Abstract: In one embodiment, the present disclosure is directed to a system for digital authentication. A device includes a second processor for security functionality. The second processor generates a public key and a private key, and uses the private key and to-be-signed signature data to generate digital signatures. The device transmits the public key and a first digital signature to the server. As part of subsequent communication, the device transmits the public key and a second digital signature to the server. Using the public key, the server validates the second digital signature to verify that the second digital signature is from the device or a user of the device, thereby verifying that the subsequent communication is from the device or the user of the device.

Abstract: A trusted media device for use with a digital camera to create trusted media files that provide assurance that the media file captures a real-world scene and is not synthetic (for example, AI-generated) media. The trusted media device includes a digital camera and provides for generation of a trusted media file after authentication of fingerprints associated with the digital camera and the trusted media device and authentication of perceptual hashes for captured images. Embodiments of the disclosure further include processes for pairing the trusted media device and viewing and editing the trusted media file.

Abstract: Systems and methods for user verification may include processor(s) to maintain a plurality of authentication profiles for respective users, where each authentication profile includes profile image(s) and a device key linked to a respective client device. The processor(s) may receive a request including the device key of the client device and a biometric image captured during the session by a camera of the client device. The processor(s) may identify the authentication profile corresponding to the user based on the device key included in the authentication profile matching the device key included in the request. The processor(s) may compare feature(s) extracted from the biometric image to feature(s) extracted from the profile image(s), and store the biometric image in the authentication profile based determining that the feature(s) from the biometric image match feature(s) from a profile image of the authentication profile.

Abstract: An information processing apparatus saves log information related to an executed job, and includes a determination unit that determines one of at least a first mode and a second mode as a saving mode for the log information, based on setting by a user, and a saving control unit that saves log information including information about a plurality of items related to an executed job, in a case where the first mode is determined as the saving mode, and saves log information not including information about a predetermined first item and including information about a second item different from the first item, among the plurality of items related to the executed job, in a case where the second mode is determined as the saving mode.

Abstract: To achieve an improvement in security in encryption of an image signal obtained through imaging by an array sensor. A sensor device includes: an array sensor in which a plurality of pixels including light-receiving elements for visible light or invisible light are arrayed 1-dimensionally or 2-dimensionally; and an encryption unit configured to encrypt a read signal from the pixels of the array sensor. By encrypting a read signal, it is possible to achieve an improvement in security by enabling the image signal not to be stored in plain text in a memory.

Abstract: A method for obfuscating an application programming interface (API) can include creating a polarization library. The library can include for each of a plurality of websites: website endpoints, corresponding website endpoint parameters, and an assigned industry category. An API structure of a root API to be obfuscated can be extracted, including root endpoints and corresponding root endpoint parameters. An industry category can be identified for the root API and a website is selected from the polarization library that is in an industry category that is distinct from the root API category. An obfuscator API is created with the extracted API structure using website endpoints and website endpoint parameters from the selected website that match the structure of the root API.

Abstract: A trusted execution environment obtains a secure guest image and metadata to be used to start a secure guest. The metadata includes multiple parts and a plurality of integrity measures. A first part of the metadata includes one or more integrity measures of the plurality of integrity measures, and a second part of the metadata includes customized confidential data of the secure guest and one or more other integrity measures of the plurality of integrity measures. The trusted execution environment is used to verify at least one select part of the metadata using at least one integrity measure of the plurality of integrity measures of the metadata. Based on successful verification of the at least one select part of the metadata, the trusted execution environment starts the secure guest using the secure guest image and at least a portion of the metadata.

Abstract: A system and method for generating a cryptographic key using a sequence of data segments selected by a user from one or more data resources. Raw data from the one or more data resources corresponding to each of the selected data segments, and the sequence in which such data segments are selected, is extracted and processed to generate a key. The key can be used for any cryptographic and authentication purpose. By enabling a user to select the sequence of data segments from the one or more data resources in any manner the user desires, the user can create a strong key, but also easily remember the underlying data resource and chosen sequence. This technique provides enhanced security while maintaining ease of creation and use of such security.

Abstract: The present disclosure provides a distributed computer system, which includes a plurality of computing devices. Each computing device includes a memory, a portion of a Blockchain, a transceiver, and a processor. The memory stores a plurality of data transaction requests. Each data transaction request corresponds to a block in the Blockchain and includes a cryptographic hash of a previous block, a timestamp, and transaction data. The transceiver receives a data transaction request from a subset of the plurality of computing devices. The processor determines whether the received data transaction request corresponds to at least one block in the portion of the Blockchain. The processor updates an internal record of the Blockchain, based on determining that the data transaction request corresponds to at least one block in the portion of the Blockchain. The processor then verifies the updated internal record of the Blockchain with a computing device in the subset.

Abstract: A sending security edge proxy SEPP receives a first message sent by a first network function to a second network function. The first message has a plurality of first message parts including: a request line or a response line; at least one header; and payload. Second message parts are formed from the features and optional sub-features of the first message parts. A security structure defines a required security measure individually for each second message part. The SEPP applies, according to the security structure definition, to each second message part by encrypting; integrity protecting; or modification tracking with integrity protecting; and forms a second message that contains the second message parts; and sends the second message towards the second network function. Corresponding methods, structures, computer programs and a system are disclosed for intermediate nodes and receiving SEPP.

Abstract: An example operation includes one or more of determining, via a transport, that a person seeks access to the transport, visually indicating, via the transport, an action for the person to perform, receiving, via the transport, the action and validating, via the transport, that the person is associated with the transport, based on the receiving.

Abstract: A system and method in accordance with examples may include an identity verification kiosk. The identity verification kiosk may include a display comprising a user interface; a card reader; a document scanner; a printer; and a processor in data communication with a server and a database storing user information. The processor may be configured to receive an identification verification request from the user interface; receive user information via the document scanner or the card reader; retrieve user information from the database; verify the identity of a user; and print a unique identifier on a document using the printer.

Abstract: The disclosed computer-implemented method for authenticating digital media content may include (i) receiving digital media content that has been captured by a capturing device and digitally signed through a cryptoprocessor embedded within the capturing device to provide an assurance of authenticity regarding how the capturing device captured the digital media content, and (ii) encoding an identifier of the received digital media content and a digital signature to an encrypted distributed ledger, the digital signature including at least one of a digital signature of the digital media content by the capturing device or a digital signature of the digital media content by an entity encoding the received digital media content such that the encoding becomes available for subsequent verification through the encrypted distributed ledger. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A system and method for generating a cryptographic key using a sequence of data segments selected by a user from one or more data resources. Raw data from the one or more data resources corresponding to each of the selected data segments, and the sequence in which such data segments are selected, is extracted and processed to generate a key. The key can be used for any cryptographic and authentication purpose. By enabling a user to select the sequence of data segments from the one or more data resources in any manner the user desires, the user can create a strong key, but also easily remember the underlying data resource and chosen sequence. This technique provides enhanced security while maintaining ease of creation and use of such security.

Abstract: A data verification method is provided. Fingerprint information of N (N being an integer greater than 1) slices of to-be-sent data of a second device is received, the fingerprint information including first fingerprint information corresponding to an ith (i being an integer greater than 1) slice of the to-be-sent data and second fingerprint information corresponding to an (i?1)th slice of the to-be-sent data. The first fingerprint information is based on updating, by using the ith slice of the to-be-sent data, the second fingerprint information. An ith slice of data is received from the second device. The received second fingerprint information is updated by using the ith slice of data, to obtain third fingerprint information. Data verification failure indication information is transmitted to the second device in response to the third fingerprint information not matching the received first fingerprint information.

Abstract: Methods, non-transitory computer readable media, and computing devices that accelerate data access requests. With this technology, a hierarchy of a plurality of objects is inserted into a location database. Each of at least a subset of the plurality of objects comprises a physical storage location for data stored in a filesystem. One or more of the plurality of objects includes an object version number and a parent version number of a parent one of the plurality of objects. A determination is made when an invalidation event has occurred in the filesystem. The invalidation event is associated with one of the plurality of objects. The object version number for the one of the plurality of objects is modified to invalidate one or more of the subset of the objects, when the determining indicates that the invalidation event has occurred in the filesystem.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for managing blockchain-based centralized ledger systems. One of the methods includes: transmitting a timestamp request for a to-be-timestamped block in a blockchain to a trust time server by a ledger server in a centralized ledger system that stores data in the blockchain, the trust time server being associated with a trust time authority and independent from the centralized ledger system, the blockchain including a plurality of blocks storing transaction data, receiving a timestamp and associated signature for the to-be-timestamped block from the trust time server by the ledger server, and storing information of the timestamp and the associated signature for the to-be-timestamped block in the blockchain by the ledger server.

Abstract: Detecting malicious files is disclosed, including: executing a candidate file; monitoring the execution of the candidate file; generating a monitored action record corresponding to the execution of the candidate file; determining that at least one malicious action included in the monitored action record is included in a preset malicious action set; and determining that the candidate file is a malicious file.

Abstract: A method including: providing an image; encrypting an encryption region of the image, the encryption region is less than the whole region of the image; keeping a remaining region of the image unencrypted to provide a partially encrypted image; and storing the partially encrypted image.

Abstract: A certification application automatically generates a certification document associated with a service. A transformation module retrieves a component information associated with a status of a service from a data store maintaining the component information. The component security data and component metadata is included within the component information. The component information is transformed for insertion into a certification information. Risk analysis, phraseology, and localization data is used to transform the component information. The certification document is generated based on the certification template by inserting the component information into the certification template.

Abstract: A method, system and non-transitory computer-readable medium product are provided for watermarking detection and management. In the context of a method, a method is provided that includes identifying at least one resource accessible to a user device and determining whether a watermark template is applied to the at least one resource accessible to the user device. The method further includes identifying at least one compliance rule and determining whether the at least one compliance rule is satisfied in response to a determination that the watermark template is applied to the at least one resource accessible to the user device. The method yet further includes performing at least one remedial action in response to a determination that the at least one compliance rule is not satisfied.

Abstract: The disclosed computer-implemented method for verifying the authenticity of graphical images may include (1) identifying a graphical image intended for presentation by a display and then, prior to facilitating presentation of the graphical image by the display, (2) identifying an original unique identifier of at least a portion of the graphical image encoded into the graphical image, (3) computing a subsequent unique identifier of the portion of the graphical image, and (4) determining, by comparing the subsequent unique identifier to the original unique identifier, whether the graphical image is authentic. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Compact certificate formats that may be used in a fabric or network between devices. The compact format includes a serial number field tagged with a tag of 1, a signature algorithm field tagged with a tag of 2, an issuer field tagged with a tag of 3, an encoded version of a public key tagged with a tag of A, and a signature field tagged with a tag of C. Each field includes the respective tags and corresponding values encoded in a tag-length-value (TLV) format, and each tag value is represented in hexadecimal.

Abstract: Various embodiments herein each include at least one of systems, methods, devices, and software for secure image processing. In particular, the secure image processing may be performed with regard to images, such as image frames of a video stream, from a camera to obscure, either via image modification, encryption, and discarding image frames, to prevent, limit, or secure viewing of sensitive information that may be included within images. One such embodiment includes receiving an image of an image flow from a scanner, such as a product scanner, and determining whether a sensitive item is present in the image. When a sensitive item is determined to be present in the image, such embodiments perform a security action with regard to the image prior to passing the image in the image flow from the scanner.

Abstract: A facsimile apparatus uses IP addresses in facsimile communications. A communicating section receives image data sent from a communication partner apparatus via a facsimile transmission, based on an IP address of the communication partner apparatus and of the facsimile apparatus. A printing section prints the image data. An IP address registering section registers therein, in advance, an IP address of each of one or more communication partner apparatuses. An IP address obtaining section obtains the IP address of the communication partner apparatus. A printing rejection processing section judges whether the obtained IP address has already been registered. If the obtained IP address is determined as an unregistered IP address, the printing rejection processing section performs a printing rejecting process, and the printing rejection information storing section stores therein a specifying image and the unregistered IP address as printing rejection information.

Abstract: An electronic document encrypting system 200, for accomplishing an object of providing a system capable of distributing an electronic document containing important information with a browsing restriction being set and information with none of the browsing restriction being set without removing the important information, includes: an encryption area extracting unit 19 extracting an encryption target area from an electronic document; a digital image generating unit generating a digital image on the basis of the area extracted by the encryption area extracting unit in the electronic document; an encrypting unit 11 encrypting the digital image generated by the digital image generating unit 15 on the basis of an encryption key; and an encrypted electronic document generating unit 12 generating an encrypted electronic document in which when the electronic document is output, in place of the extracted information, an encrypted image encrypted by the encrypting unit 11 is output to an area to which the information ex

Abstract: One embodiment is a computer program product for processing information to obtain an HMAC, comprising: by using a padding circuit, generating first key data by adding 0 with respect to secret key data, setting the secret key data as second key data, or generating third key data by adding 0 with respect to a first digest value, according to comparison result of a second key length and a block length of the hash function, and performing an exclusive OR operation with a second constant with respect to one of the first key data, the second key data, and the third key data to calculate first data; by using a hash calculation circuit, obtaining the first digest value, and obtaining a second digest value, by using a holding circuit, storing the secret key data or the first digest value; and by using a control unit, managing a processing state for calculating the HMAC.

Abstract: A computer-complemented method for generating a 2D barcode, including retrieving a predetermined private key, a predetermined digital signature method and an issuer identity of a 2D barcode; generating a signature for at least one data with the retrieved private key in accordance with the retrieved digital signature method; inserting the at least one printable data together with the generated signature and the retrieved issuer identity into a self-contained data unit; and creating a barcode image containing the self-contained data unit.

Abstract: Approaches are provided for processing scan data based on a scan process definition (SPD) that defines a set of instructions for acquiring image data based on one or more printed documents. An SPD may include extension data that is used to store additional data in association with the scan data. An SPD may include rights management data that is used to provide security to the scan data that is generated based on the SPD. An SPD may be used as a print process definition for dictating how print operations are to be performed. An SPD may be associated with data that identifies one or more scan devices that are prohibited from using the SPD. An SPD may be associated with access delegation data that indicates one or more users who have been delegated access to the SPD.

Abstract: A method for securing communications in a vehicle-to-vehicle (V2V) system including an on-board computer of a broadcasting vehicle predicting a value for a vehicle parameter, generating a heavyweight signature corresponding to the predicted value, and obtaining an actual value for the vehicle parameter. The method also includes the computer comparing the predicted value to the actual value to determine if the predicted value bears a first relationship to the actual value. If the computer determines that the predicted value bears the relationship to the actual value, the on-board computer generates a lightweight authenticating signature to correspond to the predicted value and broadcasts a data message having the predicted value with the corresponding heavyweight authenticating signature and the corresponding lightweight authenticating signature.

Abstract: Disclosed are a communication apparatus and a method of controlling the same. The communication apparatus sets, if it is designated to perform encrypted transmission, whether to not perform transmission to an address with respect to which encrypted transmission is not possible or to perform plain text transmission to the address, and an address is selected in a state where this setting has been configured. The communication apparatus determines whether or not the selected address is an address with respect to which the encrypted transmission is possible, and, if the result of the determination shows that the selected address is not the address with respect to which the encrypted transmission is possible, controls whether to not perform transmission to the selected address or to perform plain text transmission to the selected address, in accordance with the setting.

Abstract: A method for capturing a user's view of an electronic screen having an error message in a health management application without showing private information of the user includes receiving an error message from a web service responding to a request for a web page by the user. The method includes receiving an electronic file of the web page with the error message, redacting private information of the user from the electronic file to create a redacted electronic file, and storing the redacted electronic file in a support log module.

Abstract: When transmitting position/time information calculated by means of a GPS function to a server apparatus, authentication is carried out with the server apparatus. The position/time information may be certified as legitimate measured by a portable apparatus with a GPS reception function employed by a user. When transmitting information related to the position and the time acquired from a portable phone terminal having the GPS function and a network function by means of the GPS function to the server apparatus, authentication is carried out between the portable phone terminal and the server apparatus. The position/time information is transmitted to the server apparatus, only if the server apparatus is authenticated as a legitimate counterpart for connection.

Abstract: A data obfuscation method, apparatus and computer program product are disclosed in which at least selected text entities such as words or abbreviations in a document are obfuscated to prevent the disclosure of private information if the document is disclosed. A user establishes various configuration parameters for selected text entities desired to obfuscated. The document is processed and text entities matching the configuration parameters are tagged for obfuscation. The tagged entities are then substituted in the document with obfuscating text. The obfuscating text can be derived from a hash table. The hash table may be used to provide a reverse obfuscation method by which original data can be restored to an obfuscated document.

Abstract: A method and system for authenticating a user receiving device to communicate with a partner service device includes a primary service provider. A user receiving device generates a request for a first encrypted token. The user receiving device communicates the request for the first encrypted token to an authentication web service of the primary service provider. The authentication web service generates the first encrypted token. The primary service provider communicates the first encrypted token to the user receiving device. The user receiving device communicates the first encrypted token to the partner service provider. The partner service provider communicates data to the user receiving device after receiving the first encrypted token.

Abstract: One embodiment is an information processing device for obtaining an HMAC, including a padding circuit for generating first key data by adding a first constant with respect to secret key data, setting the secret key data as second key data when the secret key length is equal to the block length, generating third key data by adding the first constant with respect to a first digest value; a hash calculation circuit for obtaining the first digest value; and a control unit for managing a processing state for calculating the HMAC, wherein the hash calculation circuit outputs a first midway progress value when interrupting a calculation process of the first digest value, and resumes the calculation process of the first digest using the first midway progress value when a signal indicating resuming instruction of the calculation process of the first digest value is input to the control unit.

Abstract: A method and system for authenticating a partner service provider and a primary service provider includes a network and, a partner service provider generating a request for a first encrypted token from a partner service provider and communicating the request to the network. An authentication web service receives the request for the first encrypted token from the network and generates the first encrypted token. The partner service provider generates a request for data with the first encrypted token and communicates the request for data to the network. A data web service receives the request for data and communicates the request for data from the data web service to the authentication web service. The authentication web service validates the request for data and communicates a validation result to the data web service. The data web service communicates data to the partner service provider from the data web service after validating.

Abstract: A method for securing data in hardcopy documents. The method includes obtaining a page image having a private data item; generating an encrypted version of the private data item; obtaining a decoder identification (ID) value of a decoder; generating, using an encoder, a symbol having the encrypted version of the private data item and the decoder ID value; and generating a hardcopy document by recording the symbol on a physical medium, where the hardcopy document is transported to a subsystem having the decoder, and where the subsystem decrypts the encrypted version of the private data item after extracting the encrypted version of the private data item from the symbol.

Abstract: A system and method is set forth for communicating between a user network device, a partner service provider, a primary service provider and a user network device. The user network device initiates an account set-up page from the partner service provider, provides primary service account data in response to the account setup page and communicates the primary service account data to the primary service provider setup web service. The primary service provider validates the primary service account data and generates an encrypted token in response to validating the primary service account data. The user network device generates a request for data through a partner service provider. The partner service provider communicates the request for data with the encrypted token to the primary service provider. The primary service provider validates the request for data at the authentication web service and communicates data to the client device from a data web service through the partner service provider after validating.

Abstract: In an image encryption apparatus, an input processor inputs data of an input image. An encryptor encrypts a part or whole of the data of the input image. A marker generator generates data of a marker indicating an encrypted area. An image saver saves data of a marker-covered image covered with the marker. A marker sticker sticks the marker. An output processor outputs an encrypted image. In an image decryption apparatus, an input processor inputs data of an input image. A marker detector detects a marker and identifies an encrypted area. A decryptor decrypts data in the encrypted area. An image restorer restores data in an area covered with the marker by sticking data of a marker-covered image. An output processor outputs data of a decrypted image.

Abstract: Determination is executed as to whether an electronic document has been edited after addition of a second signature added after addition of a first signature. When it is determined that editing is made after the addition of the second signature, a verification result of the electronic document is output without determining whether editing is made after the addition of the first signature. If it is determined that editing is not made after the addition of the second signature, determination is executed as to whether editing is made after the addition of the first signature and the verification result of the electronic document is output based on an obtained determination result.

Abstract: A novel and unique method, program and apparatus for secured facsimile transmission. It converts the image pixels into 8 bit ASCII characters, encrypting the data and reconverting the encrypted data back into a scrambled image, which is then compressed and transmitted according to international standard of facsimile transmission regulation (CCITT) over an insecure public telephone line to the recipient. The scrambled image is saved in a special memory area of the receiving machine and may be de-scrambled upon an input of a password by the intended recipient.

Abstract: In an MFP, an image on an original is read and the image is stored as a document (input image) in an HDD. A marking-information generation module generates marking information (two-dimensional code information) expressing at least one of information relating to storage of the document and an output parameters of the document. A document-relevance-information management module relates the marking information to the stored image, and an encryption/decryption module encrypts the marking information. A marking generation module generates a marking image from the encrypted marking information, and the marking image is printed out.

Abstract: A cryptographically signed filesystem provides a central database resident on a server that contains database objects. The server creates startup software to be installed in a client system's read only memory. The startup software contains a hash value for a second stage loader. The server also creates software for a bootstrap loader object which typically contains the operating system for a client system and also the bootstrap loader's hash value and a digital signature that is unique to the server. The startup software and objects created by the server are initially installed on a client device at the time of manufacture. The server can update a client's bootstrap loader and root filesystem at any time through the transmission of slices.

Abstract: A system and method allows some or all of an e-mail message, such as the sender or its contents, to be authenticated, for example, to identify a message as potential spam.

Abstract: In a recording medium, a device administration program for making a computer execute the following steps using a usage restriction definition file is recorded. The usage restriction definition file is capable of defining at least one administration function among a plurality of administration functions of a device and includes a device password for obtaining an authentication of the device. The steps comprises a step of reading a usage availability definition information of the administration functions and the device password from the usage restriction definition file, a step of transmitting the read device password to the device, a step of recognizing usage availabilities of a plurality of administration functions of the device based on the read definition information, and a step of executing processing for using only usage available administration function based on the recognized results.

Abstract: Each of a first portion and a second portion of data is selected. Each of the first portion and the second portion of data are in the human-readable format and capable of being converted from a human-readable format to an electronically readable format. The first portion of data is encrypted and stored in a first electronically readable medium and the second portion of data is encrypted and stored in a second electronically readable medium, wherein the first electronically readable medium does not match with the second electronically readable medium. Each of the first portion and the second electronically readable medium is incorporated into the printed publication. The first portion of data is read from the first electronically readable medium using a first data reading device without removing the first electronically readable medium from the printed publication.

Abstract: A method for securing data in hardcopy documents. The method includes obtaining a page image having a private data item; generating an encrypted version of the private data item; obtaining a decoder identification (ID) value of a decoder; generating, using an encoder, a symbol having the encrypted version of the private data item and the decoder ID value; and generating a hardcopy document by recording the symbol on a physical medium, where the hardcopy document is transported to a subsystem having the decoder, and where the subsystem decrypts the encrypted version of the private data item after extracting the encrypted version of the private data item from the symbol.

Abstract: A watermarking system uses distinct bit patterns to identify a logic 0, a logic 1, and a marker bit, which demarcates segments of logic bit information. Marker bits, which are printed on both foreground and background areas of an image, outline message blocks. In message extraction, a preprocessing step removes any white boarders, identifies the best defined corner of a message block, crops the image, and rotates the image to place the identified corner at the top-left corner. Message extraction scans the rotated image in window segments of increasing size during multiple cycles. During each cycle, if a bit pattern cannot be identified as a data bit, then the size of the examined bit area is increased and rechecked to see it specifically is a marker bit. If no bit information can be definitively identified, then it is assigned a logic bit value based on a 50% random assignment.

Abstract: When a document creation unit 1 is started, it calculates a hash value of each software piece therein and stores the hash value in a hash value holder 71 and a measurement log document holder 44. The document creation unit 1 accesses a time distribution unit plural times to receive time information therefrom, and records the time information in a log document and a measurement log document. The document creation unit 1 transmits the log document, the measurement log document, and digital signature-embedded hash value information (measurement auxiliary document) in a tamper-resistant device 63 to a document reception device. The document reception device verifies matching of the hash values or digital signature in the document group, confirms software operating environments in the document creation unit 1 from the hash values, and determines whether the time information is correctly managed within the unit 1.