Abstract: When a user or a portable device enters work space, the user or the portable device entering the work space is detected by reading of an ID tag, and a connection interface public server for managing connection interfaces of computational resources which these user and portable device have and a coordination server for performing coupling processing are notified. The coordination server acquires the connection interfaces corresponding to the computational resources of the entering user or the portable device from the public server and couples these and thereby, it is constructed so that linkage between the computational resources shareable in the work space can be performed to make use.

Abstract: Distinctively marking authentication forms and preemptively searching for and detecting unauthorized authentication forms. The invention includes creating a sign-in module having an identifying characteristic and presenting the created sign-in module to the user via a user interface. The invention also includes searching a plurality of web pages for the identifying characteristic and determining whether each of the searched web pages is authorized to include the created sign-in module.

Abstract: Obtaining tokens with alternate personally identifying information. A method may be practiced, for example, in a networked computing environment including a client and a token issuer. The token issuer provides security tokens to the client that the client can use for accessing functionality of services in the networked computing environment. The method includes sending a security token request to a token issuer. The security token request specifies alternate personally identifying information for an entity. The method further includes receiving a security token from the security token issuer. The security token includes the alternate personally identifying information.

Abstract: An intermediate entity can generate a necessary credential to allow two other entities to bypass the intermediate entity when establishing communications between two other entities in a computing system represented by either a directed or an undirected graph. The intermediate entity receives credentials for communications links between itself and each of the other two entities. The intermediate entity also receives a chaining parameter associated with the intermediate entity. With the two credentials and the chaining parameter, the intermediate entity can compute a necessary credential to allow communication between the other two entities. In addition, the intermediate entity can compute the necessary credential independent of a security manager during the computation operation.

Abstract: A virtual private network (VPN) enrollment protocol gateway is described herein. The protocol gateway is implemented as a registration authority that operates as an intermediary between routers and a certificate authority, allowing routers operating in accordance with one protocol to obtain and maintain certificates for a VPN from a certificate authority operating in accordance with another protocol. In accordance with one aspect, the gateway protocol supports various requests from the router, including router enrollment requests, get certificate revocation list request, get certificate requests, get certificate authority certificate requests, and password requests.

Abstract: The present invention creates a SOAP message without using DOM by generating a body part by sequentially performing such a process of a message as encryption or signing for each piece of the message, generating a header part by using information acquired during the process, and by combining the body part and the header part. The present invention also breaks a SOAP message without using DOM by acquiring header information with parsing a received SOAP message and sequentially performing decode or verification of a signature of a body part according to the header information.

Abstract: An authentication mechanism uses a trusted people store that can be populated on an individual basis by users of computing devices, and can comprise certificates of entities that the user wishes to allow to act as certification authorities. Consequently, peer-to-peer connections can be made even if neither device presents a certificate or certificate chain signed by a third-party certificate authority, so long as each device present a certificate or certificate chain signed by a device present in the trusted people store. Once authenticated, a remote user can access trusted resources on a host device by having local processes mimic the user and create an appropriate token by changing the user's password or password type to a hash of the user's certificate and then logging the user on. The token can be referenced in a standard manner to determine whether the remote user is authorized to access the trusted resource.

Abstract: Controlling unauthorized access to software distributed to a user by a vendor. A verification key is generated by a product key generator and either embedded in the software prior to distribution or packaged with the software as a self-installing package. The verification key includes a public verification key. The combination of the software and the verification key create distributable software which is distributed to a user. The user installs the software on a user computer system as protected software. To obtain a user key, the user inputs identifying information, which may be for the user or for a group, which is sent to a user key generator. The user key generator converts the identifying information to a numeric representation and then generates, by signing the numeric representation with the private signing key, a user key, which is returned to the user.

Abstract: A method for producing a certificate, the certificate including data, the method including choosing a seed s, the seed s including a result of applying a function H to the data, generating a key pair (E,D), such that E=F(s,t), F being a publicly known function, and including s and t in the certificate. Related methods, and certificates produced by the various methods, are also described.

Abstract: A system for securely vaulting, auditing, controlling and transferring electronic transferable records (TRs) with unique ownership, including at least one registry for registering the electronic transferable record with unique ownership in a TR registry record; at least one secure storage manager (SSM) associated with the registry, the SSM storing the transferable record registered in the registry as an authoritative copy, the secure storage manager being distinct from said registry. The transferable record can be transferred in a transaction between an originating party and a receiving party with a transaction descriptor including information about the parties involved in the transaction and an identification of the TR being transferred. The transaction descriptor is initially signed by the originating party with the TR, subsequently verified and countersigned by the registry and signed by said accepting party.

Abstract: A method for real-time validation of an electronically signature generated onboard a mobile system. The method includes maintaining a ground mobile user account management (GMUAM) module user database to have up-to-date authorized user account information. The GMUAM is hosted by a stationary central computer system (CCS). The method additionally includes transferring the up-to-date authorized user account information stored on the GMUAM user database to a mobile user account management (MUAM) module user database, thereby updating the MUAM user data base with up-to-date authorized user account information. The MUAM module is included in an onboard computer system (OCS) hosted by the mobile system. The method further includes evoking a signature validator module communicatively connected to the MUAM module to access the MUAM database and verify whether user account information included in an electronic signature initiated by a secure data application (SDA) is authorized user account information.

Abstract: In one embodiment, a Manufacturer Installed Certificate (MIC) and a personal identification number are sent to a call controller to request a configuration profile. When the configuration file is received, the IP phone is provisioned according to the configuration profile.

Abstract: Security of an information processing apparatus is ensured by performing biological information authentication and collecting the environment information about the information processing apparatus. The information processing apparatus transmits the collected environment information to a first authentication apparatus. An electronic certificate issued by a second authentication apparatus and information encrypted with a secret key issued by the second authentication apparatus are transmitted to the first authentication apparatus. The first authentication apparatus acquires the public key of the second authentication apparatus and the public key of the information processing apparatus so as to decrypt the encrypted information, and judges whether or not the decrypted information is proper. The first authentication apparatus refers to an environment information database and the transmitted information, and judges whether or not the transmitted environment information is proper.

Abstract: At least one software application is stored in a memory device, where a security data structure controls access to information obtainable from data stored in the device and to the at least one software application. A set of protocols control communication between a host and a memory device. Invocation of at least one software application stored in the memory device modifies the protocol. A security data structure controls access to data stored in the memory device according to an access policy. Invocation of at least one software application stored in the memory device imposes at least one condition in addition to the access policy for accessing the data. A data object storing data in the memory device is associated with at least one software application. Accessing the object will invoke the at least one software application which processes the data in the object. Individual ones of a plurality of first sets of protocols are selectable for enabling data to be provided and stored in a data object.

Abstract: A method for a secure transmission of information between a first and a second module is disclosed. Each module contains one of the keys of two pairs of keys. A first number and a second number are randomly generated in the first module, and a third number is randomly generated in the second module. A check is made that a random number encrypted by one of the modules, then decrypted by the other, then re-transmitted re-encrypted to the initial module, is after decryption in the latter identical to the original random number. In each of the modules a common session key K is created independently with at least three same numbers generated randomly partially in one module and partially in the other module. Information transmitted between the two modules is encrypted with the common session key.

Abstract: A method for facilitating electronic certification, and systems for use therewith, are presented in the context of public key encryption infrastructures. Some aspects of the invention provide methods for facilitating electronic certification using authority-neutral service requests sent by an application, which are then formatted by a server comprising a middleware that can convert the authority-neutral request into certification authority specific objects. The server and middleware then return a response from a selected certification authority back to the service requesting application. Thus, the server and/or middleware act as intermediaries that facilitate user transactions in an environment having multiple certification authorities without undue burden on the applications or the expense and reliability problems associated therewith.

Abstract: A method is provided for provisioning a device certificate on a device. The device is configured to communicate wirelessly with a plurality of backend servers via a communication network. The communication network includes a mobile data server. An activation request is initiated to the mobile data server for activating the device on the communication network. During activation, a device certificate request is provided to the mobile data server for the device. The device certificate request includes at least a user identifier, a device identifier and a device public key. The device certificate request is forwarded from the mobile data server to a predefined certification authority. A device certificate from the predefined certification authority is received at the device in response to the device certificate request.

Abstract: A network management method and system is provided that issues a digital certificate easily and safely. A digital certificate is issued to a personal computer that is to newly join a network by the following method. A provisional authentication server issues a first digital certificate that is a provisional certificate of the personal computer. The personal computer enters the first digital certificate and a private key corresponding thereto. The personal computer and a formal authentication server establish a connection for encryption communication based on the first digital certificate. After establishing the connection, the formal authentication server generates a second digital certificate that is a formal digital certificate of the personal computer. Further, an experimental network independent of the network is prepared and participation of a personal computer having the first digital certificate into the experimental network is allowed.

Abstract: Methods and systems are directed to authenticating a client over a network. The client generates a certificate and sends it to a server through a trusted mechanism. The server is configured to store the received certificate. When the client requests authentication over the network, it provides the certificate again, along with a parameter associated with a secure session. The server verifies the parameter associated with the secure session and determines if the certificate is substantially the same as the stored certificate. The server authenticates the client over the network, if the certificate is determined to be stored. In another embodiment, the client transmits the certificate that is generated by a third party Certificate Authority (CA) based, in part, on the client's public key.

Abstract: A computer system comprises a first computer entity arranged to encrypt data using an encryption key comprising a time value, and a second computer entity arranged to generate, at intervals, a decryption key using a current time value. The encryption and decryption processes are such that the decryption key generated using a current time value corresponding to that used for the encryption key, is apt to decrypt the encrypted s data.

Abstract: An object known as an identity object comprises a public key and a private key pair and at least one certificate issued by a certificate authority that certifies that the public key of the pair is genuine. In one embodiment, this object may be used as proof of identification by using the private key to sign data provided to it or signals derived from the data. An identity object may be stored in a non-volatile memory as proof of identity, where the memory is controlled by a controller. Preferably, a housing encloses the memory and the controller. In another embodiment, an identity object may be stored in a non-volatile memory of a memory system as proof of identity. The memory system is removably connected to a host device. After the host device has been successfully authenticated, the private key of the object is used to encrypt data from the host device or signals derived from said data, and the at least one certificate and the encrypted data or signals are sent to the host device.

Abstract: An object known as an identity object comprises a public key and a private key pair and at least one certificate issued by a certificate authority that certifies that the public key of the pair is genuine. In one embodiment, this object may be used as proof of identification by using the private key to sign data provided to it or signals derived from the data. An identity object may be stored in a non-volatile memory as proof of identity, where the memory is controlled by a controller. Preferably, a housing encloses the memory and the controller. In another embodiment, an identity object may be stored in a non-volatile memory of a memory system as proof of identity. The memory system is removably connected to a host device. After the host device has been successfully authenticated, the private key of the object is used to encrypt data from the host device or signals derived from said data, and the at least one certificate and the encrypted data or signals are sent to the host device.

Abstract: A mark issuing server operated by a mark issuer manages mark information collectively. A terminal of a user sends an information providing request to an information providing server of an information provider, and issues a mark issuing request to the mark issuing server on the basis of the information providing request. The information providing server searches for information corresponding to the information providing request from the terminal of the user, and provides the terminal of the user with information including requested information and location information of the mark issuing server. The mark issuing server determines validity of information provided from the information providing server on the basis of the mark issuing request, and sends a mark to the terminal of the user when the validity is verified, and the terminal of the user displays the mark with the information provided from the information providing server.

Abstract: A mail receiving section receives S/MIME signature mail from a host of a member. A member checking section checks the electronic signature of the signature mail for validity and determines whether or not the member belongs to a group. If the member checking section checks that the mail is from the valid member, a mail storing section requests an archive service section to archive the mail. A signature creating section uses a secret key unique to the group to create an electronic signature of the group. A mail transmitting section transmits the mail with the electronic signature of the group to the receiver.

Abstract: Access to content may be administered by storing content, the content comprising one or more selections, accessing a passive optical out-of-band token associated with the content, determining an access right for the content based on the passive optical out-of-band token, and enabling access to the content in accordance with the access right.

Abstract: Techniques are provided for dynamically establishing and managing trust relationships. A first principal initially requests a community list. The community list includes identities of one or more second principals with which the first principal can establish trusted relationships with. The community list is associated with a trust specification. The trust specification defines the policies and access rights associated with interactions between the first principal and the second principals during any active trusted relationships. The first principal can dynamically subdivide, manage, and modify entries of the community list and the trust specification, assuming any such modifications are permissible according to global contracts and policies associated with the first principal.

Abstract: A method, system, and service of authenticating a public key certificate for a relying party (RP). A Certificate Authority (CA), who issued the certificate, is a member of a Public Key Infrastructure (PKI) having a Certificate Policy (CP). First quality levels required of the CA by the RP are accessed by a certificate classification service (CCS) and corresponding second quality levels possessed by the CA are ascertained by the CCS. At least one quality characteristic pertaining to the second quality levels relates to at least one element of the CP. The ascertained second quality levels are compared by the CCS with the corresponding accessed first quality levels. A result of the comparing, communicated by the CCS to the RP, is that the certificate is authenticated if the comparing has determined that each first quality level is not less than each corresponding second quality level.

Abstract: A content distribution system allowing user authentication to be performed to identify a user in content transaction, thereby permitting the content to be used. The content is distributed with a secure container. The secure container includes the content enciphered with a content key and container information in which the content transaction condition is set. The container information includes an identification certificate identifier list. An identification certificate contains a template serving as personal identification data of a user who is to receive the content and it is identified in accordance with the list. A service provider, a user device, or the like authenticates the user in accordance with the identified certificate, and then permits the content to be used.

Abstract: A method and system for key certification in a public key infrastructure. The infrastructure has a network formed of a plurality of nodes. Each node has a private and public key pair. The nodes are either or both a certifying node and a certified node. A certifying node provides a digital certificate referring to the public key of a certified node. The digital certificate is signed by the private key of the certifying node. The method includes providing a root public key for a user, the root public key being at a any node in the network chosen by the user, and providing a chain of digital certificates from the node with the root public key across the node network to any other node.

Abstract: A Digital Rights Management (DRM) system has a plurality of DRM servers performing DRM functionality and an entering DRM-E server is enrolled into the system by an enrolling DRM-R server such that the entering DRM-E server is to be trusted within the system. The DRM-E server sends an enrollment request to the DRM-R server including a proffering identification and a public key (PU-E). The DRM-R server validates the proffering identification, and, if the request is to be honored, generates a digital enrollment certificate with (PU-E) for the DRM-E server to enroll such DRM-E server into the DRM system. The now-enrolled DRM-E server with the generated enrollment certificate is able to employ same to issue DRM documents within the DRM system.

Abstract: A method, apparatus, and computer instructions for authorizing execution of an application on the data processing system. A request is received to execute the application, wherein the request originates from a remote data processing system and wherein the request includes a digital certificate and the application. The digital certificate is verified in response to receiving the request. Responsive to verifying the digital certificate, a digital digest is calculated for the application to form a calculated digital digest. The calculated digital digest is compared with a set of digital digests from a trusted source. The application is executed if a match between the calculated digital digest and set of digital digests occurs.

Abstract: A system and method for enabling secure communications from a shared multifunction peripheral device is provided. The shared multifunction peripheral device first receives identification data representative of an associated user requesting a document processing operation. Upon authentication of the user, a key pair is generated by the shared multifunction peripheral device. The shared multifunction peripheral device also generates a limited operation certificate, restricting the user to a particular function offered by the shared multifunction peripheral device. The certificate is then stored by the shared multifunction peripheral device and the private key is encrypted using the received identification data. The public key and encrypted private key are then stored by the shared multifunction peripheral device. An electronic mail message is then generated by the shared multifunction peripheral device and digitally signed using the private key, whereupon it is transmitted to one or more designated recipients.

Abstract: A system and method for certificate-based client registration via a document processing device is provided. A client device, having an operating system disparate from a document processing device on a computer network, connects to the document processing device to procure a valid digital certificate. The document processing device receives authentication data from the client device, which is then verified by a trusted authentication server. The document processing device, based upon the verification by the authentication server, authenticates the certificate request made by the client device. The document processing device then forwards the authenticated certificate request to a trusted certificate server for issuance of a digital certificate. The certificate server issues the digital certificate, which is then returned to the document processing device.

Abstract: A host/agent system and security-certificate-management infrastructure enhanced to provide backward compatibility, despite launching of new administrative host processes employing new software versions, to avoid regenerating and redistributing security certificates to existing agents. Certificate management is removed from the administrative host process and embedded within a new certification-authority entity. The new certification-authority entity generates new digitally signed security certificates using the previously generated host private decryption key, inherited as the new CA private decryption key by the CA. The administrative host software can be upgraded to a new version that includes security-certificate-management tools provided by a new vendor, without the need for generation of a new encryption/decryption key pair for verifying and digitally signing security certificates and concomitant obsolescence of the existing, already distributed security certificates.

Abstract: A computer system with a monitor display, comprises a decoder unit configured to decode video data containing digital watermark information to derive decoded data, and configured to determine, based on information included in the video data, whether or not first certification for certifying that the video data is legitimately reproduced data succeeds, and a graphics controller which determines, using the digital watermark information, whether or not second certification for certifying that the video data is to be protected from being copied succeeds, the graphics controller converting the decoded data into a protected decoded data from being copied and outputting the protected decoded data to the monitor display if the first certification and the second certification succeed, and the graphics controller inhibiting the decoded data from being output to the monitor display if the first certification fails and the second certification succeeds.

Abstract: An identity based service system is provided, in which an identity is created and managed for a user or principal, such that at least a portion of the identity is available to use between one or more system entities. A discovery service enables a system entity to discover a service descriptor, given a service name and a name identifier of the user, whereby system entities can find and invoke the user's other personal web services. The discovery service preferably provides a translation between a plurality of namespaces, to prevent linkable identity information over time between system entities.

Abstract: One embodiment of the present invention provides a system that provides virtual transport layer security on a virtual network to facilitate peer-to-peer communications. The system creates a first pipe that functions as a one-way input channel into a first peer. Next, the system associates a first peer identifier with the first pipe and advertises the availability of this first pipe. A second peer connects to this first pipe to communicate with the first peer. The system also creates a second pipe at the second peer, and a second peer identifier is associated with this second pipe. The first peer connects to this second pipe to communicate with the second peer. The first pipe and the second pipe form a virtual connection through which the first peer and the second peer can communicate securely.

Abstract: A method of certifying transmission, reception and authenticity of electronic documents between a sender user (2) and addressee user (3) belonging to a telecommunication network (4) is disclosed, wherein the sender (2) carries out the following steps: drafting the document to be sent putting the electronic address of addressee (3), sending to a mailbox belonging to the telecommunication network associated to the addressee (3) a message comprising the drafted documents and wherein the addressee (3) carries out the step of downloading the message from the mailbox associated to him. The method provides for the automatic generation of a certificate of transmittal of the message that is being automatically sent to the mailbox of the sender (2) by a certification entity connected to the network when the message reaches the mailbox of the addressee (3).

Abstract: An apparatus and method collects, for a community of interest, at least one cross certificate associated with an anchor certificate issuing unit, and obtains at least one certificate issuing unit public key and an associated unique identifier for a cross-certified certificate issuing unit identified by the at least one cross certificate. For example, a certificate issuing unit, client unit, or other suitable unit, searches for one or up to all certification authorities or certificate issuing units that it can trust based on cross certificate chains. This is done, for example, from a given trust anchor. The apparatus selects those obtained certificates that satisfy, for example, some search criteria, such as what policy must be enforced in each certificate, for example, the allowed path length or depth that the apparatus is allowed to evaluate, and creates a signed certificate set, such as a list of all trusted certificate issuing units from the perspective of a given trust anchor.

Abstract: A scanned document management system for managing a paper document in a state in which the paper document is scanned and transformed into electronic data, registers an attribute of the document by a manager; when printing out the document, registers identification information of the document with correspondence to the attribute, issues a document authentication representing certificate including the identification information, coding the document authentication representing certificate and prints out the same with including the same in a document image; and, when scanning the document, extracts the coded document authentication representing certificate from the document, obtains the attribute from the identification information included in the document authentication representing certificate to determine whether or not authentication is possible therewith, and allows transfer of the document image thus scanned, when the authentication is possible.

Abstract: A person authentication system capable of performing personal authentication by comparing templates that is personal identification data with sampling information input by a user is disclosed. For example, a service provider (SP) or a user device (UD) acquires the templates from a person identification certificate (IDC) generated by a personal identification certificate authority that is a third party to thereby perform personal authentication. The IDC stores data, such as a certificate identifier and a user identifier, in accordance with a format, and also stores encrypted templates in a manner that the data can be decrypted by an entity that performs authentication. This arrangement achieves efficient template retrieval and a personal authentication process, as well as effective prevention of the templates from being leaking out.

Abstract: A cryptographic method of protection against fraud in transactions between an application and an electronic chip of a user. Both the electronic chip and the application compute a certificate (Sp, S) which is the result of applying a non-linear function f to a list of arguments (e1, e2) comprising at least a seed R and a secret key KO. A second secret key K? which is known only to the electronic chip and to the application is allocated to and kept secret in the electronic chip. Upon each authentication of the electronic chip, a mask M is determined by computing it from at least a portion of the secret key K?. The value of the certificate (Sp) is masked by means of the mask M to make available to the application only the masked value of the certificate (Spm). The application is used to verify the masked value of the certificate (Spm) computed by the electronic chip.

Abstract: A management device configured to communicate with at least one second management device and at least one terminal device via a network includes an acquiring system configured to acquire first management information managed by the management device, a receiving system configured to receive second management information managed by each of the at least one second management device from each of the at least one second management device, a management information request receiving system configured to receive a management information request for the first management information and the second management information from the at least one terminal device, and a sending system configured to send, to the at least one terminal device, the first management information acquired by the acquiring system and the second management information received by the receiving system in response to the management information request being received by the management information request receiving system.

Abstract: There is provided a communication system in which a network device and an information processing device are communicatably connected to each other through a network. The network device comprises a certificate providing unit to transmit an electronic certificate to the information processing device through the network; and a printing unit configured to print an image of a public key corresponding to the electronic certificate. The information processing device comprises: a certificate reception unit to receive the electronic certificate from the certificate providing unit through the network; an image output unit to generate and output an image of the public key described in the received electronic certificate; and an installation unit configured to install the electronic certificate onto the information processing device in response to a fact that the generated image of the public key is output by the image output unit and a command for installation of an electronic certificate is received.

Abstract: A system for protecting digital files is provided. The system includes at least one client computer and a server connected to the at lease one server. Each client computer includes: a file identifier generating module, for generating a file identifier for a digital file; a key generating module, for generating a key for the digital file; and a data encoding module, for encrypting the digital file according to the key. The server includes an identification validating module for determining whether a user intending to access the digital file has a corresponding access right, according to the user's digital certificate information. A related method is also provided.

Abstract: A credibility computing apparatus calculates credibility of a certificate based on use duration of the certificate. The use duration is a duration from the date of issue of the certificate to the current date.

Abstract: In an address management system, an interface ID can be handed over from one apparatus to another without losing the correspondence between the interface ID and a user. As a result, the interface ID can be used as a unique identifier for the user. Accordingly, an effective infrastructure for individualized services is achieved. The interface ID may be constant for one user even when an apparatus is replaced, and thus IPv6 communication can be used as a user-associated address in high availability services, such as telephone services. Furthermore, the interface ID can be returned and reused, and thus the interface ID can be efficiently used.

Abstract: Conventional archive and retrieval systems inadequately identify the archival data with sufficient granularity to associate data items with retrieval performance, and do not define a recourse following loss of archived data. A method for file archiving, identification, and failure recourse facilitates successive disposition by generating an authenticated receipt of files transferred for storage via an authentication instrument that is verifiable towards both the data stored and a corresponding agreement. The authenticated receipt provides nonrepudiation assurances about the content of the file and the contractual terms under which the file was stored via an authenticating signature of the archive storage server which associates the file content with the contractual terms.

Abstract: An improved monetary system using electronic media to exchange economic value securely and reliably is disclosed. The system provides a complete monetary system having electronic money that is interchangeable with conventional paper money. Also disclosed is a system for open electronic commerce having a customer trusted agent securely communicating with a first money module, and a merchant trusted agent securely communicating with a second money module. Both trusted agents are capable of establishing a first cryptographically secure session, and both money modules are capable of establishing a second cryptographically secure session. The merchant trusted agent transfers electronic merchandise to the customer trusted agent, and the first money module transfers electronic money to the second money module. The money modules inform their trusted agents of the successful completion of payment, and the customer may use the purchased electronic merchandise.

Abstract: The proof is provided by means of the following parameters: a public module n formed by the product of f prime factors pi, f>2; a public superscript v; m base numbers gi, m>1. The base numbers gi are such that the two equations: x2?gi mod n and x2??gi mod n cannot de solved in x in the ring of integers modulo n, and such that the equation xv?gi2 mod n can be solved in x in the ring of integers modulo n in the case where the public superscript v is in the form v=2k, wherein k is a security parameter.