Abstract: A mobile terminal includes a near-field communication device capable of performing near-field wireless communication with an external device, and a controller configured to instruct the external device or the near-field communication device to execute a command. The near-field communication device has a storage unit, a first mutual authentication unit for authenticating the controller and for requesting the controller to authenticate the near-field communication device, a first communication key setting unit for setting a first communication key, a second mutual authentication unit for authenticating the external device and for requesting the external device to authenticate the near-field communication device, and a second communication key setting unit for setting a second communication key.

Abstract: Systems and methods for processing encoded messages within a wireless communications system are disclosed. A server within the wireless communications system performs signature verification of an encoded message and provides, together with the message, an indication to the mobile device that the message has been verified. In addition, the server provides supplemental information, such as, for example, a hash of the certificate or certificate chain used to verify the message, to the device, to enable the device to perform additional checks on the certificate, such as, for example, validity checks, trust checks, strength checks, or the like.

Abstract: A method for producing an electro-biometric signature allowing legal interaction between and the identification of persons utilizing biometric features. The method includes inputting a user's biometric features in a pre-determined sequence and checking that no feature is entered repeatedly.

Abstract: A method for controlling wireless communications to and from a macro wireless network includes provoking an access request from a wireless device to register the device with an intelligent network access controller for a local wireless network. The method then includes locking the wireless device to the controller and determining a category of the wireless device. If the determined category of the wireless device is a first category, the method includes preventing access to wireless communications using the macro wireless network. If the determined category of the wireless device is a second category, the method includes directing the wireless device to re-attempt access with the macro wireless network.

Abstract: A system, methods and devices for the secure notification of an identity in a communications network. The methods include sending or receiving a communication including a hash of a certificate of a device to notify or detect the presence of the device in a network. Each certificate is associated with an identity which is excluded from the communication of the hash of the certificate. The received hash is compared to hashes of certificates stored in an electronic device to determine an identity. The identity may represent an electronic device or a user of the electronic device.

Abstract: An intermediary system that facilitates a connection request from a client to a server. The intermediary system may participate in either or both of a token creation phase and a server connection phase. If participating in the token creation phase, the intermediary system generates a token that may later be used by the client during a server connection phase. The token includes a session identifier and is returned to the client. If participating in the server connection phase, the intermediary receives the token, extracts the session identifier from the token, and compares against the session identifier for the session in which the token was created. If the session identifiers match, then the intermediary connects to the server to complete the connection request.

Abstract: Method and apparatus for generating cryptographic credentials certifying user attributes and making cryptographic proofs about attributes encoded in such credentials. Attributes are encoded as prime numbers E in accordance with a predetermined mapping and a cryptographic credential is generated encoding E. To prove that an attribute encoded in a cryptographic credential associated with a proving module of the system is a member of a predetermined set of user attributes, without revealing the attribute in question, the proving module determines the product Q of respective prime numbers corresponding to the attributes in the set in accordance with the predetermined mapping of attributes to prime numbers. The proving module demonstrates to the receiving module possession of a cryptographic credential encoding a secret value that is the prime number E, and then whether this secret value divides the product value Q.

Abstract: A method for issuing a digital residence certificate using a module associated with a counter. Data from the counter are continuously monitored, whereby the data are read and a consistency test is performed on the basis of a predetermined criterion. In addition, after receiving a residence certificate request, a decision is made as to whether or not the request should be fulfilled, based on the results of the continuous data monitoring.

Abstract: The invention relates to a method for reading at least one attribute stored in an ID token (106, 106?) using first (136), second (150) and third (100) computer systems, wherein the third computer system comprises a browser (112) and a client (113), and wherein a service certificate (144) is assigned to the second computer system, wherein the service certificate comprises an identifier which is used to identify the second computer system, wherein the ID token is assigned to a user (102), having the following steps: —a first cryptographically protected connection (TLS1) is set up between the browser of the third computer system and the second computer system, wherein the third computer system receives a first certificate (176), —the first certificate is stored by the third computer system, —the third computer system receives a signed attribute specification (182) via the first connection, —a second cryptographically protected connection (TLS2) is set up between the browser of the third computer system and the f

Abstract: Embodiments of the present invention provide a method and system, including a client and security token, for reducing a size of a security-related object stored in the token. The object is stored in a storage structure that is indexed according to an identity reference to a certificate associated with the object and a private key identifier identifying a private key assigned to an owner of the token. A request to access an encrypted data object results in accessing the private key identifier in the storage structure using only the identity reference as an index.

Abstract: A method and apparatus for secure multimedia transfer provides an encrypted data transfer system that makes transferring multimedia content from a client to any incompatible system or to a system outside the location of the client very difficult.

Abstract: A valid duration period for a digital certificate is established by a process that includes assigning numeric values to certificate term. The numeric value assigned to each certificate term is representative of the valid duration period. The method continues by identifying one certificate term, which may include requesting a user to select a certificate term. The method may include transmitting the requested certificate term to a server. The certificate term requested is sent via a certificate request. The server is configured to convert the numeric value associated with the requested certificate term into a duration counter value. The method may also include a certificate server receiving from the server, the certificate request including the duration counter value. The method may conclude with transmitting the signed certificate request to a client device capable of generating the digital certificate with the requested certificate term.

Abstract: A relying party obtains a certificate of a certificate subject and acquires a status information object for the certificate. The relying party validates the certificate using information in the status information object and compares authorization attributes present in the status information object with policy attributes associated with the requested service. A policy attribute is a set of constraints used by the relying party to determine if the authorization attributes associated with the certificate subject are sufficient to allow the certificate subject to access the requested service. If the authorization attributes present in the status information object match the policy attributes associated with the requested service, the relying party may grant the certificate subject access to the requested service.

Abstract: User interface generation in view of constraints of a certificate profile is described.

Abstract: Systems, methods and apparatus for a distributed security that provides authentication and authorization management. The system can include an epoch processor that is used to validate authentication and authorization data that is valid only for an epoch. The epoch processor can maintain a public key that can be used to decrypt the authentication and authorization data during the epoch that the key is valid. The epoch processor can receive a new public key during each epoch. The epoch processor can also determine if the authentication or authorization data was fraudulently generated based on the contents of the data, and verifying whether the data is valid for the epoch in which it was decrypted.

Abstract: A communication apparatus includes: a first storage unit storing a received electronic mail; a verification unit executing a first verification about an electronic signature attached to the received electronic mail; a printing unit printing the received electronic mail if a verification result of the first verification is positive; a deletion unit deleting the printed electronic mail from the first storage unit; and a storage control unit controlling a second storage unit to store the mail information about the received electronic mail in the second storage unit if the verification result of the first verification is negative. The verification unit again executes the first verification about a specific electronic signature attached to a specific electronic mail which mail information is stored in the second storage unit. The printing unit prints the specific electronic mail if a verification result by again executing the first verification about the specific electronic signature is positive.

Abstract: Provided is a tampering monitoring system that can identify a monitoring module that has been tampered with among a plurality of monitoring modules. A management apparatus is provided with an acquisition unit that acquires a new monitoring module that has not been tampered with, a generation unit that generates a decoy monitoring module by modifying the acquired monitoring module, a transmission unit that transmits the decoy monitoring module to the information security device and causes the information security device to install the decoy monitoring module therein, a reception unit that receives from the information security device, after the decoy monitoring module has been installed, monitoring results generated by the monitoring modules monitoring other monitoring modules, and a determination unit that identifies, by referring to the received monitoring results, a monitoring module that determines the decoy monitoring module to be valid and determines the identified monitoring module to be invalid.

Abstract: A system and method are provided for controlling access to resources and facilitating correction of access issues. A two-factor authentication method comprises: receiving a credential associated with a connection request, determining a resource identifier associated with the connection request, identifying a user associated with the resource identifier, determining whether the received credential is valid for the identified user, and, responsive to a determination that the credential is not valid for that user, denying access to resources associated with the resource identifier and communicating information regarding the failure to the identified user.

Abstract: A public key infrastructure comprising a participant that issues digital certificates. Each digital certificate can be relied upon in at least two different trust domains. The public key infrastructure does not employ policy mapping between or among the trust domains. Furthermore, the public key infrastructure does not link any pair of trust domains via cross-certificates. Just one trust domain is bound to the digital certificate at any given moment. The current trust domain that is to be bound to the digital certificate is elected by a relying party at the time of reliance, based upon a specific certificate validation methodology selected by the relying party.

Abstract: A system and method for verifying ownership of an electronic receipt in a communication system providing a public key infrastructure, the verification arising out of a series of messages being sent and received between a first party and a verifying party, the method comprising the steps of receiving a proof message from the first party, the proof message being derived from at least a first public key based on a secret owned by the first party and wherein the secret is associated with at least the secret of a further public key of the first party and an electronic receipt that has been issued by electronically signing a request message with a second public key, determining whether or not the proof message was derived from the second public key.

Abstract: A method and system for server-side key generation for non-token clients is described.

Abstract: The present invention provides system and method for providing certified voice and/or multimedia mail messages in a broadband signed communication system which uses packetized digital information. Cryptography is used to authenticate a message that has been compiled from streaming voice or multimedia packets. A certificate of the originator's identity and electronic signature authenticates the message. A broadband communication system user may be provisioned for certified voice and/or multimedia mail by registering with a certified mail service provider and thereby receiving certification. The called system user's CPE electronically signs the bits in received communication packets and returns the message with an electronic signature of the called system user to the calling party, along with the system user's certificate obtained from the service provider/certifying authority during registration. The electronic signature is a cryptographic key of the called party.

Abstract: Providing for employing a real time firewall to secure components of an automation control network from unauthorized communication to or from such components is disclosed herein. A monitoring component can inspect at least a portion of an instance of communication directed toward or originating from a component of the automation control network. Such inspection can, e.g., be a deep packet inspection based on information received from a communication request and/or response protocol. A filtering component can selectively admit or deny propagation of the instance of communication based on the inspection and a predetermined security criterion. In such a manner, the subject innovation can provide for limited access to network components from office network machines and for securing components of an automation control network from influence by unauthorized entities.

Abstract: There is disclosed a method in a communications system for enabling authentication of a sender device and a receiver device in the communication system, wherein the sender device is associated with a self-generated first identity and a first master device, the receiver device is associated with a self-generated second identity and a second master device and wherein the authentication is enabled by utilizing the first master device and the second master device for the sender device and the receiver device to verify the identities of each other. In one embodiment, both the sender device and the receiver device are also associated with a third device ant the third device is used in addition to the master devices for verifying said identities. There is also disclosed a method In a sender device, a method in a receiver device, a method in a third device, a sender device, a receiver device, a third device, and a computer program product for the same.

Abstract: Systems, methods, and computer-readable media provide a requesting device with access to a service. In one implementation, a server stores a token decryption key for validating an encrypted token. The server receives the encrypted token and a digital signature generated using a signature creation key from a client device, and decrypts the token with the token decryption key. The server extracts a signature validation key from the token, and validates the digital signature using the signature validation data. The system provides the client device with access to the service, based on whether the digital signature is validated.

Abstract: A method and a device of verifying the validity a digital signature based on biometric data. A verifier attains a first biometric template of the individual to be verified, for instance by having the individual provide her fingerprint via an appropriate sensor device. Then, the verifier receives a digital signature and a second biometric template. The verifier then verifies the digital signature by using either the first or the second biometric template as a public key. The attained (first) biometric template of the individual is compared with the received (second) biometric template associated with the signature and if a match occurs, the verifier can be confident that the digital signature and the associated (second) biometric template have not been manipulated by an attacker for impersonation purposes.

Abstract: A computerized wagering game system includes a gaming module comprising gaming code which is operable when executed on to conduct a wagering game on which monetary value can be wagered, and a security module operable to perform at least one encryption function on information communicated via a network connection. The encryption functions include in various embodiments key management, authentication, or other encryption functions such as symmetric, asymmetric, hash, or message authentication code functions.

Abstract: A method begins by a dispersed storage (DS) processing module generating a certificate signing request (CSR) that includes a certificate and a certificate extension, wherein the certificate includes information regarding a requesting device and wherein the certificate extension includes information regarding an accessible dispersed storage network (DSN) address range for the requesting device. The method continues with the DS processing module outputting the CSR to a certificate authority of a DSN and receiving a signed certificate from the certificate authority, wherein the signed certificate includes a certification signature of the certificate authority authenticating the certificate and the certificate extension. The method continues with the DS processing module storing the signed certificate for use when generating a DSN access request, wherein the DSN access request is requesting access to dispersed storage error encoded data in the DSN at an address within the accessible DSN address range.

Abstract: A system and a method for providing a personalized biometric identification system to facilitate in securing critical transactions have been disclosed. The system includes a server which captures pre-designated biometric prints of a user, personalizes them and registers them on a bio print reader, owned by the user, over a unidirectional non-Internet based channel. The system overcomes the challenges involved in employing biometrics as a part of non-repudiation process for authorizing Internet based critical transactions for multiple entities by assuring the safety of the biometric prints of the users and eliminating additional hardware requirements.

Abstract: A system that incorporates teachings of the present disclosure may include, for example, a set-top-box having a controller to transmit a request to a remote management server for status information associated with a x.509 certificate intended for the STB, and receive the status information associated with the x.509 certificate from the remote management server, where events associated with the status information are received by the remote management server from at least one of the STB, a certificates proxy, an external certificate web service, and a certificate authority, and where the status information comprises at least a portion of the received events. Other embodiments are disclosed.

Abstract: A method and system for generating identity certificates. The method may include receiving a user request to activate a network appliance, and causing a network appliance identifier and a transaction identifier of an activation transaction associated with the user request to be transmitted to the network appliance. A certificate signing request (CSR) and the transaction identifier may be received from the network appliance, the CSR including the network appliance identifier. A certificate may be generated for the network appliance if the activation transaction is valid.

Abstract: A method for assembling authorization certificate chains among an authorizer, a client, and a third party allows the client to retain control over third party access. The client stores a first certificate from the authorizer providing access to a protected resource and delegates some or all of the privileges in the first certificate to the third party in a second certificate. The client stores a universal resource identifier (URI) associated with both the first certificate and the third party and provides the second certificate and the URI to the third party. The third party requests access to the protected resource by providing the second certificate and the URI, without knowledge or possession of the first certificate. When the authorizer accesses the URI, the client provides the first certificate to the authorizer, so that the client retains control over the third party's access.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for providing confidential structured data. In one aspect, a method includes creating a first data structure instance according to a protocol for creating structured and extensible data structures. The first data structure instance is serialized. The serialized first data structure instance is encrypted. A second data structure instance is created according to the protocol. The second data structure instance contains the encrypted and serialized first data structure instance. The second data structure instance is serialized.

Abstract: Managing digital rights of contents and services streamed to a client device, including: receiving and validating a certificate from the client device; enabling the client device to log into and communicate with a server using a secure protocol to establish a private relationship between the client device and the server; and transmitting a resource identifier to the client device using the secure protocol when the private relationship is established.

Abstract: A dummy debugger program is installed within the user computer system. The dummy program is registered with the operating system as a debugger and may also be registered as a system service as if it is a kernel mode debugger. The dummy debugger program may have the name of a popular debugging program. Dummy registry keys are created that are typically used by a debugger to make it appear as if a debugger is present within the operating system of the user computer. Dummy program folders or dummy program names are created to make it appear as if a debugger is present within the operating system of the user computer. API calls are intercepted by using API hooks and modified to always return a meaningful value indicating that a debugger is present. Malware performing any checks to see if a debugger is present will be informed that a debugger is present and will then shutdown, sleep, terminate, etc.

Abstract: The present invention relates to a method and a device for ensuring information integrity and non-repudiation over time. A basic idea of the present invention is to provide a mechanism for secure distribution of information, which information relates to an instance in time when usage of cryptographic key pairs associated with a certain brand identity commenced, as well as when the key pairs ceased to be used, i.e. when the key pairs were revoked. The mechanism further allows a company or an organization to tie administration of cryptographic key pairs and a procedure for verifying information integrity and non-repudiation to their own brand. This can be seen as a complement or an alternative to using a certificate authority (CA) as a trusted third party, which CA guarantees an alleged relation between a public key and the identity of the company or organization using the cryptographic key pair to which that public key belongs.

Abstract: A method and system for checking a revocation status of a biometric reference template previously generated for an individual. A hash value of the biometric reference template is computed. A reference template revocation object for the biometric reference template is created, which includes inserting into the reference template revocation object: (i) a location for checking the revocation status of the biometric reference template and (ii) a unique biometric reference template identifier that uniquely identifies the biometric reference template. The revocation status of the biometric reference template is ascertained through use of the reference template revocation object. The ascertained revocation status of the biometric reference template is returned to a relying party that had requested the status of the biometric reference template.

Abstract: The proposed method relates to methods for obtaining, storage, and exchange of digital information, including replication and distribution of software, more specifically, to methods for producing and storage of digital certificates and replication of software therefor. The proposed method will find useful application for safe storage and transmitting various data, e.g. personal data, electronic funds, and, also for replication and distribution of software. Comparing with all known related art methods, the present method is characterized with an essentially increased level of protection of storage and transmission of digital information and replication of software due to affirmation of the digital certificate in authorized entities, due to the employment of consolidated certificates, as well as due to the enhancement of authenticity of information transmission with the use of electronic digital signatures.

Abstract: The present inventions provide an integrated, modular array of administrative and support services for electronic commerce and electronic rights and transaction management. These administrative and support services supply a secure foundation for conducting financial management, rights management, certificate authority, rules clearing, usage clearing, secure directory services, and other transaction related capabilities functioning over a vast electronic network such as the Internet and/or over organization internal Intranets. These administrative and support services can be adapted to the specific needs of electronic commerce value chains. Electronic commerce participants can use these administrative and support services to support their interests, and can shape and reuse these services in response to competitive business realities. A Distributed Commerce Utility having a secure, programmable, distributed architecture provides administrative and support services.

Abstract: The subject matter disclosed herein relates to a method and/or system for enabling access to media content using different digital rights management formats.

Abstract: Embodiments are directed towards providing interoperability by establishing a trust relationship between a provider of a media player usable by a consumer and a content provider. A trust relationship is verified through using a public-private key certification authority. When a request for content is received from a consumer, the request might indicate what content protection mechanisms are available in the consumer's device. When a trust relationship is determined to exist between the content provider and the media player providers, the content provider encrypts a license separately for each of a plurality of different content protection mechanisms available at the consumer's device. The encrypted licenses are provided to the consumer's device, where the media player may be selected to play the content based on a self integrity check the media player may perform, and its ability to use a private key associated with a corresponding public key to decrypt the license.

Abstract: A method and device for confirming authenticity of a public key infrastructure (PKI) transaction event between a relying node and a subject node in a communication network enables improved network security. According to some embodiments, the method includes establishing at a PKI event logging (PEL) server a process to achieve secure communications with the relying node (step 705). Next, the PEL server processes reported PKI transaction event data received from the relying node (step 710). The reported PKI transaction event data describe the PKI transaction event between the relying node and the subject node. The reported PKI transaction event data are then transmitted from the PEL server to the subject node (step 715). The subject node can thus compare the reported PKI transaction event data with corresponding local PKI transaction event data to confirm the authenticity of the PKI transaction event.

Abstract: In one example, a method for promoting learned discourse in online forums includes posting forum content on a forum server and providing access to users to the content through an I/O module. The method further includes receiving a comment from a user and analyzing the comment from the user to produce an a priori score for the comment. A portable certificate of status is accepted from the user and used to produce a posteriori score for the comment. A system for promoting learned discourse in online forms is also disclosed.

Abstract: Provided is a key generation apparatus that generates, based on a generated random number, quantum gates Ui, L and R corresponding respectively to m types of unitary operations Ui corresponding to n qubits and two types of unitary operations L and R corresponding to m qubits, generates a quantum gate CU whose control is enabled such that operation of the quantum gate Ui is controlled according to an input state of the m qubits, generates a quantum gate G by adding the quantum gates L and R to the quantum gate CU, generates a public key P by obfuscating the quantum gate G, generates a quantum gate CU† and a quantum gate R*, and generates a private key S by connecting the quantum gate CU† and the quantum gate R*.

Abstract: Devices located on a back end of a web application in a private cloud may establish secure communications to other back end devices or client devices with a secure boot device integrated in the back end device. The secure boot device enables the back end component to cryptographically split data and encrypt data for transmission to other devices through a secure communications link. The secure communications link may improve security on private cloud networks. Further the secure communications link may improve security to allow back end devices to be located remote to other back end devices.

Abstract: The present invention discloses a method for implement real time data service and a real time data service system. After starting to forward data messages to an accessed user terminal, an access point (AP) of the real time data service system verifies the user terminal, and continues forwarding the data messages to the user terminal after the verification is successful.

Abstract: A method for installing embedded firmware is provided. The method includes generating one or more firmware file instances and generating one or more digital certificate instances that are separate instances from the firmware file instances. The method includes associating the one or more digital certificate instances with the one or more firmware file instances to facilitate updating signature-unaware modules with signature-aware firmware or to facilitate updating signature-aware modules with signature-unaware firmware.

Abstract: An information processing apparatus includes: a storage unit that stores a tree structure formed by nodes, each of which is stores identification information identifying a document; and a registration unit that registers documents in the storage unit. The registration unit receives a document including identification information identifying the document and a word set and a key, registers the identification information in a leaf node in the tree structure, and calculates a secure index corresponding to identification information registered in each node from a root node to the leaf node in the tree structure based on the word set and the key. In addition, the registration unit generates a value calculated by adding the calculated secure index as a search index for the document and stores a value calculated by adding a search index generated for each of a plurality of received documents as a search index for the plurality of documents in the storage unit.

Abstract: In one embodiment, the invention provides a portable wireless personal communication system for cooperating with a remote certification authority to employ time variable secure key information pursuant to a predetermined encryption algorithm to facilitate convenient, secure encrypted communication. The disclosed system includes a wireless handset, such as PDA, smartphone, cellular telephone or the like, characterized by a relatively robust data processing capability and a body mounted key generating component which is adapted to be mounted on an individual's body, in a permanent or semi-permanent manner, for wirelessly broadcasting, within the immediate proximity of the individual, a secret or private key identifying signal corresponding to a time variable secure key information under the control of the certification authority.

Abstract: A computer including at least two processors is used to preferably perform a secure data communication. Data containing a processor ID identifying one of the at least two processors provided for a first computer (computer 31) is transmitted from the first computer to a second computer (a node at the other party) (S91, S92). The second computer returns data containing the processor ID contained in the data transmitted in S91 and S92 and a public key certificate relating to the second computer. The first computer receives the data returned from the second computer, acquires, from the received data, the processor ID contained therein, and causes a processor (SPE1), which is identified by the processor ID, to process the received data. At this moment, the processing of the data is restricted according to a content of the public key certificate contained in the received data.