Abstract: An information obtaining system in a vehicle is provided. The information obtaining system includes a nonvolatile memory built into the vehicle, vehicle information relating to the vehicle being stored in the nonvolatile memory; a portable reader device which is not incorporated into the vehicle and can be carried by a person, the portable reader device being configured to read out the vehicle information from the nonvolatile memory, encrypt the vehicle information, and store the encrypted vehicle information, and being capable of outputting the encrypted vehicle information; and an analyzing device which is not incorporated into the vehicle, the analyzing device being separate from the portable reader device, and configured to decrypt the encrypted vehicle information output from the portable reader device into the vehicle information.

Abstract: A terminal device recording content onto a recording medium device, a permission to record the content onto the recording medium device being granted by a server device, the terminal device comprising: a generation unit generating a value calculated so as to represent subject content for which permission to record is requested; an information transmission unit requesting the permission from the server device by transmitting information indicating the value generated by the generation unit to the server device; a signature reception unit receiving subject content signature data from the server device, the subject content signature data being transmitted by the server device upon granting the permission; and a recording unit recording the subject content onto the recording medium device as one of plain-text data and encrypted data, as well as the subject content signature data received by the signature reception unit.

Abstract: A television set is capable of receiving both broadcast program from television station and corresponding digital file of the same contents from a server station through internet. The television set keeps information of time limit for the server station to surely provide the file. The television set automatically downloads the file when the time limit comes close or the time limit information is failed to be kept. The television set keeps URL for the moving image program enjoyed upon turning-off of the television set until the next turning-on for instantly enjoying the moving image content provided at the URL. User who turning-on the television set or changing the channel with any program not in mind to feel interest in the program on display by chance can enjoy the program from the beginning by means of downloading corresponding digital file of the same contents through internet by an automatic link.

Abstract: A system for cryptographic processing of content comprises an input for receiving the content. A plurality of look-up tables represents a white-box implementation of a combined cryptographic and watermarking operation. The look-up tables represent processing steps of the combined cryptographic and watermarking operation and the look-up tables being arranged for being applied according to a predetermined look-up scheme. The look-up scheme prescribes that an output of a first look-up table of the plurality of look-up tables be used to generate an input of a second look-up table of the plurality of look-up tables. The combined cryptographic and watermarking operation comprises a cryptographic operation and a watermarking operation. A control module looks up values in the plurality of look-up tables in dependence on the received content and in accordance to the look-up scheme, thereby applying the combined cryptographic and watermarking operation to the content.

Abstract: A method of managing a digital certificate by a computer system can include the steps of receiving, the at the computer system, a business request for a digital certificate from a requester and transmitting, by the computer system, the request to a first approver. The method can further include, upon approval by the first approver, transmitting, by the computer system, the request to a second approver, upon approval by the second approver, transmitting, by the computer system, the request to a certificate manager, transmitting, by the computer system, the request to an implementer and receiving, by the computer system, from the implementer, technical information related to the request and transmitting, by the computer system, a certificate to a certificate supplier.

Abstract: Methods and apparatus for processing title data watermarked with a code. At least a portion of the title data may be watermarked at a plurality of locations within the title data with customer information data, so that the title data provided to a customer includes the watermark information. To obtain the code from the watermarked title data, watermarking information associated with the watermarked title data is first received. The watermarking information identifies a plurality of locations and a number to frequency modulation relationship at each of the locations. A different modulation scheme may be used at each location. The watermarked title data is demodulated at each of the plurality of placement locations based on the number to frequency modulation relationship. The code is then generated from the demodulated watermarked title data. A verification indication is output based in part on the generated code.

Abstract: A watermark generator for providing a watermark signal in dependence on binary message data, the watermark generator has an information spreader configured to spread an information unit to a plurality of time-frequency-domain values, to obtain a spread information representation. The watermark generator also has a synchronization inserter configured to multiplicatively combine the spread information representation with a synchronization sequence to obtain a combined information-synchronization representation. The watermark generator also has a watermark signal provider configured to provide the watermark signal on the basis of the combined information-synchronization representation. A watermark decoder, methods and computer programs are also described.

Abstract: Systems and methods for detection and dispute management of claims made against proprietary content in a live data stream are provided in this disclosure. The system includes a reference stream generation component that updates a set of reference data streams based on an identification of data that is associated with non-live content (e.g., advertisements, flashbacks, etc.). Moreover, user generated content is compared with the set of reference data streams to facilitate identify the claims and a partner-defined policy is applied to the user generated content to facilitate dispute management and/or resolution.

Abstract: A method and apparatus for secure generation of a short-term key SK for viewing information content in a Multicast-broadcast-multimedia system are described. A short-term key is generated by a memory module residing in user equipment (UE) only when the source of the information used to generate the short-term key can be validated. A short-term key can be generated by a Broadcast Access Key (BAK) or a derivative of BAK and a changing value with a Message Authentication Code (MAC) appended to the changing value. A short-term key (SK) can also be generated by using a private key and a short-term key (SK) manager with a corresponding public key distributed to the memory module residing in the user equipment (UE), using a digital signature.

Abstract: A first memory section stores secret keys that are identical to secret keys stored in a cartridge. A second memory section stores history information relating to a history of usage. A secret-key selecting section performs a secret-key selecting operation of selecting, based on the history information, a specific secret key from among the secret keys. A first-authentication-information generating section encrypts a random number based on the specific secret key, thereby generating first authentication information, which is stored in a third memory section. A transmitting section transmits first identification information for identifying the specific secret key and the random number to the cartridge. A receiving section receives second authentication information generated at the cartridge by encrypting the random number based on a secret key identified by the first identification information.

Abstract: A data processing device for playing back a digital work reduces the processing load involved in verification by using only a predetermined number of encrypted units selected randomly from multiple encrypted units constituting encrypted contents recorded on a DVD. In addition, the data processing device improves the accuracy of detecting unauthorized contents by randomly selecting a predetermined number of encrypted units every time the verification is performed.

Abstract: Methods and apparatus for identifying media are described. An example method includes determining application identification information for a media presentation application executing on a media device, determining a first watermark for the application identification information from a lookup table, requesting media identification information for media from the media presentation application, determining a second watermark for the media identification information from the lookup table, inserting the first watermark in the media prior to output of the media by the media device, and inserting the second watermark in the media prior to the output of the media by the media device.

Abstract: By automatically obtaining the entirety of a received message to be included, an outgoing message that includes the received message can be processed in a manner that securely and accurately represents the intended outgoing message. Alternatively, a server can assemble a composite message from a new message and an original message and, in cooperation with a wireless messaging device, sign the composite message. In both the above contexts, handling message receipts when message processing ahead of message transmission involved more than one component may be facilitated by storing appropriate expected receipt content during the message processing, either on the device or the server. Validation of the receipt can then be accomplished through use of the stored expected receipt content in a manner that retains the benefits of message processing ahead of message transmission that involves more than one component.

Abstract: A method for improving network application security and the system thereof are disclosed in the invention, relating to the field of information security.

Abstract: According to an embodiment, an information processing device offering various APIs stores, for every application program, a WSDL file which indicates definition information of an API which is permitted to be used by an application program, and developer information which specifies a developer of an application program. The information processing device releases to an application program a WSDL file corresponding to the application program, receives, through a web service, a request that is a request for use of a first API, determines whether or not the definition information of the first API is indicated in a first WSDL file corresponding to the first application program, and determines whether or not the first WSDL file is leaked, using developer information.

Abstract: Operations or functions on a device may require an operational certificate to ensure that the user of the device or the device itself is permitted to carry out the operations or functions. A system and a method are provided for providing an operational certificate to a device, whereby the operational certificate is associated with one or more operations of the device. A manufacturing certificate authority, during the manufacture of the device, obtains identity information associated with the device and provides a manufacturing certificate to the device. An operational certificate authority obtains and authenticates at least a portion of the identity information associated with the device from the manufacturing certificate and, if at least the portion of the identity information is authenticated, the operational certificate is provided to the device.

Abstract: A computer-readable recording medium stores therein a document verifying program. The document verifying program causes a computer to execute receiving input of an electronic document; dividing the electronic document received into arbitrary components; calculating a hash value for each of the components; correlating, for each component, the hash value calculated for the component and a random number allocated to the component according to an appearance position of the component in the electronic document; creating for each component and based on the hash value and the random number correlated for the component at the correlating, a first digital signature and a second digital signature that are different from each other; and appending to each component, the first digital signature and the second digital signature created for the component at the creating.

Abstract: A system and method for processing certificates located in a certificate search. Certificates located in a certificate search are processed at a data server (e.g. a mobile data server) coupled to a computing device (e.g. a mobile device) to determine status data that can be used to indicate the status of those certificates to a user of the computing device, without having to download those certificates to the computing device in their entirety. The data server is further adapted to transmit the status data to the computing device. In one embodiment, at least one status property of the certificates is verified at the data server in determining the status data. In another embodiment, additional certificate data is determined and transmitted to the computing device, which can be used by the computing device to verify, at the computing device, at least one other status property of the certificates.

Abstract: A program for identifying and automatically acting on statistical arbitrage opportunities between related equities and contracts. The present invention describes an improved technique to perform statistical-pairs arbitraging in a dynamic marketplace with less risk than prior art approaches. The present invention employs an array of recent data and performance ratios involving bid and ask prices for correlated items, such as stocks.

Abstract: Methods for marking a consumer good at a distribution point are described that enable field authentication of the consumer good at an authentication point without connection to a remote database. Methods for authenticating a marked consumer good are described by scanning encrypted indicia without connecting to a remote database are described. Authentication methods for marked consumer goods, apparatus for carrying out the authentication methods, and systems based on the authentication methods are described.

Abstract: A method begins by a module to generate a secure signature on an item by selecting a first key representation index of a set of key representation indexes, wherein a first mathematical encoding of a private key generates a first plurality of key shares as a first key representation. The method continues with the module determining whether a first plurality of signature contributions have been received in response to a signature request for the item based on the first key representation index, wherein one of a first set of dispersed storage (DS) units executes a first mathematical signature function using one of the first plurality of key shares on the item to produce a signature contribution of the first plurality of signature contributions and when the first plurality of signature contributions have been received, generating the secure signature on the item from the first plurality of signature contributions.

Abstract: A method for securing the exchange of data between a client module and a server module includes steps where: the token module initializes a token and the client module sends the data, which includes a unique identifier and the initialized token to a first security module of the server module; the first security module and the second security module exchange security data bilaterally with one another; the server module transforms the received token; the client module receives the server data, verifies the token and transforms the latter; the client module sends the data, which includes the transformed token to the second security module of the server module, which receives the data, and verifies the identifier and the transformed token; and the second security module communicates with the destination module.

Abstract: Systems and methods are provided for controlling access via a computer network to a subscriber server. A log-in server receives a query to connect through the computer network to the subscriber server, and the log-in server receives registrant identification data. A first session is established between the log-in server and the subscriber server to validate the registrant identification data, and to generate a session password. A second session is established between the log-in server and the subscriber server. The second session is configured to authorize, based in part on the registrant identification data, access to at least a portion of a website associated with the subscriber server.

Abstract: Software self-checking mechanisms are described for improving software tamper resistance and/or reliability. Redundant tests are performed to detect modifications to a program while it is running. Modifications are recorded or reported. Embodiments of the software self-checking mechanisms can be implemented such that they are relatively stealthy and robust, and so that it they are compatible with copy-specific static watermarking and other tamper-resistance techniques.

Abstract: An efficient implementation of SHA-512, and similarly SHA-384, on an ARM processor. The implementation maximizes reuse of the register values between iterations so as to minimize the need to load these values from memory. This is achieved by categorizing the iterations into even and odd ones such that the sequence of computation in the even iteration is reversed in the odd iteration and the register values at the end of one iteration are consumed at the beginning of the following one.

Abstract: Techniques for controlling the use of data stored on a media or integrated circuit sample are provided. A sample identifier is created at the point of sample use. The type of sample could range from storage media, such as a Digital Video Disc, or DVD, on which, for example, data representing a motion picture is recorded, to an integrated circuit in which computer code is stored. The sample identifier is stored at a location that is different from where the data is to be employed, and compared with other sample identifiers. The use of the data is controlled based on the results of the comparison.

Abstract: An information processing apparatus determines whether a device accesses a box region of the information processing apparatus. When it is determined that the box region is accessed, a box ID entry screen is displayed on the device. The information processing apparatus determines whether a box ID is entered by a user of the device. If it is determined that a box ID is entered, then device information about the device is obtained. After the device information is obtained, the information processing apparatus determines whether the device possesses a hardware keyboard. If it is determined that the device possesses a hardware keyboard, a password authentication screen is displayed on the device. If it is determined that the device does not possess a hardware keyboard, an image authentication screen is displayed on the device.

Abstract: Methods and apparatus, including computer program products, implementing and using techniques for establishing trust in an electronic document. An electronic document is received. State dependent content in the electronic document is identified. The state dependent content is content that is renderable to have a several appearances. The electronic document is presented to a user, which includes disclosing the presence of any identified state dependent content in the electronic document.

Abstract: Disclosed in the present invention are a method and apparatus for serial device registration.

Abstract: Methods and apparatuses are presented for securely providing digital streaming data to subscriber devices using encrypted wavelet meshes. A recorded image may be subdivided into three sources of data: light sources, camera angles, and the objects themselves. Each of these sources of data may be considered unique from each other, and the totality of the three sources of data may comprise a complete image. Without one of the sources of data, the image may not be complete. Each of the three sources of data may therefore be characterized as key spaces, wherein encrypting part of or the entirety of even one of these key spaces prevents the complete image from being viewed. Methods and apparatuses are provided for utilizing the concept of encrypting at least a portion of at least one of the three key spaces in order to securely and/or privately transmit image data to subscribers.

Abstract: A device such as a set-top-box, digital TV, DVD player, multi-media player, cellular telephone or digital cinema player that may handle data such as multimedia data and/or audio/video signals, may determine its location. The device may determine its location based on GPS information and may send its location it to an external entity, for example, a service provider. The device may generate a watermark comprising its determined location and may embed or insert the watermark within the data. AlsoIn addition, the generated watermark may comprise one or more of a unique identifier for the device, a source of the data, for example, a service provider, a date and a time. The watermark may be secured via processing, for example, the watermark may be encrypted prior to being embedded. The data may be compressed when embedding the watermark. The watermark embedding process may be handled via a secure embedded processor and/or secure code.

Abstract: Making a determination of originality of content is disclosed. At least one originality factor related to the content is analyzed, wherein the originality factor is independent of a time when the content is detected. Based on the analysis of the at least one originality factor, automatically the determination is automatically made. The determination is outputted.

Abstract: The embodiments relate to a method for the encrypted data exchange between subscribers of a communication system using cryptography based on elliptical curves, wherein upon a query by a first subscriber a scalar multiplication is calculated by the second subscriber, wherein merely part of the result of the scalar multiplication is returned to the first subscriber as a response. The invention relates to a communication system.

Abstract: Methods and apparatus to maintain audience privacy while determining viewing of video-on-demand (VOD) programs are disclosed.

Abstract: Various methods and systems are provided for inserting a user-selected pattern below a main application display when sensitive information is being requested or to be communicated. The border of the main application layer may also be modified at this time, either with or without the underlying pattern. This visual change provides the user an assurance that the application or site is authentic and not a phishing attack. The user-selected patterns are stored in secure areas, such as a secure element on the user device or in a cloud accessible by the application or site.

Abstract: Digitally signing data for multiple encodings is disclosed. A first signature of the data is generated. A second signature of a second encoding of the data is generated. The first signature and the second signature are associated with the signed data.

Abstract: Technologies for labeling diverse content are described. In some embodiments, a content creation device generates a data structure that may include encrypted diverse content and metadata including at least one rights management (RM) label applying to the diverse content. The RM label may attribute all or a portion of the diverse content to one or more authors. The metadata may also be signed using an independently verifiable electronic signature. A consumption device receiving such a data structure may verify the authenticity of the electronic signature and, if verification succeeds, decrypt the encrypted diverse content in the data structure. Because the metadata is encapsulated with the diverse content in the data structure, it may accompany the diverse content upon its transfer or incorporation into other diverse content.

Abstract: A method, system and non-transitory computer-readable medium product are provided for functionality watermarking and management. In the context of a method, a method is provided that includes identifying a request to perform at least one function of a user device and identifying at least one watermark template. The method further includes applying the at least one watermark template to at least one function of the user device and authorizing the request to perform the at least one function of the user device.

Abstract: The invention relates to a method for planning an automation system project, a method for authenticating a user during access to an automation device in an automation system, an automation system and a computer program for planning an automation system project. To improve the security concept in automation systems, the provision of a single sign-on authentication method for an automation system is proposed. A user is thus able to simultaneously register at all automation devices within an automation project using a single authentication. A fundamental part of the invention is thus to centrally project plan the single sign-on method. In other words, the basic provision of the basis for the subsequent authentication already takes place during the project planning of the automation project based on a project database. This procedure allows the realization of a single sign-on method for the complete projected automation system and thus simultaneously for all automation devices contained in the automation system.

Abstract: A system and method for changing safety-relevant data for a control device is provided wherein an authorized user inputs new or altered safety-relevant data, which is received on a data processing installation. A first checksum for the safety-relevant data is established and stored along with the safety-relevant data in at least one data record on the data processing installation. An enable code may also be stored in the at least one data record. This enable code may be produced by a code generator and encrypted by a key module. The data processing installation then reads back the safety-relevant data from a memory in the data processing installation, thereby allowing a comparison of the received safety-relevant data and the read back safety-relevant data. A second checksum is generated in a case where the comparison resulted in no differences. The second checksum may also be stored in the at least one data record.

Abstract: Certification of a key, which a Trusted Platform Module (TPM) has attested as being non-migratable, can be performed in a single round trip between the certificate authority (CA) and the client that requests the certificate. The client creates a certificate request, and then has the TPM create an attestation identity key (AIK) that is bound to the certificate request. The client then asks the TPM to sign the new key as an attestation of non-migratability. The client then sends the certificate request, along with the attestation of non-migratability to the CA. The CA examines the certificate request and attestation of non-migratability. However, since the CA does not know whether the attestation has been made by a trusted TPM, it certifies the key but includes, in the certificate, an encrypted signature that can only be decrypted using the endorsement key of the trusted TPM.

Abstract: A method of displaying health information of a user, the method including: monitoring if a sharing request for a health information of a user is made by an external device, which provides a web page representing the health information of the user in the form of an image; downloading a captured image of the web page from the external device if the sharing request for the health information of the user is made; and displaying the downloaded captured image.

Abstract: When a user prints a photograph from an online source, such as Facebook, a hidden digital watermark is automatically embedded in the printed output (e.g., by the printer, or by a cloud-based printer driver, by the user's smartphone, etc.). When someone later images the printed photo with a smartphone, the phone uses the watermarked information to link back to Facebook, and present the viewer with all of the commentary and context associated with that environment. By such arrangement, the richness of the photograph's network metadata is preserved—even after printing. Moreover, the online information presented via the smartphone is real-time information, including the latest crowd-sourced annotations. Thus, the printed photo may yield a different experience today than yesterday. In some embodiments, the watermark links different viewers (e.g., peers v. parents) to different online experiences—all from the same photograph. A great variety of other features and arrangements are also detailed.

Abstract: The method of performing XZ-elliptic curve cryptography for use with network security protocols provides a computerized method that allows for the encryption of messages through elliptic polynomial cryptography and, particularly, with the embedding of either a symmetric secret key or a public key in the message bit string. The method of performing XZ-elliptic polynomial cryptography is based on the elliptic polynomial discrete logarithm problem. It is well known that an elliptic polynomial discrete logarithm problem is a computationally “difficult” or “hard” problem.

Abstract: When transmitting position/time information calculated by means of a GPS function to a server apparatus, authentication is carried out with the server apparatus. The position/time information may be certified as legitimate measured by a portable apparatus with a GPS reception function employed by a user. When transmitting information related to the position and the time acquired from a portable phone terminal having the GPS function and a network function by means of the GPS function to the server apparatus, authentication is carried out between the portable phone terminal and the server apparatus. The position/time information is transmitted to the server apparatus, only if the server apparatus is authenticated as a legitimate counterpart for connection.

Abstract: The present invention provides a system and method for providing certified voice and/or multimedia mail messages in a broadband signed communication system which uses packetized digital information. Cryptography is used to authenticate a message that has been compiled from streaming voice or multimedia packets. A certificate of the originator's identity and electronic signature authenticates the message. A broadband communication system user may be provisioned for certified voice and/or multimedia mail by registering with a certified mail service provider and thereby receiving certification. The called system user's CPE electronically signs the bits in received communication packets and returns the message with an electronic signature of the called system user to the calling party, along with the system user's certificate obtained from the service provider/certifying authority during registration. The electronic signature is a cryptographic key of the called party.

Abstract: The present invention introduces methods and apparatus of encrypting/decrypting three-dimensional (3D) video content. The inventive methods and apparatus can achieve a flexible payment/authorization mechanism for the 3D video content. A user can choose to view only 2D images corresponding to the video content, or pay an authorization fee that allows the user to view the entire 3D video content.

Abstract: A device authentication server authenticates a remotely located device using data representing pixel irregularities of a display of the device. Since each display will deteriorate in a unique and randomized way, a unique mapping of pixel irregularities of a display of a device will be unique. By combining unique map of pixel irregularities of a display of the remotely located device, the device can be distinguished from similar devices when other attributes alone are insufficient to uniquely identify the device.

Abstract: A security system includes an interface, a main computer, and an application server. The interface enables a user to access a remote document related to a product. The main computer stores documents related to the product and generates a pair of localized encryption keys. The encryption keys include a first key that encrypts data and second key that decrypts the data. An application server that is remote from the interface transmits and receives the document from the interface. The main computer authenticates the integrity of the document in a local operation by signing the document with the first key before it is transmitted to the interface and by signing the document with the second key after it is received from the interface.

Abstract: Recording data has content data and navigation control data to enable a legitimate player to navigate the content data. The recording data has a content data set and a spurious data set that is difficult to distinguish from the content data set but will ignored by a legitimate player. The content data is associated with the content data set and the spurious data set. The spurious data set may be associated with control data that inhibit playing or correct playing of the content data. A ghost structure such as a ghost video title set my be provided by causing information in at least one of the video title set information, video manager information and the volume information file structure to reference a non-existent video title set or not reference an existing video title set. The recording medium may be an optical disc such as a DVD or its precursors.