Abstract: An image sensor apparatus is disclosed. The image sensor apparatus includes an image sensor for generating image data in a pixel array corresponding to an optical image. A processor alters the image data to embed a feature-dependent code associated with a feature of the image data in a feature-dependent location in the pixel array and generate a digital image from the altered image data.

Abstract: A system and method of providing a platform trust extension for an information handling system is disclosed herein. The platform trust extension receives a notification that an application is selected for installation or execution on an information handling system. The identify of the application or the source of the application is identified based upon a signature of the application. The platform trust extension determines whether the application or the source of the application is semi-trusted based upon the signature of the application. If the application is semi-trusted, the platform trust extension permits the application to run at an additional trust level.

Abstract: Active content is deterministically rendered in a stable format that is independent of any particular targeted environment, which the active content may subsequently be rendered to. Environmental and dynamic dependencies are removed from a specification associated with the active content for purposes of producing a stable and consistent specification for the active content. The stable and static specification is used to subsequently render the active content into the stable format for any targeted or desired environment.

Abstract: A service provider manages access control to multiple services through an authentication system. One or more services are able to fulfill requests at least in part by submitting requests to other services of the service provider. Such a service is able to obtain, from the authentication system, information that can be passed on to one or more other services to enable the one or more other services to determine request validity without having to contact the authentication system. The information may include, for example, one or more responses that the one or more other services would have received had the one or more services contacted the authentication system themselves.

Abstract: A computing device includes technologies for securing return addresses that are used by a processor to control the flow of execution of a program. The computing device uses a cryptographic algorithm to provide security for a return address in a manner that binds the return address to a location in a stack.

Abstract: A method for detecting a payload embedded using watermarking in a content stream, the payload being different in a first and a second segment of the content stream, a payload in the second segment having a predetermined relationship with a payload in the first segment, is described. The method selects a point in the content stream where the first segment is likely to end and the second segment to being, samples the stream to obtain a first set of samples that is before the chosen point and a second set of samples that is after the chosen point, and detects the payload on a combination of the first set and a transformation of the second set, where the transformation is based on the assumption that the second set is from the second segment and exploits the relationship that exists between the payloads in the first and second segments.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for performing speaker identification. In some implementations, an utterance vector that is derived from an utterance is obtained. Hash values are determined for the utterance vector according to multiple different hash functions. A set of speaker vectors from a plurality of hash tables is determined using the hash values, where each speaker vector was derived from one or more utterances of a respective speaker. The speaker vectors in the set are compared with the utterance vector. A speaker vector is selected based on comparing the speaker vectors in the set with the utterance vector.

Abstract: The present invention provides a system and method for tagging digital documents. A method for creating digitally tagged documents includes creating a data template for a digital document, assigning signature locations and data fields in the data template, and linking the template instructions with the digital document. A system for creating digitally tagged documents includes a processor; a display; and a memory containing stored programming instructions operable by the processor to create a data template for a digital document, assign signature locations and data fields in the data template, and link template instructions with the digital document.

Abstract: Provided is a content distribution method which allows a source device to safely distribute copyrighted content to a sink device in response to a request from the sink device as a trigger. The content distribution method includes a list transmission step S11, a content request step S12, and a content transfer step S13. In S11, a source device transmits metadata which includes a format identifier indicating that content is distributable under the specification of the HDCP and the URL of the content. In S12, a sink device makes a request for content identified by the URL after adding information necessary for authentication processing to the request. In S13, the source device creates an encryption key by performing the authentication processing on the sink device in accordance with the information necessary for the authentication processing, encrypts the content using the encryption key, and transfers the encrypted content to the sink device.

Abstract: Innovations for quantum key management harness quantum communications to form a cryptography system within a public key infrastructure framework. In example implementations, the quantum key management innovations combine quantum key distribution and a quantum identification protocol with a Merkle signature scheme (using Winternitz one-time digital signatures or other one-time digital signatures, and Merkle hash trees) to constitute a cryptography system. More generally, the quantum key management innovations combine quantum key distribution and a quantum identification protocol with a hash-based signature scheme. This provides a secure way to identify, authenticate, verify, and exchange secret cryptographic keys.

Abstract: Methods and systems to identify video content based on video fingerprint matching are described. In some example embodiments, the methods and systems generate a query fingerprint of a frame of video content captured at a client device, query a database of reference fingerprints, determine the query fingerprint of the frame of captured video content matches a reference fingerprint, and identify the video content based on the match of fingerprints.

Abstract: Embodiments of the present invention provide an approach to repair vulnerabilities (e.g., security vulnerabilities) in images (e.g., application images) in a networked computing environment (e.g., a cloud computing environment). Specifically, an image is checked for vulnerabilities using a database of known images and/or vulnerabilities. If a vulnerability is found, a flexible/elastic firewall is established around the image so as to isolate the vulnerability. Once the firewall has been put in place, the vulnerability can be repaired by a variety of means such as upgrading the image, quarantining the image, discarding the image, and/or generating a new image. Once the image has been repaired, the firewall can be removed.

Abstract: A multiple encryption mechanism is described. In an embodiment, an encrypted electronic message and a first decryption key of a public-private key group is received. The first decryption key is operable to decrypt a set of properties for the encrypted electronic message without decrypting the encrypted electronic message. The encrypted electronic message and the set of message properties are encrypted using one or more encryption keys of the public-private key group. The set of properties for the encrypted electronic message is decrypted using the first decryption key. Using the decrypted set of properties, it is determined whether the encrypted electronic message should be flagged as a specified type of electronic message.

Abstract: A mechanism is provided in a data processing system comprising at least one processor and a memory comprising instructions which, when executed by the at least one processor, causes the at least one processor to train a similar passage cognitive system. The mechanism receives a question and answer key for a question answering cognitive system, the question and answer key comprising a list of question and answer specification pairs. Each question is a text string and each answer specification references one or more text passages from a corpus of information. The mechanism uses the question and answer key to generate a similar passage map for the similar passage cognitive system, the similar passage map comprising a list of text relation pairs. Each text relation pair comprises a sample input text component and a list comprising one or more sample output text components. The mechanism trains a similar passage machine learning model of the similar passage cognitive system using the similar passage map.

Abstract: Provided is an information processing apparatus including a message generating unit that generates a message based on a multi-order multivariate polynomial set F=(f1, . . . , fm) defined on a ring K and a vector s that is an element of a set Kn, a message providing unit that provides the message to a verifier holding the multi-order multivariate polynomial set F and a vector y=(y1, . . . , ym)=(f1(s), . . . , fm(s)), and a response providing unit that provides the verifier with response information corresponding to a verification pattern selected by the verifier from among k (where k?3) verification patterns. The vector s is a secret key. The multi-order multivariate polynomial set F and the vector y are public keys. The message is information obtained by performing an operation prepared for a verification pattern corresponding to the response information in advance using the public keys and the response information.

Abstract: A system for exposing data stored in a cloud computing system to a content delivery network provider includes a database configured to receive and store metadata about the data, the database being implemented in the cloud computing system to store configuration metadata for the data related to the content delivery network, and an origin server configured to receive requests for the data from the content delivery network provider, and configured to provide the data to the content delivery network provider based on the metadata.

Abstract: A method and apparatus for trusted authentication and logon is disclosed. A trusted platform module (TPM) based logon method is presented for authentication and access. A user registers an identity with an identity provider that is tightly bound to the user's specific platform, e.g., the TPM. If the user decides to login, for example to a service provider using this identity, the identity provider challenges the user to provide the correct credentials. The credentials consist of a TPM generated ticket, that is, a credential chain. This allows the user to login without the need for a password at the identity provider.

Abstract: An embodiment of the invention includes a computer implemented method for monitoring construction. The method may include receiving information about a construction project. The received information may include information about construction milestones and schedule information about the construction milestones. The information may include graphical data related to the construction milestones and the schedule information. Information about the location of a computing device may be received. Based on the location information and the information about the construction project, a graphical display user-interface may be prepared. In an embodiment of the invention, the display may include a visual representation of expected progress of the project. The display may include information about expected activity related to the project for a period of time.

Abstract: A method for secure distribution of data in an interchange network, comprises having a network in which data records stored on at least one computer; and including an authorization service, where the authorization service grants a contractor access to at least a portion of the data records; and a watermarking module that adds one or more artificial records to said portion. The artificial records cannot be distinguished from the data records by the contractor and are valid for processing in the same way as the data records.

Abstract: The present invention is a system and method for digital watermarking, which discloses a system for digital watermarking, to add a watermark to an audio signal generated by a signal source. The system comprises: a spectrum modulator configured to perform spectrum modulation to a watermark bit and a pseudo noise signal to be embedded into the audio signal to generate a modulated signal; a distortion controller coupled to the signal source and the spectrum modulator and configured to shape the modulated signal based on the audio signal, so as to generate a shaped signal satisfying a predetermined distortion constraint; and an interference compensator coupled to the signal source and the distortion controller and configured to generate a compensation signal based on the audio signal, the pseudo noise signal, and the shaped signal, wherein the compensation signal is for compensating for interference to watermark decoding caused by the audio signal.

Abstract: Facilities are provided herein for authenticating a user to use a processing device. A user predefines authenticators of one or more types and associates these with graphical images. Upon on attempt to activate the processing device, a graphical image, of the graphical images, is selected for presentation to the user. The selected graphical image is presented to the user, who then provides input to authenticate with the device. A determination is made as to whether the user is authenticated to use the device. The determination is made based on input received from the user and based further on the authenticator associated with the selected graphical image. Varying the selection of image(s), each associated with a predefined authenticator and authentication type, enables variability in the authenticator that is suitable for unlocking a device at a given time, providing greater security to the authentication process.

Abstract: A method and apparatus for accessing a computer resource, wherein, during a first access sequence, the computer resource receives credentials of a user from a device the user is using to access the computer resource, encrypts the credentials using at least a first credentials key stores the encrypted credentials, communicates the first credentials key to a connection broker or to the device, and purges the first credentials key. The computer resource, during a subsequent access sequence, receives the first credentials key, decrypts the encrypted credentials using the first credentials key, and purges the first credentials key. The computer resource authenticates the user using the credentials and purges the credentials after the user is authenticated and enables the device to access the computer resource following the authentication of the user.

Abstract: According to an embodiment, an authentication device includes an acquiring unit, a predicting unit, and an authenticating unit. The acquiring unit is configured to acquire performance information of a first device that is a device to be authenticated. The predicting unit is configured to predict performance information of a second device that is a device being a reference for authentication according to a change with time from initial performance information. The authenticating unit is configured to perform an authentication process of determining whether or not the first device falls into the second device on a basis of a degree of agreement between the performance information acquired by the acquiring unit and the performance information predicted by the predicting unit.

Abstract: The invention dynamically obscures network and transport layer addresses of packets to achieve anonymity, including authentication privacy, as well as protection against tracking and traffic correlation and certain classes of network attacks by combining both intrusion protection with anonymity, avoiding the use of a separate management unit outside the host for distribution of obscured addresses. The invention enables a host to automatically configure obscured addresses and determine the obscured address of the intended recipient without outside involvement, computing addresses based on a set of parameters, and to operate without re-authentication whenever an address changes. The invention enables encryption of the packet payload to prevent traffic correlation. The technology of the invention can be implemented embedded on a host device or as a connected gateway device and requires negligible configuration and is therefore transparent to hosts.

Abstract: There is provided a method and apparatus for displaying a watermark on a screen. According to the present invention, when an application is executed or a document is opened by a user's manipulation, it is determined whether a watermark is displayed based on a message generated from an operating system and screen watermark display policies, and when it is determined that the watermark is displayed, the watermark is displayed on a screen. According to the present invention, when the watermark is displayed on a screen, it is possible to provide a user with notification that corresponding content is important content or confidential content. Even when the screen is captured or is imaged using a camera, the watermark is displayed in the captured image or the imaged video. Therefore, it is possible to identify that the corresponding content is important content or confidential content. As a result, it is possible to increase user awareness of security.

Abstract: A computing machine creates a temporary certificate authority (CA) hosted locally by the computing machine, creates a service certificate for a local service being hosted by the computing machine, and signs the service certificate using a private key of the temporary CA. The private key is stored locally on the computing machine. The computing machine removes signing authority of the temporary CA, and provides the service certificate to the local service.

Abstract: A near field communication reader device is provided including a transmitter to transmit a request to a near field communication tag device; wherein the request is formed according to a predetermined format including an identifier section for carrying a request identifier; a receiver to receive a response from the near field communication tag device; wherein the response is formed based on the request according to the predetermined format including the identifier section for carrying a response identifier; and a processor to generate the request identifier, to compare the request identifier with the response identifier and to accept the response as a valid response if the response identifier is different from the request identifier. A corresponding near field communication tag device, a near field communication system and a near field communication method are provided as well.

Abstract: Aspects of the present invention relate to methods and systems for controlling the distribution of supplementary content by generating a first control signal when known content is initially detected in a broadcast stream, and after generating the first control signal, generating a second control signal when the detected content is no longer detected in the broadcast stream. The first and second control signals may be used to control the distribution of supplementary content.

Abstract: An electronic device that communicates input messages and output messages with another electronic device using a Bluetooth Low Energy communication protocol is described. In particular, the electronic device receives input messages using a predefined characteristic to convey input information associated with a set of input attribute types. A given input message includes one or more input-command characters specifying a given input attribute type in the set of input attribute types and, optionally, an input delimiter and an input value in an input argument associated with the given input attribute type. Moreover, the electronic device provides output messages using the predefined characteristic to convey output information associated with a set of output attribute types. A given output message includes one or more output-command characters specifying a given output attribute type in the set of output attribute types. In this way, the predefined characteristic can be repurposed to convey other attribute types.

Abstract: A method, computer program product, and computing device for obtaining an uncompressed digital media data file. One or more default watermarks is inserted into the uncompressed digital media data file to form a watermarked uncompressed digital media data file. The watermarked uncompressed digital media data file is compressed to form a first watermarked compressed digital media data file. The first watermarked compressed media data file is stored on a storage device. The first watermarked compressed media data file is retrieved from the storage device. The first watermarked compressed digital media data file is modified to associate the first watermarked compressed digital media data file with a transaction identifier to form a second watermarked compressed digital media data file.

Abstract: A method for verifying the integrity of platform software of an electronic device is provided, the method comprising accessing a module of said platform software, obtaining a signature (S), obtaining a verification key (VK), said verification key (VK) corresponding to a signing key (SK), verifying if said signature (S) was derived by signing said platform software module with said signing key (SK), by using said verification key (VK), and establishing a positive verification of said platform software module if said verification is successful. The invention also provides a method for providing a platform software module to perform the aforementioned method, and a device on which the aforementioned method can be performed.

Abstract: Disclosed are a display apparatus and a method for preventing divulgence of image data thereof which may prevent image information including image data photographed by a camera of the display apparatus from being divulged by hacking, etc. The display apparatus includes a camera which captures an image; a display which displays the image thereon based on image data captured by the camera; a communicator which communicates with an outside of the apparatus through an Internet; and a controller which transmits image information including the image data captured by the camera, in the form of a transmission packet including the image data and a detection mark or indicator capable of detecting or indicating that the image data is to be transmitted to the outside, when the image information is to be transmitted to the outside through the communicator.

Abstract: A method includes transmitting initialization data including an error correction code and a matrix. The method also includes receiving registration data including a transformed registration biometric template, a registration user identifier, and a hashed registration code. The transformed registration biometric template may be determined based on a registration code word selected from the error correction code. The hashed registration code word may be determined by hashing the registration code word using the matrix. The registration user identifier may be associated with a first user described by the transformed registration biometric template.

Abstract: In an example embodiment, a virtual private network (VPN) connection is established between a client device and an authentication service. Then a request is received from a third-party application on the client device, with the request being for a third-party service. A log-in page is requested from the third-party service, with the log-in page including one or more log-in fields usable to enter credential information. The log-in page is then modified to hide the one or more log-in fields. Credentials corresponding to a user of the client device and also corresponding to the third-party service are then obtained. The modified log-in page is sent to the client device via the VPN connection. A log-in submission is received from the third-party application. The credentials corresponding to the user and to the third-party service are sent to the third-party service to log-in the user to the third-party service.

Abstract: An audio device comprises a processor, an audio processing module, a high frequency noise generating circuit, a first switch control circuit, a second switch control circuit, a low pass filter circuit and an adder circuit. The audio device generates a watermark data, an original audio signal and a high frequency noise signal. The high frequency noise signal pass through a first switch control circuit and a second switch control circuit according to watermark data. A low pass filter circuit filters the high frequency noise signal received from the first switch control circuit to form a first add data. An adder circuit receives the first add data from the low pass filter circuit, receives the high frequency noise signal from the second switch control circuit as a second add data, and adds the first add data and the second add data to the original audio signal.

Abstract: A wireless access point (WAP) including: an airtime correlator, a dormancy allocator and a medium access control (MAC). The airtime correlator is configured to correlate airtime usage of the selected communication channel by the WAP with one of an idle WLAN state characterized by an absence of upstream or downstream communications and an active WLAN state characterized by at least one of upstream and downstream communications on the WLAN. The dormancy allocator is configured to allocate during at least one of the idle and the active WLAN states, a portion of available airtime to at least one dormancy interval in which a base power level of the WAP is reduced at least below a level required to support downstream communications. The MAC is configured to identify for the plurality of station nodes on the WLAN, a contention free period overlapping in time with the at least one dormancy interval.

Abstract: Examples disclosed herein relate to secure boot information with validation control data specifying a validation technique. Examples include determining, with the specified validation technique, whether validation data is consistent with the secure boot information.

Abstract: Various exemplary embodiments relate to a method, device, and storage medium including: receiving an NDEF message by an NFC device including a payload and at least one of a digital signature and a reference to a digital signature; stripping data from the payload to produce a stripped payload; verifying the payload using the digital signature and the stripped payload; and conditionally interpreting the payload based on whether the payload is verified. Various embodiments are described wherein: the payload includes a URI including a fragment denoted by a pound character; and stripping data includes stripping the fragment from the URI. Various embodiments are described wherein the payload is verified, the fragment comprises fragment data, and interpreting the payload comprises: transmitting a message requesting a resource identified by the URI, wherein the request omits the fragment data; executing a received script to transmit the fragment data to a device.

Abstract: In one aspect, an example method for outputting an alert indicating a functional state of a back-up video-broadcast system involves: a computing device receiving a first video-stream that represents first video-content; the computing device generating a first signature based, at least in part, upon an extent of scene-change transitions included within the first video-content; the computing device receiving a second video-stream that represents second video-content; the computing device generating a second signature based, at least in part, upon an extent of scene-change transitions included within the second video-content; the computing device making a determination that the generated first-signature and the generated second-signature lack a threshold extent of similarity; and responsive to the determination that the generated first-signature and the generated second-signature lack the threshold extent of similarity, the computing device outputting an alert.

Abstract: A system, apparatus, method, and machine readable medium are described for authorizing a new authenticator with a relying party. For example, one embodiment of a method comprises: identifying a plurality of relying parties with which an old authenticator is registered; generating at least one key for each of the plurality of relying parties; authenticating with each of the relying parties using a client having the old authenticator configured thereon, the client authorizing the new authenticator by providing an authorization object to each relying party comprising the at least one key, data identifying the new authenticator, and cryptographic data to be used by the relying party to verify the authorization object; and wherein, in response to verifying the authorization object, each relying party registers the new authenticator.

Abstract: The terminal device include the file creation unit for storing a file including a public key in the external storage medium when the terminal device is connected with the external storage medium, and the decryption unit for decrypting the encrypted log using a secret key corresponding to the public key when the terminal is reconnected with the external storage medium storing the encrypted log. The image processing apparatus includes the encryption unit for encrypting a log using the public key stored in the file of the external storage medium, and storing the encrypted log in the external storage medium, when the image processing apparatus is connected with the external storage medium storing the file.

Abstract: A particular method includes generating, at a secure user plane location (SUPL) server, a message to be sent to a mobile device, the message including: a server certificate including an identifier of the SUPL server and a public key of the SUPL server; and a request for a device certificate of the mobile device. The method also includes receiving a reply from the mobile device that includes a device certificate of the mobile device; and authenticating the mobile device as associated with a SUPL user based on the device certificate.

Abstract: A method comprises signing boot code with a public/private cryptographic key pair, and writing to storage the boot code, the public cryptographic key, and the signed boot code.

Abstract: Systems, methods and computer program products for controlling access to position information at a receiver based on various considerations, including a requested service type, a user type, a device type, a software application type, and/or other characteristics associated with a particular software application at the receiver from which the position information was requested.

Abstract: A method for signing a document to be transmitted between two correspondents, i.e. a sender and an addressee, including recording the sender and the addressee of the document for the allocation of a digital identity thereto; authorizing by the addressee a correspondence with the sender; ciphering the document; indicating to the addressee that the document is available; detecting an access to the document by the addressee; generating an electronic report indicating the delivery of the document, the document-delivery electronic report including a set of data associated with the transmission of the document to the addressee, the set including identification of elements concerning the addressee authentication, the sealing of the document, the access to the document by the addressee and the time-stamping of the access to the document by the addressee; and electronically signing, by a reliable third-party using the private key thereof, the document-delivery electronic report.

Abstract: Information corresponding to a set of signatures is maintained, and for each signature in the set, an associated group policy of a network is maintained. A message from a device on the network is intercepted, and the message includes a header. At least a portion of the header matches a signature in the set of signatures. Responsive to determining that the portion of the header matches the signature, the matched signature's associated group policy of the network is applied to the device on the network.

Abstract: An encoding apparatus partitions a digital image into multiple regions for subsequent encoding. A first encryption code is associated with a first region, a second encryption code is associated with a second region and the first code, and a third code is associated with the first code, the second code and a third region. An authentication apparatus authenticates the digital image in an inverse process.

Abstract: A computer-implemented method for trusting digitally signed files in the absence of verifiable signature conditions may include (1) receiving, from an agent on at least one endpoint device, signature information that indicates that a file encountered by the endpoint device has been digitally signed, (2) generating, based at least in part on the signature information received from the endpoint device, a reputation for the file that indicates the file's trustworthiness, (3) receiving a request from an additional agent for reputation information for the file, and (4) sending, in response to receiving the request, the reputation for the file to the additional agent to enable the additional agent to determine the trustworthiness of the file in the absence of verifiable signature conditions. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method and system for anonymous purchase by a first user device, is described, the method and system including sending R from the first user device to a second user device, where R is a result of a one-way function performed on a random number r selected by the first user device, the second user device being operative to send R to a service provider, which stores R with a data string T and the service provider returns a digitally signed R and T to the second user device, thereby providing the a data string T to the second user device, receiving R and T at the first user device from the second device, thereby ensuring that the identity of the first user device remains unknown to the service provider, opening a communication channel between the first user device and the service provider, sending the service provider r and T from the first user device via the communication channel along with a request for the service provider to provide a service, and receiving the requested service from the service provider.

Abstract: The invention relates to a method for assessing the presence of a watermark in a video wherein the video comprises at least a sequence of frames. The method comprises for at least one frame among one of the sequences of frames the steps of computing a set of axial cross-correlation values, wherein each axial cross-correlation value corresponds to a correlation between the frame and a reference watermark shifted along a spatial horizontal axis; obtaining a detection score by computing a weighted sum of values output by a function applied to said axial cross-correlation values; assessing the presence of a watermark according to the detection score. Such method is particularly well adapted to the detection of disparity coherent watermark but is compliant with any watermarking technique. A device implementing the method is further disclosed.