Abstract: A technique in a mobile device which is configured to communicate in a wireless network with use of a communication service provided by a service provider is described. The mobile device is configured to access via the wireless network a server for execution of an e-commerce transaction. The server is configured to administer a proof-of-work test in order to allow completion of the e-commerce transaction. The mobile device receives via the wireless network a token from a token server. The token is digitally signed by the service provider with a digital signature thereof. The mobile device sends via the wireless network a message to the server, and this message includes the token. When token validation of the message at the server is successful, the mobile device completes the e-commerce transaction with the server without performing the proof-of-work test, which is bypassed for the mobile device.

Abstract: A method and system for selecting a communication network by a wireless communication device (106) includes receiving (310) an identification parameter at the wireless communication device from a communication network which identifies the communication network. Next, the method compares (312) the identification parameter with a list at the wireless communication device to determine (314) service information. The service information identifies the services supported by the communication network. The method further includes comparing (316) the service information with a service-related datum at the wireless communication device that indicates the services desired by the wireless communication device. Lastly, the method includes selecting (318) the communication network for accessing a requested service if the service information matches the service-related datum.

Abstract: In one example, a platform device includes a control unit configured to receive a first software package signed by a first software development entity with a first certificate of a first certificate hierarchy associated with the first software development entity, execute the first software package only after determining that a root of the first certificate hierarchy corresponds to a certificate authority of a developer of the platform device, receive a second software package signed by a second software development entity with a second certificate of a second certificate hierarchy associated with the second software development entity, wherein the second certificate hierarchy is different than the first certificate hierarchy, and execute the second software package only after determining that a root of the second certificate hierarchy corresponds to the certificate authority of the developer of the platform device.

Abstract: A computer-implemented system and method for pool-based identity generation and use for service access is disclosed. The method in an example embodiment includes seeding an identity generator with a private key; retrieving independently verifiable data corresponding to a service consumer; using the independently verifiable data to create signed assertions corresponding to the service consumer; generating a non-portable identity document associated with the service consumer, the identity document including the signed assertions; signing the identity document with the private key; and conveying the signed identity document to the service consumer via a secure link.

Abstract: At least one node in a distributed hash tree document verification infrastructure is augmented with an identifier of an entity in a registration path. A data signature, which includes parameters for recomputation of a verifying value, and which is associated with a digital input record, will therefore also include data that identifies at least one entity in the hash tree path used for its initial registration in the infrastructure.

Abstract: A method and apparatus of a network element that authenticates a field replaceable unit of the network element is described. The network element authenticates a field replaceable unit of the network element by generating a nonce. In addition, the network element generates a signature using a nonce and a private encryption key that is securely stored in the field replaceable unit. The network element further verifies the signature using a public encryption key that is a pair to the private encryption key and is not securely stored in the field replaceable unit. If the field replaceable unit is verified, the network element uses the field replaceable unit to operate the network element. Otherwise, the network element disables the field replaceable unit.

Abstract: Provided is an information processing apparatus including a reception unit that receives a request for access to an IC chip from an application having access right information for accessing to the IC chip, an acquisition unit that acquires an authentication information for authenticating the application from an external server based on the access right information contained the request for access received by the reception unit, an authentication unit that authenticates the application based on the authentication information obtained by the acquisition unit, and a control unit that controls an access of the application to the IC chip based on an authentication result by the authentication unit.

Abstract: A method and apparatus of a network element that authenticates a transceiver and/or a field replaceable unit of the network element is described. The network element generates a stored transceiver signature using transceiver data stored in the removable transceiver and a nonce. In addition, the network element generates a hardware transceiver signature using data stored in secure storage of the network element and the nonce. If the stored transceiver signature and the hardware transceiver signature are equal, the network element uses the transceiver to communicate network data for the network element. Otherwise, the network element disables the transceiver.

Abstract: A computer-implemented method for signing computer applications is disclosed. The method includes generating a compiled version of a first software application, signing the first software application with a digital certificate locally to a developer of the first software application without assistance from a central certification authority, and submitting the signed first software application to an on-line application store.

Abstract: The user device includes: a recording unit which stores system parameters as respective parameters given in advance, a disclosure public key, a user public key, a user private key, a member certificate, and an attribute certificate; an input/output unit which receives input of the document from the user and an attribute the user intends to disclose; a cryptograph generating module which generates a cryptograph based on the inputted document, the attribute to be disclosed, and each of the parameters; a signature text generating module which generates a zero-knowledge signature text from the generated cryptograph; and a signature output module which outputs the cryptograph and the zero-knowledge signature text as the signature data. The user public key and the attribute certificate are generated by using a same power.

Abstract: Various embodiments of the present invention relate to systems, methods, and computer-readable medium providing licensing rights for media content that follows a subscriber so that the subscriber may experience the media content on various content distribution platforms. In particular embodiments, the systems, methods, and computer-readable medium transfer licensing rights for a user for particular media content that is associated with a first device on a first distribution platform so that the rights are associated with a second device on a second distribution platform. As a result, in various embodiments, the user is able to experience the particular media content with the use of the second device on the second distribution platform.

Abstract: Methods, apparatus and computer program products are provided to authenticate and determine the integrity a software part. In this regard, a software part is authenticated and its integrity is determined by determining a first hash of the digital data that comprises the software part. If the air vehicle lacks data communications connectivity with an off-board security system, the method determines the authenticity and integrity of the software part by decrypting an encrypted hash of a software part in accordance with a public-private key pair to create a decrypted hash, comparing the first hash with the decrypted hash and transmitting the first hash to the off-board security system once data communications connectivity is established. Conversely, if the air vehicle has data communications connectivity with the off-board security system, the method determines the integrity of the software part by transmitting the first hash to the off-board security system for comparison with a whitelist.

Abstract: An elliptic curve random number generator avoids escrow keys by choosing a point Q on the elliptic curve as verifiably random. An arbitrary string is chosen and a hash of that string computed. The hash is then converted to a field element of the desired field, the field element regarded as the x-coordinate of a point Q on the elliptic curve and the x-coordinate is tested for validity on the desired elliptic curve. If valid, the x-coordinate is decompressed to the point Q, wherein the choice of which is the two points is also derived from the hash value. Intentional use of escrow keys can provide for back up functionality. The relationship between P and Q is used as an escrow key and stored by for a security domain. The administrator logs the output of the generator to reconstruct the random number with the escrow key.

Abstract: Aspects of the invention include methods and systems for electronically signing a plurality of documents, such as an insurance application, a loan application, a set of mortgage papers, a bank application, or the like. A customer, or multiple customers, electronically submits the signature once and the customer's one signature is applied to all of the areas where the customer signature is required. The electronic signature may include initials and/or a graphical representation of the customer's handwritten signature. Aspects of the invention include an apparatus comprising a display, a memory, and a processor coupled to the memory and programmed with computer-executable instructions that, when executed, perform a method for electronically signing a plurality of documents.

Abstract: In one embodiment, non-transitory computer-readable medium stores instructions for establishing a trusted two-way communications session for account creation for an online store, which include instructions for causing a processor to perform operations comprising retrieving and verifying a signed configuration file from a server, requesting a communication session using the configuration file, receiving a payload of account creation forms from a network client, signing the payload according to the server configuration file, and sending the signed payload containing account creation information to the server. In one embodiment, a computer-implemented method comprises analyzing timestamps for requests for data forms for supplying account creation information for evidence of automated account creation activity and rejecting the request for the locator of the second account creation form if evidence of automated account creation activity is detected.

Abstract: A method for embedding a secret message into a PNG image comprises steps: converting a secret message into a plurality of secret codes; converting the secret codes into a plurality of secret shares; using a mapping process to modify values of the secret shares to approach a full-transparent value of an alpha channel of a PNG image, and sequentially embedding the mapped secret shares into the alpha channel. As the secret shares with high-transparent values, they leave the RGB channels untouched. Thus, embedding the secret shares into the PNG image does not make difference in the appearances between the secret-carrying image and the original PNG image. Therefore, the present invention can transmit secret message securely and realize covert communication.

Abstract: A fingerprinting method. For each round in a series of rounds: providing to each receiver in a set of receivers a version of a source item of content, the source item of content corresponding to the round. For the round there is a corresponding part of a fingerprint-code for the receiver, the part includes one or more symbols. The version provided to the receiver represents those one or more symbols. One or more corresponding symbols are obtained from a suspect item as a corresponding part of a suspect-code. For each receiver in the set of receivers, a corresponding score that indicates a likelihood that the receiver is a colluding-receiver is updated.

Abstract: Dynamic key cryptography validates mobile device users to cloud services by uniquely identifying the user's electronic device using a very wide range of hardware, firmware, and software minutiae, user secrets, and user biometric values found in or collected by the device. Processes for uniquely identifying and validating the device include: selecting a subset of minutia from a plurality of minutia types; computing a challenge from which the user device can form a response based on the selected combination of minutia; computing a set of pre-processed responses that covers a range of all actual responses possible to be received from the device if the combination of the particular device with the device's collected actual values of minutia is valid; receiving an actual response to the challenge from the device; determining whether the actual response matches any of the pre-processed responses; and providing validation, enabling authentication, data protection, and digital signatures.

Abstract: A digitally signed manifest file includes metadata that specifies whether a policy regarding the digital signature should be enforced. The policy is then used to generate additional metadata associated with the program and ad content of the video stream. The metadata is tamper resistant so that any modification or removal of the metadata will prevent the video stream from playing. If the metadata indicates that the policy should be enforced, the digital signature of the manifest is verified by the client, and an invalid or missing signature prevents the video stream from being played back. The metadata defines which media players are allowed and/or not allowed to play back a video stream, including media players that are configured to skip or remove ads, and/or includes an encryption key identifier for verifying the digital signature. The ad content is digitally signed to prevent modification or replacement of the ad content.

Abstract: A method for signing a digital message, including the following steps: selecting parameters that include first and second primes, a ring of polynomials related to the primes, and at least one range-defining integer; deriving private and public keys respectively related to a random polynomial private key of the ring of polynomials, and to evaluations of roots of unity of the random polynomial to obtain a public key set of integers; storing the private key and publishing the public key; signing the digital message by: (A) generating a noise polynomial, (B) deriving a candidate signature by obtaining a hash of the digital message and the public key evaluated at the noise polynomial, and determining the candidate signature using the private key, a polynomial derived from the hash, and the noise polynomial, (C) determining whether the coefficients of the candidate signature are in a predetermined range dependent on the at least one range-defining integer, and (D) repeating steps (A) through (C) until the criterion

Abstract: A method may include receiving data and first path-metadata. The first path-metadata may include a first entity identifier. The first entity identifier may be associated with a first receiving entity that receives the data and the first path-metadata from an originating entity. The first path-metadata may also include a first digital signature associated with the originating entity. The method may further include receiving second path-metadata that may include the first path-metadata and a second entity identifier associated with a second receiving entity. The second path-metadata may also include a second digital signature associated with the first receiving entity. The method may additionally include verifying that the data was communicated by the originating entity to the first receiving entity and from the first receiving entity to the second receiving entity based on the first path-metadata, the second path-metadata, the first digital signature, and the second digital signature.

Abstract: This patent application is generally related to watermarking and steganography. One claim recites a method of transmarking an audio or video signal previously embedded with a first digital watermark using a first digital watermark embedding method. The method includes: utilizing a programmed electronic processor, decoding the first digital watermark from the audio or video signal, in which the decoding determines relationships or values associated with local masking opportunities of the media signal; converting the audio or video signal into a different form; and utilizing a programmed electronic processor, embedding decoded message information from the first digital watermark into a second digital watermark in the different form such that the second digital watermark is adapted to robustness or perceptibility parameters associated with the different form. Of course, other combinations and claims are provided as well.

Abstract: A system and method for messaging application content that includes providing an application content messaging application programming interface (API); receiving a content delivery request from an account, through the application content messaging API; retrieving device information of a destination endpoint specified in the content delivery request; based on the device information, selecting an application content format from a set of formats and obtaining application content in the application content format; and transmitting the application content.

Abstract: A novel code signing system, computer readable media, and method are provided. The code signing method includes receiving a code signing request from a requestor in order to gain access to one or more specific application programming interfaces (APIs). A digital signature is provided to the requestor. The digital signature indicates authorization by a code signing authority for code of the requestor to access the one or more specific APIs. In one example, the digital signature is provided by the code signing authority or a delegate thereof. In another example, the code signing request may include one or more of the following: code, an application, a hash of an application, an abridged version of the application, a transformed version of an application, a command, a command argument, and a library.

Abstract: A server receives a package of data including: a document designated for notarization, identification information including a photograph, photograph of a user, and a signature of the user. The server compares the photograph of the user to the photograph included with the identification information. Next, the server verifies an identity of the user based on the identification information and the photograph by comparing the photograph of the signer to the photograph included with the identification information. The server then applies the signature and an indication of notarization to the document designated for notarization to create a notarized version of the document. The server stores the notarized version of the document, the photograph, and the identification document in a secure data package, and provides the notarized version of the document to the user.

Abstract: At least one machine accessible medium having instructions stored thereon for authenticating a hardware device is provided. When executed by a processor, the instructions cause the processor to receive two or more device keys from a physically unclonable function (PUF) on the hardware device, generate a device identifier from the two or more device keys, obtain a device certificate from the hardware device, perform a verification of the device identifier, and provide a result of the device identifier verification. In a more specific embodiment, the instructions cause the processor to perform a verification of a digital signature in the device certificate and to provide a result of the digital signature verification. The hardware device may be rejected if at least one of the device identifier verification and the digital signature verification fails.

Abstract: A cryptosystem prevents replay attacks within existing authentication protocols, susceptible to such attacks but containing a random component, without requiring modification to said protocols. The entity charged with authentication maintains a list of previously used bit patterns, extracted from a portion of the authentication message connected to the random component. If the bit pattern has been seen before, the message is rejected; if the bit pattern has not been seen before, the bit pattern is added to the stored list and the message is accepted.

Abstract: An authenticated RFID system is provided that uses elliptic curve cryptography (ECC) to reduce the signature size and read/write times when compared to traditional public key implementations such as RSA. Either ECDSA or ECPVS can be used to reduce the signature size and ECPVS can be used to hide a portion of the RFID tag that contains sensitive product identifying information. As a result, smaller tags can be used or multiple signatures can be written at different stages in a manufacturing or supply chain. A key management system is used to distribute the verification keys and aggregate signature schemes are also provided for adding multiple signatures to the RFID tags, for example in a supply chain.

Abstract: A method of operating an audio system in an automobile includes identifying a user of the audio system. An audio recording playing on the audio system is identified. An audio setting entered into the audio system by the identified user while the audio recording is being played by the audio system is sensed. The sensed audio setting is stored in memory in association with the identified user and the identified audio recording. The audio recording is retrieved from memory with the sensed audio setting being embedded in the retrieved audio recording as a watermark signal. The retrieved audio recording is played on the audio system with the embedded sensed audio setting being automatically implemented by the audio system during the playing.

Abstract: The object is to provide a secure functional encryption scheme having many cryptographic functions. An access structure is constituted by applying the inner-product of attribute vectors to a span program. The access structure has a degree of freedom in design of the span program and design of the attribute vectors, thus having a large degree of freedom in design of access control. A functional encryption process is implemented by imparting the access structure to each of a ciphertext and a decryption key.

Abstract: A verification device 101 receives extracted and sanitized data 113 that has been sanitized to protect the privacy of person A. The verification device 101, extracts from among MCU-hash storage data 123 and for MCU1 and MCU2 among MCUs obtained by dividing the extracted and sanitized data 113, an MCU1 hash and an MCU2 hash. The verification device 101 generates an MCU3 hash to an MCU6 hash and from the MCU1 hash to the MCU6 hash, generates a JPEG frame hash 125. The verification device 101 then compares a JPEG hash 121 and the JPEG hash 125 to verify the authenticity of the extracted and sanitized data 113.

Abstract: According to one embodiment, a authentication method comprising: generating a second key by the first key, the first key being stored in a memory and being prohibited from being read from outside; generating a session key by the second key; generating first authentication information, the secret identification information stored in a memory and being prohibited from being read from outside; transmitting encrypted secret identification information to an external device and receiving second authentication information from the external device, the encrypted secret identification information stored in a memory and readable, the second authentication information generated based on the encrypted secret identification information; and determining whether the first authentication information and the second authentication information match.

Abstract: A certification method comprises steps of: providing a reliable time clock on a first electronic device; when data of the digital file are generated on the first electronic device, reading a reliable time count from the reliable time clock and adding the reliable time count into the digital file; generating a first abstract code from the digital file; generating a signature of the digital file by encrypting the first abstract code; and, sending the digital file and the signature to a second electronic device. In addition, electronic devices corresponding to the certification method are also disclosed herein.

Abstract: A method for verifying the integrity of platform software of an electronic device is provided, the method comprising accessing a module of said platform software, obtaining a signature (S), obtaining a verification key (VK), said verification key (VK) corresponding to a signing key (SK), verifying if said signature (S) was derived by signing said platform software module with said signing key (SK), by using said verification key (VK), and establishing a positive verification of said platform software module if said verification is successful. The invention also provides a method for providing a platform software module to perform the aforementioned method, and a device on which the aforementioned method can be performed.

Abstract: There is provided a method to enable mobile devices to rendezvous on a shared communication service. The method includes steps for creating, via a device, a shared username and a shared password for a private channel in a communication network, determining a unique channel identification (ID) for the private channel based on the shared username and the shared password, and configuring the device with the shared username and the shared password. The method further includes steps for subscribing the device to the private channel using the unique channel ID, transmitting, in response to a discovery request, a self-identification discovery response over the private channel, and broadcasting data between the device and each additional device connected to the private channel.

Abstract: Described systems and methods allow a classification of electronic documents such as email messages and HTML documents, according to a document-specific text fingerprint. The text fingerprint is calculated for a text block of each target document, and comprises a sequence of characters determined according to a plurality of text tokens of the respective text block. In some embodiments, the length of the text fingerprint is forced within a pre-determined range of lengths (e.g. between 129 and 256 characters) irrespective of the length of the text block, by zooming in for short text blocks, and zooming out for long ones. Classification may include, for instance, determining whether an electronic document represents unsolicited communication (spam) or online fraud such as phishing.

Abstract: In an example, a method for secure publication of content is described. The method may include encrypting content with a media key. The method may also include providing the encrypted content to a client device associated with a private key and a public key. The private key may be stored at the client device. The method may also include encrypting the media key with the public key. The method may also include providing the encrypted media key to the client device.

Abstract: A method and system for the secure delivery of data to a remote device that has been registered and which requires authentication through the use of a multifactor signature profile is disclosed, and in particular according to certain disclosed aspects, a method and system for ensuring that an authenticated remote device remains authenticated.

Abstract: The terminal device 600 comprises: a read unit configured to read encrypted content and a content signature from a regular region of a recording medium device 700, and to read a converted title key from an authorized region of the recording medium device 700, the converted title key having been converted from a title key with use of a content signature generated by an authorized signature device 500; a title key reconstruction unit configured to generate a reconstructed title key by reversely converting the converted title key with use of the content signature read by the read unit; and a playback unit configured to decrypt the encrypted content with use of the reconstructed title key to obtain decrypted content, and to play back the decrypted content.

Abstract: A system for detecting file upload vulnerabilities in web applications is provided. The system may include a black-box tester configured to upload, via a file upload interface exposed by a web application, a file together with a signature associated with the file. An execution monitor may be configured to receive information provided by instrumentation instructions within the web application during the execution of the web application. The execution monitor may be configured to recognize the signature of the uploaded file as indicating that the uploaded file was uploaded by the black-box tester. The execution monitor may also be configured to use any of the information to make at least one predefined determination assessing the vulnerability of the web application to a file upload exploit.

Abstract: A digital signature method, a method for initializing a digital signature scheme, a system for digitally signing a message and a computer program product are described. At least the digital signature method involves a signer having a weak security parameter. The signer retrieves a cryptographic element from each of a plurality of computing entities. Each cryptographic element is a function of a commitment supplied by the signer and the commitment includes a cryptographic function of a weak security parameter provided by the signer. A strong cryptographic security parameter is generated using a plurality of said elements. A message is then signed according to the digital signature scheme using the strong cryptographic security parameter to generate a digital signature.

Abstract: With the widespread use of the distributed systems comes the need to secure such systems against a wide variety of threats. Recent security mechanisms are grossly inadequate in authenticating the program executions at the clients or servers, as the clients, servers and the executing programs themselves can be compromised after the clients and servers pass the authentication phase. A generic framework is provided for authenticating remote executions on a potentially untrusted remote server—essentially validating that what is executed at the server on behalf of the client is actually the intended program. Details of a prototype Linux implementation are also described, along with some optimization techniques for reducing the run-time overhead of the present scheme. The performance overhead of this technique varies generally from 7% to 24% for most benchmarks, as seen from the actual remote execution of SPEC benchmarks.

Abstract: The present invention is directed to a secure communication network that enables multi-point to multi-point proxy communication over the network. The network employs a smart server that establishes a secure communication link with each of a plurality of smart client devices deployed on local client networks. Each smart client device is in communication with a plurality of agent devices. A plurality of remote devices can access the smart server directly and communicate with an agent device via the secure communication link between the smart server and one of the smart client devices.

Abstract: Systems and methods for integrating biometric authentication with video conference sessions are described. An individual seeking to participate in a video conference may first be identified with a biometric parameter such as an iris scan based on a comparison of the scanned iris with a database of stored parameters. If authorized, the system may connect the individual to the video session. In addition, the system may generate dynamic tags that allow the participants to identify and locate individuals in the video conference. For example, if one of the participants is speaking and moving within the room, her tag may change color and move with her on the video screen.

Abstract: A method and apparatus for selectively securing records in a Near Field Communication Data Exchange Format (NDEF) message in a Near Field Communication (NFC) device are provided. The method includes generating a place marker signature record by setting a URI_present field to ‘0’ and setting a signature_type field to a predefined value, wherein a combination of the URI_present field set to ‘0’ and the signature_type field set to the predefined value indicates that a signature Record Type Definition (RTD) is a place marker signature record; and placing the place marker signature record in the NDEF message, wherein a set of records following the place marker signature record are secured.

Abstract: This document describes a method of processing data which consists in detecting and storing in a device the stream of navigation messages and the physical parameters of the signals received in a receiver originating from the satellite-based or terrestrial navigation systems and its comparison with the original data transmitted by the navigation system with respect to a time reference common for all the signals. The stream recorded generates a signature which is unique for each instant and each position over the whole service area (Earth or other planet or celestial body). The result of the processing of the data for a particular point of the Earth serves to validate and authenticate the position and the time reference that are delivered by the navigation receiver as well as the quality and authenticity of the signal received.

Abstract: Systems, methods, and computer-readable storage media for encrypting communications containing or referencing globally unique identifiers to prevent unauthorized access to content item data, such as through spoofing or ancillary information leakage. An example system configured to practice the method identifies a communication, between a storage environment and a client device, associated with a globally unique identifier for a content item stored in at least one of the storage environment and the client device. The content item can be addressable via a globally unique identifier. Prior to transmitting the communication, the system can encrypt a portion of the communication containing the globally unique identifier using an encryption key based on a client-specific key and a secret version-specific key to yield an encrypted communication, and transmit the encrypted communication to the client device.

Abstract: Methods, systems and computer program products are provided for controlling the disclosure time of information by a publisher to one or more recipients. A trusted body generates an asymmetrical key pair for a specified date and time of disclosure with an encryption key and a decryption key. The trusted body provides a digital certificate signed with a private key of the trusted body providing the publisher with the encryption key prior to the specified date and time. The publisher uses the encryption key to encrypt data and a recipient obtains the encrypted data at any time prior to the specified date and time. The trusted body then makes the decryption key available to the recipient at or after the specified date and time.

Abstract: According to one embodiment of the invention, a method for setting permission levels is described. First, an application and digital signature is received by logic performing the permission assessment. Then, a determination is made as to what permission level for accessing resources is available to the application based on the particulars of the digital signature. Herein, the digital signature being signed with a private key corresponding to a first public key identifies that the application is assigned a first level of permissions, while the digital signature being signed with a private key corresponding to a second public key identifies the application is assigned a second level of permissions having greater access to the resources of an electronic device than provided by the first level of permissions.

Abstract: Provided are apparatuses and methods of generating and verifying signature information for data authentication. A method of verifying signature information may involves receiving signature information with respect to a predetermined number of data segments from a transmitter, constructing a hash tree based on the signature information, and verifying a validity of the signature information, by verifying trapdoor hash values using a root hash value of the constructed hash tree.