Abstract: Recording data has content data and navigation control data to enable a legitimate player to navigate the content data. The recording data has a content data set and a spurious data set that is difficult to distinguish from the content data set but will ignored by a legitimate player. The content data is associated with the content data set and the spurious data set. The spurious data set may be associated with control data that inhibit playing or correct playing of the content data. A ghost structure such as a ghost video title set my be provided by causing information in at least one of the video title set information, video manager information and the volume information file structure to reference a non-existent video title set or not reference an existing video title set. The recording medium may be an optical disc such as a DVD or its precursors.

Abstract: Various embodiments are generally directed to hardening the performance of calculations of a digital signature system for authenticating computing devices against side-channel attacks. An apparatus comprises a processor circuit and an interface operative to communicatively couple the processor circuit to a network; a storage communicatively coupled to the processor circuit and arranged to store instructions operative on the processor circuit to digitally sign a message to create a first signature using a modular arithmetic operation arranged to compensate for a value of a variable greater than a modulus without use of a branching instruction; and transmit the first signature to a verifying server via the network. Other embodiments are described and claimed herein.

Abstract: In one embodiment, a mobile device performs an over-the-air firmware update by writing the updated firmware to a inactive system image partition, and rebooting the device. The security of the OTA update is maintained through checking a plurality of security signatures in an OTA manifest, and the integrity of the data is maintained by checking a hash value of the downloaded system image.

Abstract: Methods and systems for identifying audio and video entertainment content are provided. Certain shortcomings of fingerprint-based content identification can be redressed through use of human-reviewers in a first party's social networking site environment. Access to a copy of a possible fingerprint-based match of user uploaded content is provided to a second party via a queue of an online interface provided by the first party. In response to providing access to the copy of the user uploaded content, manual human assessment data is obtained from the second party through the online interface. The manual human assessment data indicating a result of a comparison of the copy of the user uploaded content and data associated with reference content by one or more human reviewer(s). The manual human assessment data is used in concluding that the reference content corresponds with the user uploaded content.

Abstract: One embodiment of the present invention provides a system that uses digital certificates to facilitate enforcing licensing terms for applications that manipulate documents. During operation, the system obtains a credential, wherein the credential includes a private key and a digital certificate containing a corresponding public key. This digital certificate also contains a profile specifying allowed operations which can be performed on documents signed with the credential. Next, the system digitally signs a document using the credential, so that the resulting signed document is signed with the private key and includes a copy of the digital certificate with the profile specifying the allowed operations. The certificate issuer can subsequently revoke the digital certificate (which effectively revokes the license) if teens of a license agreement associated with the digital certificate are violated.

Abstract: A method of the management for confidential information contained in portable memory media provides recognition by a biometric identification element of the individual who is the proprietor of the information in the proprietor medium; recognition by a biometric identification element of an interlocutor individual, set for inserting and managing the confidential information, who in turn possesses an interlocutor memory medium with identification functions; automatic interfacing and matching between the proprietor medium and the interlocutor medium in terms of user identifications in order to authenticate the access to the stored information on the basis of the preconfigured access permissions; and attachment of a digital signature based on an asymmetric key for the updated/modified information stored on the proprietor medium and on the interlocutor medium.

Abstract: A method and system provide dynamic communities of interest on an end user workstation utilizing commercial off the shelf products, with central management and the ability for a users to log on only once (also known as “single sign on” or “SSO”). The software images that make up the virtual machine can be patched and updated with other required changes from a central storage area where the image can be administratively updated just once. A digital signature can be applied to the software images to ensure authenticity and integrity, along with determining whether a software image is up to date.

Abstract: A system identifies a playlist comprising at least one reference to content. The system provides a digital signature to the playlist. The digital signature links the playlist to a creator of the playlist. The system authenticates an application rendering the content using the digital signature. The system receives a command to render the playlist using the application.

Abstract: System and method for creation and use of an agreement object having content packages and a transportable agreement, including both the content of the agreement and data used to validate the signatories and an audit trail for the agreement.

Abstract: In watermarked signal decoding, the embedded message is decoded by correlating the reference patterns with the watermarked signal. The watermark detector decides, depending on the size of the correlation result values, whether or not a given reference pattern was embedded. However, decoding watermarked audio or video signals is difficult if the link between the watermark encoder and the watermark decoder is not a digital one, for example an acoustic path. A re-sampler control unit controls the sampling frequency of a re-sampler, in connection with a watermark decoder that outputs, in addition to the watermark information bits, a corresponding confidence value that is derived from the correlation result and that is used for synchronizing the re-sampler sampling frequency with the original sampling frequency of the watermarked signal. The synchronization processing includes a search mode and a synchronized mode.

Abstract: A system, method, and computer program product that may use a cache in the decompression of block compressed image data. Each data entry in the cache may represent decompressed image data corresponding to a compressed block of an image. The indices of the cache are keys, where each key is the output of a hash process that is performed on the corresponding compressed block. Decompression of a compressed block may be performed by hashing the compressed block to generate the key. The key may be used to access the cache. The decompressed data indexed by the key may be read and used as the decompressed version of the compressed block. If no data corresponds to the key, or if the cached data indexed by this key is otherwise invalid, then a conventional decompression process may be applied to the compressed block to yield the decompressed data. This decompressed data may then be written to the cache, at a location corresponding to the key.

Abstract: A method is described by which the possessor of a secret certified in a particular manner can prove to a party with which the possessor of a secret needs to interact that it does indeed possess a secret formed in the proper manner. In the context of trusted computing apparatus, this can be used to show that the secret has been provided by a legitimate manufacturer of such apparatus. A method and an architecture for revocation operable in this context is also described.

Abstract: An electronic registry stores information relating to a transferable electronic record and the controller of an authoritative copy of the transferable electronic record. The electronic registry includes information for authenticating a true copy of the authoritative copy of the transferable electronic record. The electronic registry also facilitates registration of the transferable electronic record and transfer of legal rights associated therewith.

Abstract: The method for restricting access to sensitive contents of digital images using the digital watermarking technique for encoding and decoding sensitive contents of images is characterized in that the sensitive contents of an image are obscured, and the information necessary for the high quality reconstruction is encoded in the insensitive area of the transmitted image by modification of the DCT spectrum coefficients. The information concerning the obscured contents is retained by means of transform coefficients and processed independently. Noise with statistics identical to that of the digital watermark is inserted into the image after decoding. The system contains encoding unit including acquisition module connected with sensitive contents encoding module through sensitive patterns automatic detection module with attached memory buffer. Also, acquisition module is connected directly with sensitive contents encoding module and with compression module.

Abstract: A method for protecting a message or document. The method comprises encrypting the message using a first key associated with a first party; sending the encrypted message to a second party; encrypting the message using a second key associated with the second party, so that it is encrypted with two keys simultaneously; sending the encrypted message to the first party; decrypting the message using the first key; sending the message to the second party, the message being encrypted with the second key, and using the second key to decrypt the encrypted message, thereby exposing the original message.

Abstract: User interface for creating and using media keys. A user interface is provided for outputting media data corresponding to one or more media keys. The same user interface may be used to output media data of different types. The user interface provides user selectable options for performing various actions such as scanning one or more media keys, accessing and loading media data corresponding to media keys, performing actions on the media data accessed for the media keys, generating media keys, creating collections and media keys for collections, performing actions on collections, and other actions.

Abstract: A system and method are provided for enabling a symmetric key to be derived, the method comprising: obtaining a plurality of key parts, wherein the plurality of key parts when combined equal the symmetric key; encrypting a first of the key parts using a first cryptographic algorithm to generate a first encrypted value; encrypting one or more remaining key parts of the plurality of key parts using respective cryptographic algorithms to generate one or more additional encrypted values, wherein each key part encrypted is encrypted using a different cryptographic algorithm; and providing the first encrypted value and the one or more additional encrypted values to an other entity to enable the other entity to derive the symmetric key.

Abstract: Computerized methods, systems, and computer-readable media for promoting cooperation between a first and second virtual network overlay (“overlay”) are provided. The first overlay is governed by a first authority domain and includes members assigned virtual IP addresses from a first address range. The second overlay is governed by a second authority domain, which is associated with a second federation mechanism, for negotiating on behalf of the second overlay. The second federation mechanism is capable of negotiating with, or soliciting delegation of authority from, a first federation mechanism that is associated with the first authority domain. When negotiations are successful or authority is delegated, the second federation mechanism establishes a communication link between the second overlay and the first overlay or joins a member of the second overlay to the first overlay. Joining involves allocating a guest IP address from the first address range to the member.

Abstract: The invention concerns a method of detecting a fault attack including providing a plurality of blinding values; generating a first set of data elements including a first group of data elements and at least one additional data element generated by performing the exclusive OR between at least one data element in the first group and at least one of the blinding values; generating a second set of data elements corresponding to the exclusive OR between each data element of the first set and a selected one of the plurality of blinding values; generating a first signature by performing a commutative operation between each of the data elements of the first set; generating a second signature by performing the commutative operation between each of the data elements of the second set; and comparing the first and second signatures to detect a fault attack.

Abstract: Methods and systems are disclosed for verifying the use of a client device by a host device in a secure system. In one aspect, a method for authenticating a client device includes receiving, by the client device, a message from a host device, accessing, by the client device, a private key and a unique code stored on the client device, where the unique code is different than the private key, generating, by the client device, a digital signature for the message using the private key and the unique code, and providing, by the client device, the digital signature to the host device for verification of the use of the client device by the host device.

Abstract: A method and apparatus is provided that allows code signed by a master key to grant trust to an arbitrary second key, and also allows code, referred to as an antidote and also signed by the master key to revoke permanently the trust given to the second key.

Abstract: A computer-implemented method is provided, including storing, in an authentication server system, a URL identifying at least one web page, and providing a secure zone browser-side script to be placed on the web page. Upon opening of the web page in a browser, the secure zone browser-side script triggers execution of a server-side script at the authentication server system. The server-side script creates, on the web page, an inline frame, which is controlled by the authentication server system during a session that is associated with the inline frame. The authentication server system retrieves a referrer address from the session, and compares the referrer address with the stored URL. Upon finding a match between the referrer address and the stored URL, the authentication server system delivers web content to or via the inline frame. Other embodiments are also described.

Abstract: This invention provides an instantaneous method for a user or traveler to obtain a meaning of a symbol that is unfamiliar to said user. The symbol is captured in a format that is easily transmitted to a remote database server. Together with the symbol, the GPS coordinates of the location of the symbol must be sent to the server. The server performs an image matching search, and then uses the location information (GPS) to resolve multiple matches and to determine the meaning of the symbol and instantaneously transmits in the language of their choice the meaning to the user requesting the search.

Abstract: A method begins by a processing module determining whether a data access request is requesting access to data stored in a plurality of dispersed storage networks (DSNs). The method continues with the processing module determining whether one of the plurality of DSNs is a home DSN to a requesting entity when the data access request is requesting access to data stored in the plurality of DSNs. The method continues with the processing module utilizing a local signed certificate to access one or more dispersed storage (DS) units of the home DSN, validating a global signed certificate with one or more DS units of a non-home DSN of the plurality of DSNs to produce a valid global signed certificate, and utilizing the valid signed certificate to access the one or more DS units of the non-home DSN when the plurality of DSNs includes the home DSN.

Abstract: Multiple peer domain name system (DNS) servers are included in a multi-master DNS environment. One of the multiple peer DNS servers is a key master peer DNS server that generates one or more keys for a DNS zone serviced by the multiple peer DNS servers. The key master peer DNS server can also generate a signing key descriptor that identifies the set of one or more keys for the DNS zone, and communicate the signing key descriptor to the other ones of the multiple peer DNS servers.

Abstract: Methods, devices, and computer program products enable the embedding of forensic marks in a host content that is in compressed domain. These and other features are achieved by preprocessing of a host content to provide a plurality of host content versions with different embedded watermarks that are subsequently compressed. A host content may then be efficiently marked with forensic marks in response to a request for such content. The marking process is conducted in compressed domain, thus reducing the computational burden of decompressing and re-compressing the content, and avoiding further perceptual degradation of the host content. In addition, methods, devices and computer program products are disclosed that obstruct differential analysis of such forensically marked content.

Abstract: A system and method of authenticating data files is provided. The method includes providing a plurality of software part files and a manifest file associated with the software part files. The manifest file identifies each of the plurality of software part files. The method includes associating the manifest file with a manifest detached digital signature. The method also includes digitally signing the manifest file with the manifest detached digital signature. The manifest detached digital signature authenticates the manifest file. The method includes associating each of the plurality of software part files with one a plurality of unique detached digital signatures. The method includes digitally signing each of the plurality of software part files with one of the plurality of unique detached digital signatures. Each of the plurality of unique detached digital signatures authenticates one of the software part files.

Abstract: Long-Term Validation (LTV) of a digital signature status indicator is disclosed. In some embodiments, the Long-Term Validation of a digital signature status indicator includes automatically determining whether a digital signature of a digitally signed document is LTV enabled based at least in part on LTV information; and generating an LTV status indicator that displays whether the digital signature of the digitally signed document is LTV enabled.

Abstract: The present invention extends to methods, systems, and computer program products for updating signature algorithms used for signing an assembly with a strong name without changing the identity of the assembly. The present invention enables an assembly that has already been given an identity (via strong name signing with an identity public/private key pair) to be resigned with a different public/private key pair without changing the original identity that was based on the identity public/private key pair. This is accomplished by including a counter signature within the assembly that links the original identity of the assembly to the new signature key pair.

Abstract: In accordance with aspects of the disclosure, a system and methods are provided for managing multi-system security integration by performing state change calls to one or more backend systems by combining a multi-system protection token with a message component for transporting from a user agent to the one or more backend systems for validation by generating an authentication code for proving authenticity of a combined data structure generated by combining a secret cryptographic data key with a portion of the message component and generating a hash code of the combined data structure, generating an arbitrary random number to bind the multi-system protection token to the user agent, and generating the multi-system protection token by combining the authentication code and the arbitrary random number with the message component for transporting from the user agent to the one or more backend systems for validation.

Abstract: The present invention provides for an authenticity marker to be embedded within web page and/or email content which allows a user to validate that the content originates from the true source of the content and is not merely a copy. The method includes a user requesting content in the form of a web page and/or email from a server using a web browser or email client. The server receives the request, retrieves the content and forwards it to an authentication server. The authentication server inserts into the retrieved content a unique fractal icon and/or information only known between the owner of the content and the user.

Abstract: A mechanism for protecting software and computing devices from unintentional pre-release disclosure (“leak”) is provided that includes applying a security enhancement to an object on the graphical user interface of the computing device such that the object can be used to visually determine the origin of the leak without obstructing the user's experience or being easily detected or defeated.

Abstract: A method and system for transmission of digital content via e-mail with point of use digital rights management is disclosed. The secured access rights to the digital content may be customized for individual recipients by the sender, and may evolve over time. The access rights are enforced according to a time-dependent scheme. A key server is used to arbitrate session keys for the encrypted content, eliminating the requirement to exchange public keys prior to transmission of the digital content. During the entire process of transmitting and receiving e-mail messages and documents, the exchange of cryptographic keys remains totally transparent to the users of the system. Additionally, electronic documents may be digitally signed with authentication of the signature.

Abstract: A method for managing a secured document. The method includes storing and retrieving the secured document based on hybrid fragmentation and replication scheme to provide user viewing of the secured document by (a) generating an image representing human discernible content of the secured document, (b) modifying the image to generate a modified image that is embedded with a digital watermark, where the digital water mark is human indiscernible and represents a security policy extracted from the secured document, and (c) sending, to a secured device for displaying to the requesting user, the modified image embedded with the digital watermark.

Abstract: A method and system for providing e-mail messages to a receiving e-mail application. The e-mail messages as sent from a sending e-mail application being secure and in opaque signed format. The opaque signed e-mail messages being converted to clear signed e-mail messages by decoding extracting message content and digital signatures. The clear signed e-mails being sent to a receiving e-mail application.

Abstract: A method of managing a domain, a method of extending a domain, and a method of selecting a reference point controller are provided. The method of operating the domain includes: receiving a request for authenticating a reference point controller from a reference point controller candidate; invalidating a membership of the stored reference point controller; generating a unique reference point controller membership for verifying that the reference point controller candidate is a new reference point controller; and transmitting the generated reference point controller membership to the reference point controller candidate. Accordingly, even when an error occurs in the reference point controller, the function of the reference point controller can be rapidly replaced by using the reference point controller candidate.

Abstract: A system and method for signing data transferred over a computer network is described. In one aspect, the HTTP header of an HTTP response message is extended to include a content identifier, a content expiration time, and a digital signature. The digital signature may be generated from the content identifier, the content expiration time, and the message body of the HTTP response message.

Abstract: Methods that facilitate automatic selection of service bearers in a mobile based on user-initiated policies and service-provider-initiated policies set forth in a policy document are described herein. The mobile device initially receives a policy document from either the mobile device manufacturer or the service provider before the mobile device is provisioned on a communications network. The mobile device user and the service provider may make subsequent changes to the policy document. When a user-initiated policy change conflicts with a service-provider-initiated policy, the user-initiated policy change is disregarded in favor of the service-provider-initiated policy. The mobile device automatically selects an appropriate bearer based at least on the availability of service bearers in the current environment and the policies set forth in the policy document.

Abstract: A client-server communication protocol permits the server to authenticate the client without requiring the client to authenticate the server. After establishing the half-authenticated connection, the client transmits a request and the server performs or responds accordingly. A network management system and environment where this protocol can be used is also described and claimed.

Abstract: A method is provided in one example embodiment and includes establishing a connection between a first client and a messaging fabric of a conductor element associated with a video system; receiving a request to perform a companion service with a second client; authenticating the first client via a client directory based on an identifier associated with the first client; receiving a pair message from the first client for the second client; and verifying whether the two clients can be paired in order to perform the companion service. Companion service commands can be authorized/policy checked and resulting commands on the second client may appear as-if they had been triggered locally.

Abstract: Methods and apparatus authenticate a printed document associated with a source entity. The printed document includes a two-dimensional code (2-D code) that includes data encoded therein. The encoded data includes a resource locator to an intent. An image of the 2-D code is decoded to obtain the resource locator to an intent, and it is detected whether the resource locator to an intent includes a protocol identifier designating a secure 2-D code. If so, the protocol identifier is replaced with a protocol identifier used to access a secure server of the source entity located at a host portion of the resource locator. The secure server is accessed to obtain the intent. A certificate of the secure server is accessed and an electronic device displays an indicator of whether the certificate is valid and also displays the intent. The indicator may be used to decide whether the intent can be trusted.

Abstract: A system and method of securely delivering and verifying a mobile boarding pass which validates the mobile boarding pass. An example method includes receiving boarding pass data for a traveler, creating a digital certificate containing the boarding pass data, encrypting the digital certificate, encoding a series of different encrypted digital certificates into a series of different two-dimensional barcodes, providing the series of different two-dimensional barcodes to a mobile communication device of the traveler in advance of arrival at a security checkpoint, receiving decoded barcode data in one or more of the two-dimensional barcodes from a barcode reader at the security checkpoint, decrypting the decoded barcode data using the plurality of different tokens, and identifying a valid digital certificate containing boarding pass data in the decoded barcode data.

Abstract: There is provided an information processing device including a distribution control unit configured to cause one or two external devices to distributively perform a repetitive process in a process for signature or authentication in which the repetitive process is included, and a processing unit configured to perform the process for signature or authentication using a processing result of each of the external devices.

Abstract: A system and method for validating a software file to be installed into a controller. The method includes preparing the software file including assigning a software version code to the software file, assigning a security version code to the software file, and signing the software file with the software file version code and the security version code. The signed software file is presented to the controller for installing on the controller and the controller verifies the software file signature to determine if the software file is valid and the security version code is valid. The controller allows the software file to be installed in the controller if both the signed software file is valid and the security version code is valid.

Abstract: There is provided an information processing apparatus including a key selection section configured to select one out of a plurality of different secret keys, in a public key authentication scheme or a digital signature scheme in which each of the plurality of secret keys exists for one public key registered in a verifier, and a process execution section configured to execute, by using the secret key selected by the key selection section, an authentication process with the verifier by the public key authentication scheme or a digital signature generation process to the verifier by the digital signature scheme.

Abstract: In accordance with one embodiment, a method for managing an electronic file include creating an electronic signature of a user who is generating an electronic file by encrypting the electronic file using a private key of the user, and embedding the created electronic signature of the user and a public key certificate of the user, in the electronic file. The public key certificate of the user certifying a public key of the user corresponding to the private key of the user and including a link to a certificate list that shows whether or not the public key certificate of the user is valid.

Abstract: A method, system, and computer readable medium containing programming for handling fully authenticated transmission of video or other data (content) from a provider to a recipient device via an intermediary device. An inner envelope containing the content and/or security features is prepared and digitally signed using a private cryptographic key. The signed inner envelope is then included in a second, outer envelope which may also include some or all of the content. The outer envelope is also digitally signed, thereby forming a data package which may be sent from the provider to the intermediary device. If the signature of the outer envelope is authenticated at the intermediary device, then the inner envelope is sent to the recipient device which then uses the inner signature to verify its authenticity. Authenticated content may then be presented or otherwise used at the recipient device.

Abstract: An electronic document management program, an electronic document management method and an electronic document management apparatus acquire a plurality of pieces of part identification information respectively identifiably expressing a plurality of parts of document information and a digital signature corresponding to the document information, acquire the preparation type, the preparer's name and the time and date of preparation of the document information as tracing information of the document information, manage the part identification information, the digital signature and the tracing information in association with each other and present information relating to the tracing information to the user in response to a request from the user. Additionally, they acquire new document information and tracing information according to a directive from the user.

Abstract: A method for authenticating a transmission between a first and a second circuit transiting through at least one third circuit, wherein: data are transmitted from the first to the third circuit, and from the third to the second circuit; a first signature of the data is calculated by the first circuit; at least a second signature of the data is calculated by the third circuit; at least one first portion of the first signature is transmitted by the first circuit to the third one; and the second signature is transmitted by the third circuit to the second one, a portion of this signature being distorted in case of a failure of authentication of the first portion of the first signature by the third circuit.

Abstract: Methods and apparatuses for performing secure incremental backup and restore operations are disclosed.