Abstract: Methods and apparatuses for providing a real-time indication of platform trust are provided. Embodiments include an integrity reporting module determining that a platform is currently operating in a system management mode (SMM) and receiving from an integrity measurement module, an integrity measurement results signal. Embodiments also include the integrity reporting module determining whether the received integrity measurement results signal indicates the platform is trusted. If the received integrity measurement results signal indicates that the platform is trusted, the integrity reporting module provides to a user of the platform, a real-time visual indication that the platform is trusted. If the received integrity measurement results signal indicates that the platform is not trusted, the integrity reporting module provides to the user a real time visual indication that the platform is not trusted.

Abstract: An E-mail information management apparatus acquires a plurality of predetermined information from a mail header and a mail body and signature related information as signature target information, produces feature variable information and electronic signature data, and stores the signature target information, the variable information and the electronic signature data, as signature header information in a header portion of the E-mail.

Abstract: In one embodiment, a mobile device performs an over-the-air firmware update by writing the updated firmware to a inactive system image partition, and rebooting the device. The security of the OTA update is maintained through checking a plurality of security signatures in an OTA manifest, and the integrity of the data is maintained by checking a hash value of the downloaded system image.

Abstract: A data security system includes providing a unique identification from a first system to a second system; copying the unique identification in the second system by the first system; and unlocking a memory in the first system or the second system only when the unique identifications in the first system and the second system are the same.

Abstract: A system for managing security certificates on a plurality of remote computers comprises a certificate manager that can determine in accordance with at least one preestablished criterion whether a security certificate on a remote computer is to be managed. The system also includes an installer module that can access an account of the remote computer to manage the security certificate. Methods of using the system are also provided.

Abstract: Systems and methods are provided for handling electronic messages. An electronic message is examined as to whether the message contains one or more encoding properties. A visual indication is generated for use in a display to a user wherein the visual indication is displayed to the extent to which the encoding property applies to a displayed portion of the message.

Abstract: A method for producing an electro-biometric signature allowing legal interaction between and the identification of persons utilizing biometric features. The method includes inputting a user's biometric features in a pre-determined sequence and checking that no feature is entered repeatedly.

Abstract: A method for secure data transfer in an automation network wherein the method comprises authenticating a user by a program invocation rights system aided by user data for approving a use of the program invocation by the user, encrypting and signing data by the program invocation, were the data contains the user data. The method also includes transferring the data by a transfer medium from the program invocation to the subassembly, decrypting the data in the subassembly, authenticating the program invocation associated with the subassembly, and authenticating the user by the subassembly rights system aided by the user data.

Abstract: In a certification request, a user device includes an object identifier. When a certification authority generates an identity certificate responsive to receiving the certification request, the certification authority includes the object identifier, thereby allowing improved management of the identity certificate at the user device and elsewhere.

Abstract: An information distribution system described herein is capable of securely storing digitized personal information in an encrypted state in a storage section and securely transferring/disclosing the stored digitized information only to a particular third person via a network. Communication of the information is securely performed in the encrypted state between information terminals connected to the communication network. An information terminal which has created information encrypts the original information by a common key generated upon communication and stores the information in a secure storage of one of the information terminals connected to the communication network while maintaining the encrypted state. Further, the system creates a mechanism for authenticating a person having a particular authority for viewing the encrypted information and index information having an encrypted common key and link information indicating the location of the information for supply to a user.

Abstract: There is provided a device application programming interface (API) for securely monitoring and managing mobile broadband devices. There is provided a client device with a processor configured to detect, using an API, the WWAN device, wherein the WWAN device conforms to the API, to perform a mutual authentication with the WWAN device by using a digital certificate of the WWAN device and a client digital certificate of the client device, to establish a secure connection with the WWAN device upon a successful authentication of the mutual authentication with the WWAN device. Moreover, the processor may be configured to issue, using the API, various commands to the WWAN device to monitor and manage the WWAN device.

Abstract: Systems, methods, and computer-program products enable a security system. Trust information is received, at a computer, where the trust information corresponds to an application and wherein the trust information comprising a digital signature from a trusted entity that is different than the developer of the application. A determination is made whether a user associated with the computer trusts the trusted entity. The digital signature is used to install the application on the computer if the user trusts the trusted entity.

Abstract: To validate a received certificate issuance notification message, a device may verify that the certificate issuance notification message conforms to expected norms or authenticate a signature associate with the certificate issuance notification message. Upon validating, the device may then transmit a uniform resource locator, extracted from the certificate issuance notification message, to a network entity configured for processing certificate issuance.

Abstract: Systems and methods are provided for tracking electronic files in computer networks using electronic signatures. A signature program installed on a network node inserts an electronic signature into certain encoded media files when they are transferred to other network users. Each network user is issued a unique electronic signature based on public key infrastructure. A signature repository supplies the recipient signature to the signature program prior to transferring a file. The sender and recipient signatures are appended to a portion of the media file, preferably the lower order bits to minimize perceptible file degradation. A transaction record is thereby written into the file and a copy of the transfer information is stored centrally at the repository, thereby creating a traceable record of a file's movement.

Abstract: A method, system and apparatus for authenticating a communication request sent from a client computing device. The communication request is initially blocked by a firewall preventing delivery to a server. A first logging event corresponding to the communication request is created. The communication request and the logging event are stored in a firewall. The server is notified of the first logging event. The communication request corresponding to the first logging event is authenticated. A port in the firewall is enabled if the communication request is authenticated.

Abstract: Provided is an authentication device including a key setting unit for setting a multi-order polynomial ui(t) (i=1 to n?1) to a secret key and setting a multi-order polynomial f that satisfies f(u1(t), . . . , un-1(t),t)=0 to a public key, a message transmission unit for transmitting a message c to a verifier, a verification pattern reception unit for receiving information on one verification pattern selected by the verifier from k (k?3) verification patterns for one message c, and a response transmission unit for transmitting, to the verifier, response information, among k types of response information, corresponding to the information on the verification pattern received by the verification pattern reception unit. The response information is information that enables calculation of the secret key ui in a case all of the k verification patterns for the message c performed by using the k types of response information have been successful.

Abstract: The invention discloses a platform authentication method suitable for trusted network connect (TNC) architecture based on tri-element peer authentication (TePA). The method relates to a platform authentication protocol of tri-element peer authentication, and the protocol improves network security as compared with prior platform authentication protocols; in the platform authentication protocol of the TNC architecture based on TePA, a policy manager plays a role as a trusted third party, which is convenient for concentrated management, thus enhancing manageability; the invention relates to the platform authentication protocol of the TNC architecture based on TePA, has different implementation methods and is beneficial for different dispositions and realizations.

Abstract: A low-cost, network based, secure printer that can provide multiple vendors with independent protected access, as authorized by a secure printer authority, is provided. The secure printer authority issues certificates for each secure printer and authorized vendor. Each certificate includes a public key and identification for the respective secure printer or vendor. The certificates are utilized during generation of a secret session key that preferably can be utilized only once to print the requested document. The secret session key is used by the vendor to encrypt the document, and used by the printer to decrypt the document. Since the secret session key is preferably valid for only a single document, printing of the document can only occur once, thereby preventing any fraudulent printing of the document. Additionally, only vendors authorized by the secure printer authority will have the ability to establish session keys with the printer.

Abstract: In one embodiment, a method of implementing trusted compliance operations inside secure computing boundaries comprises receiving, in a secure computing environment, a data envelope from an application operating outside the secure computing environment, the data envelope comprising data and a compliance operation command, verifying, in the secure computing environment, a signature associated with the data envelope, authenticating, in the secure computing environment, the data envelope, notarizing, in the secure computing environment, the application of the command to the data in the envelope, executing the compliance operation in the secure environment; and confirming a result of the compliance operation to a client via trusted communication tunnel.

Abstract: A method for data display includes storing an identification code and receiving encoded video content for playback. The encoded video content is decoded so as to output a series of video frames while modulating a background level of the video frames in the series according to the identification code. Related systems and methods are also included.

Abstract: Various methods and systems for securing access to hash-based storage systems are disclosed. One method involves receiving information to be stored in a storage system from a storage system client and then generating a key. The key identifies the information to be stored. The value of the key is dependent upon a secret value, which is associated with the storage system. The key is generated, at least in part, by applying a hash algorithm to the information to be stored. The key can then be returned the key to the storage system client. The storage system client can then use the key to retrieve the stored information.

Abstract: A system shares encryption-related metadata between layers of a storage I/O stack. Additionally, a detection mechanism ensures that certain layers within the storage I/O stack are present and cooperate with a particular protocol. Along these lines, functional components engage in an in-band communications protocol, such as a data encryption key (DEK) management protocol. The in-band communications protocol employs protocol commands and responses carried along the data path as contents of in-band transport messages and responses, such as special SCSI read commands and their responses. The protocol commands and responses include a handshake command and a handshake response used during an initial handshake operation. Each protocol command and response has a protocol signature field carrying one of distinct first and second signature values which are used to identify the presence of the protocol command or response in the transport messages and responses at different locations along the data path.

Abstract: A system for tracking an illegal distributor and preventing an illegal content distribution includes: a forensic mark generator for receiving content and a content identification code from a content providing apparatus to generate a forensic mark; a forensic mark database for storing the generated forensic mark; a forensic mark insertion unit for inserting the forensic mark into the content; and a content database for storing the content into which the forensic mark has been inserted. The system further includes a content transmitter for transmitting the content into which the forensic mark has been inserted to the content utilization apparatus.

Abstract: Disclosed herein are an apparatus for generating the privacy-protecting document authentication information and a method of performing privacy-protecting document authentication. The apparatus for generating the privacy-protecting document authentication information includes an electronic signature information generation unit, a multi-dimensional code generation unit, and a multi-dimensional code output unit. The electronic signature information generation unit generates electronic signature information for the content of an input document. The multi-dimensional code generation unit generates a multi-dimensional code corresponding to the generated electronic signature information. The multi-dimensional code output unit outputs the generated multi-dimensional code onto the document.

Abstract: Certain embodiments described herein provide methods and systems for media recognition. One exemplary embodiment involves recognizing a piece of media in two steps. First, a watermark may be recognized that identifies that the media has a media identifying fingerprint. Second, that fingerprint is retrieved and used to recognize the media content. Using a combination of watermarking and fingerprinting techniques provides various advantages, for example, it may address traditional inaccuracies involved with watermarking while reducing the computational power and bandwidth required to analyze every piece of media for a fingerprint.

Abstract: The disclosure relates generally to geographic-based signal detection. One claims recites a method including: receiving information indicating a geographical area; with reference to at least a portion of the information indicating a geographical area, selecting a machine-readable indicia detector that corresponds to the information indicating a geographical area; using a programmed processor, processing machine-readable indicia with the selected machine-readable indicia detector to obtain a plural-bit message; and carrying out an action using the plural-bit message. Of course, other claims and combinations are provided as well.

Abstract: A method of preparing a digital medical image for secure transmission, the method comprising embedding data into the digital medical image using a reversible watermarking process, generating a code for tamper detection and localization from the digital medical image using a computational function, and embedding the code for tamper detection and localization into the digital medical image using the reversible watermarking process; and a method of reviewing a digital medical image prepared by the method of preparing, the method of reviewing comprising retrieving the code for tamper detection and localization from the digital medical image; reversing the watermarking processes to obtain a restored image; generating a code from the restored image using the computational function; and comparing the retrieved code for tamper detection and localization with the code generated from the restored image to detect and locate tampering.

Abstract: A system enables intermediary communication components to carry out cross enterprise communication. At a first sending enterprise the system comprises: a processor executing code to: receive a signed encrypted message from a sender within a first enterprise; validate the sender; decrypt the message; encrypt the message for receipt by a second enterprise; sign the encrypted message by the first enterprise; and send the re-signed re-encrypted message to a second enterprise. At the second receiving enterprise, the system comprises a processor executing code to: receive a signed encrypted message from a first enterprise; validate that the first enterprise is the sender; decrypt the message; encrypt the message for receipt by recipients at the second enterprise; sign the encrypted message by the second enterprise indicating that the message is from the first enterprise; and send the re-signed re-encrypted message to the recipients of the second enterprise.

Abstract: A system and method for signing and authenticating electronic documents using public key cryptography applied by one or more server computer clusters operated in a trustworthy manner, which may act in cooperation with trusted components controlled and operated by the signer. The system employs a presentation authority for presenting an unsigned copy of an affixing an electronic signature to the unsigned document to create signed electronic document. The system provides an applet for a signing party's computer that communicates with the signature authority.

Abstract: Upon adding a visible electronic signature to an electronic file, deterioration in visibility of characters is prevented by arranging a character image data of a portion overlapping with a region of the visible electronic signature in an upper position layer above the visible electronic signature. There are included a step for extracting a character image data from an image data, a step for generating a character image layer data in which only the character image data is described on a transparent background if a region where the visible electronic signature is arranged and the region of the character image data overlap with each other, and a step for generating an electronic file with a layered structure having the character image layer data, the visible electronic signature and the image data in that order from an upper position of the layered structure.

Abstract: Techniques relating to directed signature workflow of a document are described. In one instance, a process enables a publishing user to populate a body portion of a document with content. The process also allows the publishing user to populate an associated digital signature definitions portion of the document with at least one requested consuming user's name and at least one condition associated with a digital signature of the requested consuming user.

Abstract: A method for generating a digital signature includes calculating a first magnitude representative of the inverse of a random number raised to the power two; obtaining a first element of the digital signature by executing scalar multiplication between an established point of the elliptic curve and the random number; obtaining a second magnitude by executing modular multiplication, with modulus corresponding to the established elliptic curve's order between the first magnitude and the secret encryption key; obtaining a third magnitude by executing a modular multiplication, with modulus corresponding to the established elliptic curve's order between the random number and the secret encryption key; obtaining a first addend of a second element of the digital signature by executing a modular multiplication, with modulus corresponding to the established elliptic curve's order between the second magnitude and the third magnitude; and generating a second element of the digital signature based on the first addend.

Abstract: A long-term signature server includes a signing target data acquisition function for acquiring signing target data, a signature data transmission function for transmitting to a long-term signature terminal signature data for the electronic-signing of the acquired signing target data, a signature value reception function for receiving an electronic signature value of the signing target data generated using the signature data transmitted from the long-term signature terminal, a time stamp acquisition function for acquiring a time stamp corresponding to the received electronic signature value, and a signature data generation function for generating basic signature data using at least the acquired signing target data, the received electronic signature value, and the acquired time stamp.

Abstract: A message signing system including a processor operative to receive a seed S0 and a number N from an authority providing permission to digitally sign up to N messages for a client device, successively apply a one-way function to the seed S0 yielding a chain having a plurality of values Si, i being greater than zero, create up to N digital signatures, creation of each digital signature including evaluating an encryption function with one of the values Si and a MAC of one of the messages as input to the encryption function, the MAC being a keyed hash function, each of the created digital signatures being based on a different one of the values Si and a different one of the messages, and send the created digital signatures and the messages signed by the created digital signatures to the client device. Related apparatus and methods are also included.

Abstract: Disclosed are various embodiments for confirming transactions between cryptographic applications. A transaction confirmation is generated using metadata for ciphertext data. The transaction confirmation is signed using a private key of a temporary key pair. The signed transaction confirmation and a public key of the temporary key pair are converted into a publication format. The signed transaction confirmation and the public key of the temporary key pair are then published in the publication format.

Abstract: A processor of a device generates a cryptographic commitment by receiving a vector {right arrow over (m)}, a public verification key of a homomorphic signature scheme, and a tag; choosing a signature ? in the signature space; generating a commitment c by running the verification algorithm of the homomorphic signature scheme; and outputting the commitment c as intermediate values resulting from the verification algorithm.

Abstract: Generation of linearly homomorphic structure-preserving signature ? on a vector (M1, . . . , Mn)?n by computing, in a processor, using a signing key sk={?i, ?i, ?i}i=1n, signature elements (z, r, u) by calculating z = ? i = 1 n ? ? M i - ? i ? , r = ? i = 1 n ? ? M i - ? i , u = ? i = 1 n ? ? M i - ? i , and outputting the signature ? comprising the signature elements (z, r, u). The signature is verified by verifying, in a processor that (M1, . . . , Mn)?(, . . . , ) and that (z, r, u) satisfy the equalities =e(gz, z)·e(gr, r)·?i=1ne(gi, Mi), =e(hz, z)·e(h, u)·?i=1ne (hi, Mi); and determining that the signature has been successfully verified in case the verifications are successful and that the signature has not been successfully verified otherwise. Also provided are a fully-fledged scheme and a context-hiding scheme.

Abstract: Individual chunks of a message are signed with their originators' signatures, thereby providing traceability in threaded messages so that every contributor's content as well as modifications thereof can be identified.

Abstract: If the user of a first portable terminal intends to let a second portable terminal try out a certain content, the user sends to a distribution server trial permission information including the user's own user ID, a content ID of the content of interest, and a digital signature. The distribution server authenticates the received information before distributing a streaming data of a trial-oriented content with the content ID and user ID attached to it as search keys. This allows the content that can be used on a given user terminal to be tried out on another user terminal without the latter user having recourse to the steps of searching for the content in question.

Abstract: A way of detecting a watermark present in a structured result, such as a search result or a machine translation. The structured result is received and a hash is computed based upon at least part of the result. The resulting bit sequence is tested against a null hypothesis that the bit sequence was generated by a random variable with a binomial distribution with a parameter p=0.5. The result of this test is compared to a significance level, which indicates whether the structured result is watermarked.

Abstract: A program (MC), which can be executed by a programmable circuit, is protected in the following manner. An instruction block (IB) is provided on the basis of at least a portion (MC-P) of the program. A protective code (DS) is generated that has a predefined relationship with the instruction block (IB). The instruction block (IB) is analyzed (ANL) so as to identify free ranges (FI) within the instruction block that are neutral with respect to an execution of the instruction block. The free ranges comprise at least one of the following types: bit ranges and value ranges. The free ranges that have been identified are used for embedding (SEB) the protective code (DS) within the instruction block (IB).

Abstract: Systems and methods for facilitating confirmation of completion of a transaction(s) for state synchronization over a non reliable network using signature processing are described. One of the methods includes receiving a read request from a first client, sending a last known signature with a context object to the first client in response to receiving the read request, and receiving an appended signature from the first client with a context object for a transaction at the first client. The appended signature includes the last known signature and an increment by the first client. The operation of receiving the appended signature occurs upon execution of the transaction at the first client. The method further includes updating the last known signature to the appended signature and sending the updated last known signature to the first client to facilitate marking of the transaction as complete resulting in a definitive state synchronization.

Abstract: A computing device comprising a security slot integral with an external surface of the computing device, wherein the security slot is configured to receive and mechanically cooperate with a blocking mechanism. In certain aspects, the computing device further comprises a switch mounted behind the security slot and integral to the computing device and configured to permit access to a developer mode when the switch is in a first position and to restrict access to the developer mode when the switch is in a second position.

Abstract: A method includes storing creating a smart card with an expiration date and renewing the smart card after the expiration date. The smart card may be created with data stored upon the smart card for use in the renewal process. The data may comprise a certificate. The smart card may be issued at the information technology department of an organization and may be renewed at a user workstation of the organization. The renewal process may include a renewal environment for authenticating the holder of the smart card. The card holder may be required to provide a personal identification number in order to enter into the renewal environment. The rights conferred by the renewed smart card may be more limited than the rights conferred by the original smart card, both in duration and access to data within the organization.

Abstract: In an example embodiment, there is disclosed herein an apparatus comprising a wireless transceiver and a controller coupled to the wireless transceiver and configured to receive data via the wireless transceiver. The controller operates the wireless transceiver at a first power save state where the wireless transceiver can receive a frame but other circuits are de-energized. The controller is responsive to the wireless transceiver receiving a frame while the wireless transceiver is in a first power state to determine whether the frame is a predefined wakeup frame. The controller provides additional power to the wireless transceiver responsive to determining the frame is a predefined wakeup frame.

Abstract: Methods and devices are provided to thwart analysis of a watermarking system by preventing analysis of watermarks in a host content. Upon receiving a content at a watermark embedding device, the content is analyzed to ascertain whether one or more test features are present in at least a first portion of the received content. When the analysis reveals that one or more test features are present, embedding of watermarks in at least the first portion of the received content is disabled. The test features of interest include a temporal, a spatial and/or a frequency characteristic such that, if a region of the content that includes test feature is embedded with a watermark, at least one characteristic of the embedded watermark is detectable upon analysis of that region. The test feature can, for example, approximate an impulse signal, a step function signal or a pure sinusoidal signal.

Abstract: In one embodiment, a request to deliver a piece of digital content to a recipient is received. In response to the request, a datum is embedded in an equivalent piece of digital content that identifies the recipient. The equivalent piece of digital content is then delivered to the recipient.

Abstract: A computer-implemented method for verifying a boot process of a computing system includes reading, by the computing system during the boot process, a header section of a read-write portion of firmware of the computing system. The method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header, and decrypting, using a first public-key, an encrypted signature corresponding to the header. The method further includes comparing the message digest corresponding with the header and the decrypted signature corresponding to the header. In the event the message digest corresponding to the header and the decrypted signature corresponding to the header match, the boot process is continued. In the event the message digest corresponding to the header and the decrypted signature corresponding to the header do not match, the boot process is halted.

Abstract: A system uses information submitted in connection with a request to determine if and how to process the request. The information may be electronically signed by a requestor using a key such that the system processing the request can verify that the requestor has the key and that the information is authentic. The information may include information that identifies a holder of a key needed for processing the request, where the holder of the key can be the system or another, possibly third party, system. Requests to decrypt data may be processed to ensure that a certain amount of time passes before access to the decrypted data is provided, thereby providing an opportunity to cancel such requests and/or otherwise mitigate potential security breaches.

Abstract: A security module (“SM”) implements user cryptographic data by means of a user terminal. The cryptographic data is encrypted by a first encryption key established from a secret key from the terminal and the user's authentication element and by a second encryption key specific to the SM. An authentication is performed between the SM and the terminal, based on an asymmetric cryptographic protocol, and, in the event of a positive authentication of the SM and the terminal, an authentication of the SM and the user is performed. In the event of positive authentication between the SM and the terminal and between the SM and the user, the SM obtains the user's cryptographic data, and the terminal calculates the first encryption key and sends the first encryption key to the SM. The user's cryptographic data is decrypted by the SM using the second encryption key and then the first encryption key.