Abstract: An apparatus and method for ensuring data integrity of unauthenticated code is provided. With the apparatus and method, a hash value of unauthenticated code is embedded in associated automatically authenticated code. When the automatically authenticated code is downloaded and executed, the automatically authenticated code may require that the unauthenticated code also be downloaded for proper execution of the automatically authenticated code on a particular client device. The unauthenticated code can be downloaded and its integrity verified by generating a hash value of the unauthenticated code and comparing the generated hash value to a hash value embedded in the automatically authenticated code. If there is a match, the unauthenticated code is verified. If there is not a match, the unauthenticated code has been corrupted during transmission and is not verified. As a result, the unauthenticated code is not used by the client device.

Abstract: A scalable system for notification of a change in condition of an electronic certificate is provided. The system includes a network of servers capable of providing notification of changes in conditions of electronic certificate to an unlimited number of users. The system includes a first server comprising a detection module and a notification module. The system having at least one server capable of actively monitoring and detecting changes in conditions of a certificate. Other CAP servers in the system may and/or may not actively monitor electronic certificates at the same time. That is, these CAP servers may actively monitor conditions of electronic certificates at the same time they play passive roles (e.g., not monitoring the electronic certificates for which they will be notified of changes from another CAP server).

Abstract: Machine instructions comprising a bootstrap code are buried within a critical component of an electronic game console where they cannot readily be accessed or modified. A preloader portion in a read only memory (ROM) is hashed by the bootstrap code and the result is compared to an expected hash value maintained in the bootstrap code. Further verification of the boot-up process is carried out by the preloader, which hashes the code in ROM to obtain a hash value for the code. The result is verified against a digital signature value that defines an expected value for this hash. Failure to obtain any expected result terminates the boot-up process. Since the bootstrap code confirms the preloader, and the preloader confirms the remainder of the code in ROM, this technique is useful for ensuring that the code used for booting up the device has not been modified or replaced.

Abstract: A method and system for efficiently establishing secure communications between mobile devices in a radio network. The present invention utilizes public key cryptography and unique hardware identifiers to enable authorizations for access to wireless networks, such as picocells. The present invention prevents the mobile user from maintaining a plurality of secrets such as user identifier/password pairs, PINs, or encryption keys, for access to each device to which he might require access.

Abstract: Methods, systems and computer program products are provided for managing a smart card product by providing a plurality of generic definitions, at least a portion of which have a predefined relationship to others of the generic definitions, so as to provide a hierarchy of generic definitions. Generic definitions are selected from the plurality of generic definitions and associated with an instance of a card product definition so as to define characteristics of the smart card product associated with the instance of the card product definition. The selected generic definitions are populated with data associated with the smart card product so as to provide a hierarchy of instances of the generic definitions which define the characteristics of the smart card product. The smart card product is managed utilizing the hierarchy of instances of the generic definitions so as to provide the smart card product having the defined characteristics.

Abstract: A transaction system for use with passive data storage media, such as optical memory cards, uses secure protocols involving digital certificates for communication between a read/write drive and the medium and also for communication between the drive and a host computer. The drive is physically secured with tamper resistant features and stores cryptographic keys and firmware for executing the secure protocols. All messages (data or commands) passed between the drive and the passive medium or host computer not only are encrypted but also include at least one digital certificate for authenticating the message. Typically, asymmetric (public-private key) encryption is used and keys may be derived from an authorized user's password, personal identification number, or biometric data. The drive includes sensors to detect any attempted intrusions and a control unit that will destroy the critical information (keys and protocol code) in response to a detected intrusion.

Abstract: The invention generates a temporary digital certificate with a useful life of only a few minutes to a few hours. An expiration time is attached to such temporary digital certificate by a secure computer platform that is presented with a user's smart-card. Expiration dates one or two years after the issuance of the smart-card are conventional. A digital certificate issued by a central authority is carried within the smart card and is used by the secure computer platform to generate temporary digital certificate. The temporary digital certificate functions as a proxy digital certificate that will allow the user to immediately pocket the smart card and thus avoid the possibility of forgetting it in a card reader.

Abstract: A security system based on a tamper resistant badge that becomes deactivated if the badge is removed from the person authorized to wear the badge. The badge has a volatile memory for storing the security clearance information associated with the wearer and a processor having sufficient power to perform encrypted communications. The badge also has an attachment sensor that resets the security clearance information if the badge is removed from the wearer. A secure data processing system utilizing the badges includes an administrative computer, A, and a client computer, C. Computer A has an identity verification system for authenticating the identity of individuals having badges and loading the clearance information into the volatile memory after the badge is attached to the wearer. The C computers access the information in the badge's volatile memory to provide access to the wearer at the access level specified in the volatile memory.

Abstract: A method is presented for marking high-quality digital images with a robust and invisible watermark. It requires the mark to survive and remain detectable and authenticatable through all image manipulations that in themselves do not damage the image beyond useability. These manipulations include JPEG “lossy” compression and, in the extreme, the printing and rescanning of the image. The watermark also has the property that it can detect if the essential contents of the image has changed. The first phase of the method comprises extracting a digest or number N from the image so that N only (or mostly) depends on the essential information content, such that the same number N can be obtained from a scan of a high quality print of the image, from the compressed form of the image, or in general, from the image after minor modifications (introduced inadvertently by processing, noise etc.). The second phase comprises the marking.

Abstract: A device certificate identifies a particular device using a globally-unique device identifier and contains a public key associated therewith. A private key stored in protected storage of the device is used to digitally sign outbound messages, enabling communicating devices to authenticate one another using the associated device certificate and public key, before returning a response. Devices functioning as servers can thereby securely participate in dynamic, automatic address assignment services using a service such as a Boot Protocol or Dynamic Host Configuration Protocol, and/or to update address information stored in a Domain Name System (DNS) server, ensuring that the update is authentic, and when the DNS is also authenticated, ensuring that a legitimate DNS has been contacted.

Abstract: A device certificate identifies a particular device using a globally-unique device identifier and contains a public key associated therewith. A private key stored in protected storage of the device is used to digitally sign outbound messages, enabling the message receiver to authenticate the message originator. Devices requesting address assignment from a service such as a Boot Protocol or Dynamic Host Configuration Protocol service can be authenticated by that service before an address is assigned. The device of the service providing the address assignment may also digitally sign the requested address, using its own private key, enabling the address receiver to verify that the address provider is authentic before accepting and using the assigned address. A device requesting an update to address information stored in a Domain Name System (DNS) server can be authenticated and/or can ensure that a legitimate DNS has been contacted.

Abstract: This invention concerns an integrated circuit (IC) device, such as smart cards, electronic wallets, PC cards, and the like, and various methods for steganographically authenticating identities and authorizing transactions based on the authenticated identities. The IC device has a memory and a processor. The IC device maintains an identity authentication table in the memory to hold an arbitrary number of identities. The identity authentication table correlates identities with authentication structures. In preferred embodiments, the authentication structures each comprise a collection of commands, such as data processing commands, that are normally associated with data handling capabilities of the IC device. The commands are arranged into unique groupings that serve to identify the identity with which they are associated. Authentication can then take place outside of detectable cryptographic protocols.

Abstract: A method and a data file structure (100) for embedding a digital signature verification key (108) within a particular type of image data file enables validation of the image data (102a,b) autonomously—i.e. without consulting large external data bases of public keys or certificates.

Abstract: A walled garden contains links to one or more servers providing network-based services. A walled garden proxy server (WGPS) controls access to the walled garden. When a user of a client wishes to access a service in the walled garden, the client sends a request to the WGPS including a plot number identifying the service and a ticket granting the client access to the service. The WGPS denies access to clients lacking a ticket or presenting invalid tickets. In response, the client contacts a gateway server (GS) having a database of users and associated access rights. The user presents authentication information to the GS. If the user positively authenticates, the GS generates a ticket containing a Box ID from the client, an expiration date, and set of bits representing the access rights of the user. The GS encrypts the ticket and gives it to the client.

Abstract: A network system providing integration. The network system includes a client computer, a server, a server-side cryptographic function, a PKI-Bridge, a remote access switch, a client-side cryptographic function, a dial-up client, and a custom script dynamically linked library. The server-side cryptographic function is located on the server and provides cryptographic services. The PKI-Bridge provides an interface between the server and the server-side cryptographic function. The remote access switch provides an interface between the client computer and the server. The client-side cryptographic function is located on the client computer and provides cryptographic services. The dial-up client provides dial-up services to access the remote access switch. The custom script dynamically linked library provides an interface between the dial-up client and the client-side cryptographic function.

Abstract: A device, system and method are described for parsing and propagating end user identity received from a terminal (1) involved in a wireless session to an application in a gateway server (13). The PLMN (7) of which terminal (1) forms part provides access to external networks including a PSTN (9). In addition to conventional telephone operations, the terminal (1) provides its user with access to the internet (11) via the gateway server (13). The gateway server (13) may be operated by a service provider or perhaps a particular organisation such as a bank which for security reasons wishes to keep control of the gateway server (13). Software through which the transactions are carried out is provided by various so-called back-end applications resident on an applications server (17). A trust server (30) is provided which is connectable to the gateway server (13) controlling access to the application server (17).

Abstract: Methods and apparatus for protecting fixed storage entertainment assets are disclosed. A digital entertainment product stored on a digital media comprises a hub including a smart card storing thereon a certificate or private key and an exterior portion of the digital entertainment product surrounding the hub. The exterior portion stores encrypted digital entertainment content in a read-only format. The smart card is adapted for enabling decryption of the digital entertainment content using the certificate or private key. For instance, when public encryption schemes are desired, the smart card is adapted for accessing a public key and for generating a decryption key from the private key and the public key for decrypting the encrypted digital entertainment content. A player may then use this decryption key for decrypting the encrypted digital entertainment content for presentation to a user.

Abstract: A method and a system for authentication whereby authentication characteristic information is not disclosed to a third party when a verifier uses a verification device of a limited scale to authenticate a user's rights or qualifications. A ticket issuing device interacts with the user's interactive device having a secret function f to calculate document secret information &mgr; based on a document m (data) to be transmitted to the interactive device, whereby the user is issued a ticket t generated from authentication characteristic information x and the document secret information &pgr;. Upon receipt of the document m, the interactive device generates the document secret information using its unique secret function f to perform an interaction based on the generated information. The interaction involves output of a commitment r, input of a challenge c, and an output of a response &sgr;.

Abstract: This invention concerns an optical storage medium which stores a public key infrastructure(PKI)-based private key and a digital certificate for certificate for certification and security used in electronic commerce, and a method and system for issuing the private key and digital certificate, as well as a method of using such an optical storage medium and system. The optical storage medium, such as a compact disk or digital video disk, provides for a digital signature and may be used in conjunction with a memorized password by the user. By providing an optical storage medium capable of storing large amounts of data, the user can employ the private key and digital certificate even though he or she is not familiar with a computer.

Abstract: Methods, signals, devices, and systems are provided for delegating rights in a distributed computer system from a principal to one or more deputies. The deputies have identities separate from the principal. This allows the deputies to persist after the principal logs off the system, and permits deputization across boundaries imposed by namespaces and particular network protocols. A deputy may also delegate rights to additional deputies. Deputization is accomplished using certificates, credentials, public and private keys, process creation, and other tools and techniques.

Abstract: A token issuance and binding process includes providing a plurality of tokens, each token having a unique ID number stored therein. A unique public/private key pair is generated for each token and each token ID number and corresponding public key is stored in a directory/database. Each private key is stored in its respective token and a unique ID number of a user is bound to a corresponding one of the plurality of tokens by storing the correspondence there between in the directory/database.

Abstract: An electronic system and corresponding method for authenticating firmware stored in a memory element external to a processor. In one embodiment, an electronic system comprises a processor and a memory element. The memory element is used to contain firmware and a digital signature of the firmware signed by a signatory. Coupled to the memory element, the processor authenticates the firmware during a predetermined condition, which occurs prior to execution of the firmware, through use of a pre-stored public key of the signatory and a pre-stored digital signature function.

Abstract: A network system providing integration. The network system includes a client computer, a server, a server-side cryptographic function, a PKI-Bridge, a remote access switch, a client-side cryptographic function, a dial-up client, and a custom script dynamically linked library. The server-side cryptographic function is located on the server and provides cryptographic services. The PKI-Bridge provides an interface between the server and the server-side cryptographic function. The remote access switch provides an interface between the client computer and the server. The client-side cryptographic function is located on the client computer and provides cryptographic services. The dial-up client provides dial-up services to access the remote access switch. The custom script dynamically linked library provides an interface between the dial-up client and the client-side cryptographic function.

Abstract: An integrated circuit includes: a digital signature module coupled in the integrated circuit so as to receive a time of day signal string from a clock module and digitally sign the signal string.

Abstract: A content distributing server refers to user authenticating open key certificates transmitted from user equipment to authenticate users. Further, it inserts an electronic watermark into a content in which any electronic watermark has not yet been inserted. A check server checks contents stocked in the content distributing servers, and if unjustness is detected, it requests an authentication organization server to rescind the user authenticating open key certificate of the content distributing server. The authentication organization server issues the open key certificates for authentication of users and content distributing servers and a rescission list in which only rescinded open key certificates are described. Further, the rescission list is renewed on the basis of a notification from the check server.

Abstract: Authentication is provided for secure devices with limited cryptography, particularly for devices which do not have the capability to do public-key cryptography and generate random numbers. An initialization process is disclosed for limited-power Devices which are unable to perform public-key cryptography and generate random-numbers, as well as for full-power Devices which have the capability to do public-key cryptography and generate random numbers. A Challenge-Response procedure is also disclosed for ensuring the secure state of a device.

Abstract: A distributed device management system. The system includes a set of distributed devices, such as point-of-sale devices. The devices are managed by a remote host.

Abstract: Authentication is provided for secure devices with limited cryptography, particularly for devices which do not have the capability to do public-key cryptography and generate random numbers. An initialization process is disclosed for limited-power Devices which are unable to perform public-key cryptography and generate random-numbers, as well as for full-power Devices which have the capability to do public-key cryptography and generate random numbers. A Challenge-Response procedure is also disclosed for ensuring the secure state of a device.

Abstract: A method of establishing secure data transmission in a communications network between a client (3) and a remote network entity (4), the method comprising the steps of:

Abstract: A data reproducing apparatus high in security against unauthorized duplication. A drive 20 includes a first CSS encoder 21 for performing first encryption processing on picture data etc reproduced from an optical disc D and a second CSS encoder 22 for performing second encryption processing different from the first encryption processing on the media type information of the optical disc D. The drive transmits the so-processed data or information. A data processing device 30 performs decryption processing on the transmitted picture data etc and on the media type information by respective independent decoders. The data processing apparatus detects the copyright control information from the picture data etc and performs reproduction limitation or recording limitation on the picture data etc.

Abstract: A unique TIO based trust information delivery scheme is disclosed that allows clients to verify received certificates and to control Java and Javascript access efficiently.

Abstract: In an IC card incorporating residual multiplier hardware for implementing a high-speed algorithm for a residual multiplication arithmetic, a method and a device capable of executing public key encryption processing such as an elliptic curve encryption processing at a high speed. Residual arithmetic succeeding to generation of a random number and residual arithmetic in a signature generating processing can be executed by using a residual multiplier. Further, in order to use effectively the residual multiplier for arithmetic operation on an elliptic curve, the point on the elliptic curve is transformed from a two-dimensional affine coordinate system to a three-dimensional coordinate system. Additionally, multiplicative inverse arithmetic for realizing reverse transformation from the three-dimensional coordinate system to the two-dimensional affine coordinate system as well as for determining a signature s can be executed only with the residual multiplication arithmetic.

Abstract: A network system providing integration. The network system includes a client computer, a server, a server-side cryptographic function, a PKI-Bridge, a remote access switch, a client-side cryptographic function, a dial-up client, and a custom script dynamically linked library. The server-side cryptographic function is located on the server and provides cryptographic services. The PKI-Bridge provides an interface between the server and the server-side cryptographic function. The remote access switch provides an interface between the client computer and the server. The client-side cryptographic function is located on the client computer and provides cryptographic services. The dial-up client provides dial-up services to access the remote access switch. The custom script dynamically linked library provides an interface between the dial-up client and the client-side cryptographic function.

Abstract: A method for the management of certificates stored on an identity module, wherein a certificate is received to the identity module, and information obtained from the certificate is stored on the identity module. The method makes it possible to increase the number of certificates that can be stored on the identity module.

Abstract: A document printout device for receiving and printing out digital documents. The printout device comprises a store of digital certificates, each certificate being associated with a received digital document, and an audit log comprising a list of received document entries. Each entry in the list contains a reference to one of the certificates in the store and a unique identifier associated with a received digital document. The device is arranged to carry out an on-line authentication of a received certificate held in the store of received documents or even to carry out a batch of on-line authentications of received certificates held in the store of received documents.

Abstract: A connectivity unit CB provides for communication with a service entity across a communications infrastructure. Prior to operational use, the connectivity unit is configured by the downloading of operational communications parameters over the communications infrastructure to the connectivity unit. To this end, the connectivity unit has configuration communications parameters pre-installed therein prior to the user taking possession of the unit. The configuration process involves a first phase (Phase I) in which the user C gives the operator of the service entity certain details (name, address, telephone number) by calling a call center, these details being entered into a user record held in a database. Thereafter a second phase (Phase II) is effected in which the unit connects to a configuration manager of the service entity by using a configuration network access point NAP which carries out a logon authorisation check by contacting a configuration authorisation server.

Abstract: A method and mechanism to enforce reduced access via restricted access tokens. Restricted access tokens are based on an existing token, and have less access than that existing token. A process is associated with a restricted token, and when the restricted process attempts to perform an action on a resource, a security mechanism compares the access token information with security information associated with the resource to grant or deny access. Application programs may have restriction information stored in association therewith, such that when launched, a restricted token is created for that application based on the restriction information thereby automatically reducing that application's access. Applications may be divided into different access levels such as privileged and non-privileged portions, thereby automatically restricting the actions a user can perform via that application.

Abstract: Certification and authentication services (electronic information signing and archiving services) are given when electronic commerce is carried out in an open network such as Internet. A system has a service supplying unit and service receiving units which are connected to one another through a communication network. In the system, the service supplying unit transmits contract information including a content of a contract to the service receiving units of the service receivers. Each of the service receiving units having received the contract information prepares one party-signed contract information in which the contract information is digitally signed by the service receiver and transmits the one party-signed contract information to the service supplying unit.

Abstract: Authentication is provided for secure devices with limited cryptography, particularly for devices which do not have the capability to do public-key cryptography and generate random numbers. An initialization process is disclosed for limited-power Devices which are unable to perform public-key cryptography and generate random-numbers, as well as for full-power Devices which have the capability to do public-key cryptography and generate random numbers. A Challenge-Response procedure is also disclosed for ensuring the secure state of a device.

Abstract: A method of producing a hardware agent being a single integrated circuit encapsulated within a semiconductor device package. The method comprises the steps of generating a device-specific key pair internally within the hardware agent, and verifying that the key pair is unique. After production, secure communications are established through transmission of at least one digital certificate, followed by a successful challenge and response communication exchange.

Abstract: A system for open electronic commerce having a customer trusted agent securely communicating with a first money module, and a merchant trusted agent securely communicating with a second money module. Both trusted agents are capable of establishing a first cryptographically secure session, and both money modules are capable of establishing a second cryptographically secure session. The merchant trusted agent transfers electronic merchandise to the customer trusted agent, and the first money module transfers electronic money to the second money module. The money modules inform their trusted agents of the successful completion of payment, and the customer may use the purchased electronic merchandise. A certificate data signed by a trusted authority is stored in a tamper proof electronic processing device, which certificate includes a unique device ID and a public key of the device, in addition to device owner ID data.

Abstract: A digital certificate is formed from a digitized representation of a unique biological feature of a registrant, for example, the registrant's chromosomal DNA. The digital representation is signed with the registrant's private encryption key and transmitted to a certificate authority. The registrant's identity is verified at a remote registration terminal. When the registrant's identity has been verified the certificate authority forms the certificate by encrypting the digital signature with the certificate authority's own encrypting key. The certificate is also held in a publicly available directory. The certificate is used to authenticate an electronic document by appending the certificate to the electronic document. The document and the certificate are then transmitted to a receiving terminal. The identity of the transmitting party can be verified by inspecting the certificate.

Abstract: Authentication is provided for secure devices with limited cryptography, particularly for devices which do not have the capability to do public-key cryptography and generate random numbers. An initialization process is disclosed for limited-power Devices which are unable to perform public-key cryptography and generate random-numbers, as well as for full-power Devices which have the capability to do public-key cryptography and generate random numbers. A Challenge-Response procedure is also disclosed for ensuring the secure state of a device.

Abstract: The present invention relates to an electronic module used for secure transactions. More specifically, the electronic module is capable of passing information back and forth between a service provider's equipment via a secure, encrypted technique so that money and other valuable data can be securely passed electronically. The module is capable of being programmed, keeping track of real time, recording transactions for later review, and creating encryption key pairs.

Abstract: A system for open electronic commerce having a customer trusted agent securely communicating with a first money module, and a merchant trusted agent securely communicating with a second money module. Both trusted agents are capable of establishing a first cryptographically secure session, and both money modules are capable of establishing a second cryptographically secure session. The merchant trusted agent transfers electronic merchandise to the customer trusted agent, and the first money module transfers electronic money to the second money module. The money modules inform their trusted agents of the successful completion of payment, and the customer may use the purchased electronic merchandise.

Abstract: A cryptographic device being remotely modified only by proper authorization. The cryptographic device comprising a processor, non-volatile memory and a bus interface. The non-volatile memory stores at least a public key of an upgrade entity and possibly a public key of a regulatory entity, a unique, device-specific encryption/decryption key pair and/or internal memory for storing cryptographic programs. The processor processes the cryptographic programs to modifying contents of the non-volatile memory based on an upgrade directive within an upgrade message transmitted by the upgrade entity to the cryptographic device.