algorithms are disclosed. In one key derivation application, a segment of the master key is hashed. Two numbers of derived from another segment of the master key. A universal hash function, using the two numbers, is applied to the result of the hash, from which bits are selected as the derived key. In another embodiment, an encoded counter is combined with segments of the master key. The result is then hashed, from which bits are selected as the derived key.

Abstract: A data input is divided into two segments. The second segment is raised to a power of a function of the first segment, the power being relatively prime to a function of a predefined modulus. The modulus is then applied to the result. The transformed data is assembled from the first segment and the remainder modulo the modulus. This data transformation can be applied in combination with a key derivation algorithm, a key wrapping algorithm, or an encryption algorithm to enhance the security of these other applications.