Abstract: In one embodiment, a mobile device performs an over-the-air firmware update by writing the updated firmware to a inactive system image partition, and rebooting the device. The security of the OTA update is maintained through checking a plurality of security signatures in an OTA manifest, and the integrity of the data is maintained by checking a hash value of the downloaded system image.

Abstract: An electronic seal system uses fingerprint recognition to prevent use by an unauthorized person and includes a mechanism for remotely destroying a stolen or missing seal. The system includes a fingerprint module for collecting an image of a fingerprint of an authorized individual. In addition, a processor for carrying out a comparison of a scanned fingerprint and a stored image of an authorized fingerprint is provided. The system also includes a printable seal for sealing a document and includes a mechanism for activating the system when a scanned fingerprint matches a stored image of a fingerprint and for deactivating the seal when the fingerprints do not match. Further, a preferred embodiment of the invention provides a time, date and location receiver for receiving signals from a GPS and automatically numbering and printing mechanism for printing the time, date, location and document numbers and seal on each page to which a seal is provided.

Abstract: The present disclosure provides a method, device and system for protecting multimedia data of a multimedia message. By performing digital watermark encryption of the multimedia data in the multimedia message at a sender of the multimedia message and performing digital watermark decryption of the multimedia data in the multimedia message at a receiver of the multimedia message, the encryption protection over the multimedia data in the multimedia message is strengthened, thus implementing the protection over an intellectual property of a user of a terminal, and improving the level and capacity of protection over the intellectual property of the user.

Abstract: Methods and apparatus, including computer program products, implementing and using techniques for document authentication. An electronic document is presented to a user. The electronic document has data representing a signed state and a current state. A disallowed difference between the signed state and the current state is detected, based on one or more rules that are associated with the electronic document. A digital signature associated with the electronic document is invalidated in response to the detecting.

Abstract: Methods and devices for storing sent message data are described. The sent message data corresponds to a message sent to a destination by a communication device via a server. The method includes compiling a first portion of the message which has a plurality of components; applying security encoding to the first portion; and storing the first portion. The first portion includes at least one but not all of the plurality of components in the message, and pointers to the components not included in the first portion. A method of verifying sent message data on a communication device is also described.

Abstract: A method to authenticate a server to a client is provided, including in-band and out-of-band techniques. At least a first shared secret identifies a server path, including a plurality of pre-defined locations on a frame of reference (e.g. a grid). An authentication session is initiated upon receiving a client identifier at the server-side resources. A current session instance of the grid is presented to the client, populated with characters. The process includes sharing between the client and the server a challenge identifying a random subset of the plurality of predefined locations in the server path, and a response including characters that match the characters in the locations on the server path identified by the challenge. As a result, client is capable of verifying that the server has access to the first shared secret. Then a protocol is executed to authenticate the client to the server.

Abstract: A method begins by a module to generate a secure signature on an item by selecting a first key representation index of a set of key representation indexes, wherein a first mathematical encoding of a private key generates a first plurality of key shares as a first key representation. The method continues with the module determining whether a first plurality of signature contributions have been received in response to a signature request for the item based on the first key representation index, wherein one of a first set of dispersed storage (DS) units executes a first mathematical signature function using one of the first plurality of key shares on the item to produce a signature contribution of the first plurality of signature contributions and when the first plurality of signature contributions have been received, generating the secure signature on the item from the first plurality of signature contributions.

Abstract: Scalable session management is achieved by generating a cookie that includes an encrypted session key and encrypted cookie data. The cookie data is encrypted using the session key. The session key is then signed and encrypted using one or more public/private key pairs. The encrypted session key can be decrypted and verified using the same private/public key pair(s). Once verified, the decrypted session key can then be used to decrypt and verify the encrypted cookie data. A first server having the private/public key pair(s) may generate the cookie using a randomly generated session key. A second server having the same private/public key pair(s) may decrypt and verify the cookie even if the session key is not initially installed on the second server. A session key cache may be used to provide session key lookup to save public/private key operations on the servers.

Abstract: Electronic documents corresponding to executed paper documents are certified. A certifying agent receives an electronic document and a corresponding paper document that had been executed pursuant to some transaction. The certifying agent compares the information contained in the paper to that in the electronic mortgage document. If the paper adequately corresponds to the electronic document and is otherwise sufficient, then the certifying agent certifies the electronic document so that other parties can reliably engage in transactions involving the electronic document without having to possess or otherwise inspect the executed paper document. Certification involves application of some form of indicia of certification to the electronic document, such as updating the value of a field corresponding to certification in the electronic document and/or applying a digital or electronic signature corresponding to the certifying agent to the electronic document.

Abstract: An embedder for embedding a watermark to be embedded into an input information representation comprises an information adder, which is implemented to provide the input information representation with the watermark and additional information to be added to obtain an input information representation provided with the watermark and the additional information. The additional information to be added comprises descriptive information describing the embedding of the at least one watermark into the input information representation.

Abstract: Disclosed is a method of loading data into a data processing device. The method comprises receiving a payload data item by the data processing device; performing a cryptographic authentication process to ensure the authenticity of the payload data item; storing the authenticated received payload data item in the data processing device; and integrity protecting the stored payload data item. The cryptographic authentication process comprises calculating an audit hash value of at least the received data item. Integrity protecting further comprises calculating a reference message authentication code value of at least the audit hash value using a secret key stored in the data processing device as an input.

Abstract: Devices, systems, and methods for monitoring and asserting a trust level of a computing device are disclosed. In one illustrative embodiment, a computing device may include a memory having stored therein a persistent trust log, the persistent trust log comprising data relating to historic events influencing a trust level of the computing device, and a security controller configured to detect an event that influences the trust level of the computing device and to write data relating to the event to the persistent trust log.

Abstract: For watermark embedding, without full Dolby AC-3 decoding, mantissa bits in the AC-3 bit stream are changed by exploiting the fact that during AC-3 encoding more bits than required by the perceptual masking curve are used for the quantization of the MDCT coefficient mantissa values. In addition to the bap values, truly required bap values are determined and the mantissa values are changed accordingly, controlled by the watermark information. The advantages are efficient watermark embedding, other bit stream parameters and values remain unchanged except for CRC checks, and the audio quality of the watermarked signal remains perceptually unchanged.

Abstract: Secure computation environments are protected from bogus or rogue load modules, executables and other data elements through use of digital signatures, seals and certificates issued by a verifying authority. A verifying authority—which may be a trusted independent third party—tests the load modules or other executables to verify that their corresponding specifications are accurate and complete, and then digitally signs the load module or other executable based on tamper resistance work factor classification. Secure computation environments with different tamper resistance work factors use different verification digital signature authentication techniques (e.g., different signature algorithms and/or signature verification keys)—allowing one tamper resistance work factor environment to protect itself against load modules from another, different tamper resistance work factor environment.

Abstract: The present invention provides methods and systems to protect an organization's secure image information from unauthorized disclosure. In one embodiment, methods and systems to generate image fingerprints are provided. The fingerprints are generated for each feature point of an image data. Because the fingerprints take into account the neighborhood features around each feature point, the image fingerprints are robust against derivative images where the original image may have been altered. Methods and systems to maintain a fingerprint database for an organization's secure image data is also provided. In one embodiment, client fingerprints are generated for image data that a user intends to transmit outside of the organization. In some embodiments, suitable security actions are initiated if any of the client fingerprints match any of the fingerprints in the fingerprint database.

Abstract: Disclosed are systems and methods for establishing a personal identification number (PIN). The systems and methods provide techniques to begin a remote session with a customer, prompt the customer to select a PIN to associate with a financial account card during the remote session, and receive the PIN from the customer during the remote session.

Abstract: In various embodiments, a computerized method includes receiving electronic content to be archived. The electronic content comprises a digital signature. The method also includes archiving the digital signature, wherein archiving of the digital signature comprises determining a validity status of the digital signature and storing the validity status in the electronic content. The method includes archiving the electronic content after the validity status has been stored in the electronic content. The method includes storing the archived electronic content and the attestation signature into a machine-readable medium.

Abstract: A method and a system allow accessing several of a user's controlled access accounts by presenting the credentials of only one of the accounts. The method may include (a) storing the credentials for each of the user's accounts; (b) receiving from the user credentials corresponding to any of the user's accounts; (c) presenting the received credentials to access the corresponding account; and (d) upon successful access of the corresponding account, using the stored credentials to access one or more of the user's accounts without requiring the user to present the corresponding credentials. For each of the user's accounts, the credentials are stored encrypted, using a randomly generated key, common to all the encrypted credentials. In addition, the randomly generated key is encrypted using the credentials of each of the accounts. In that manner, plain-text copies of neither the random key nor the credentials of the accounts need to be stored.

Abstract: A system and method to control the writing on electronic paper (e-paper). An e-paper device may incorporate authentication indicia as part of informational data written on e-paper material. The informational data is protected by a security methodology that is accessible to authorized entities. A reader device may be used to help make a verification determination of whether encrypted or encoded data has been altered. In some instances an output alert operably coupled to the reader device serves as a verification status indicator.

Abstract: A method for transmitting verified notification messages from a service provider to a PID (personal information device) user. The method includes the step of registering a plurality of users and providing each of the users with respective public and private encryption keys. A message is then received from a first user of the plurality of users. The received message is signed with the first user's private encryption key. A signature of the message is verified by using the first user's public encryption key. The authority of the first user to transmit notification messages is then verified. The message is then resigned with the second user's private encryption key and transmitted to at least a second user of the plurality of users, wherein the second user verifies the signature by using the second user's public encryption key.

Abstract: The present invention is related to a method and apparatus for enhancing security of communications. The apparatus comprises a security processing unit, a data processing unit, a cross-layer watermarking unit, and optionally a smart antenna processor. The security processing unit generates a token/key to be used in watermarking and sends a node security policy to other components. The data processing unit generates user data. The cross-layer watermarking unit includes at least one of Layer-2/3, Layer-1 and Layer-0. Each layer performs a different scheme or degree of watermarking. The cross-layer watermarking unit embeds the token/key into the user data transmission on at least one of the layers selectively in accordance with a security policy.

Abstract: A request from a software developer is received to digitally sign software included in the request. A security policy associated with the software developer is accessed where the security policy describes criteria for valid request by the software developer. A determination is made whether the request is valid based at least in part on the security policy. The software is digitally signed responsive to the determination indicating that the request is valid. The digitally signed software is provided to the software developer.

Abstract: An embodiment of the present invention proposes a novel file and multimedia management and tracking system using a secure key server. The invention also proposes a novel, but very simple, digital watermarking technique. With the invented technology, the user's files/data can be encrypted and managed automatically, whether the data is stored in a USB format or in a public storage space. Furthermore, the file/data access record will be kept on the secure key server. Hence, an user can always track when the file/data was accessed. The advantage of the invented secure file manage system is that the key server never access the protected electronic data, and the data—encrypted or decrypted—are always on the local machine. The secure key server only manages the keys and records the key queryings. With the present invented technology, the multimedia server and the multimedia owner can protect their copyright, even when the multimedia is downloaded from the Internet.

Abstract: A computer-implemented method for signing computer applications is disclosed. The method includes generating a compiled version of a first software application, signing the first software application with a digital certificate locally to a developer of the first software application without assistance from a central certification authority, and submitting the signed first software application to an on-line application store.

Abstract: A location collection system is described herein that provides a uniform facility for reporting location data to a cloud-based service from a variety of devices, and that provides a uniform facility for accessing aggregated location data collected by the cloud-based service. The system collects location information related to a user and reports the location information to a central service to provide a variety of useful services to the user. By providing a big, secure location vault in the cloud, the system enables big data analytics to be used to allow current and future questions to be asked of this data and to correlate this with other data to enable new scenarios not yet enabled. Thus, the location collection system provides a model to report, gather, and analyze location data across devices and users.

Abstract: A trusted branded email method and apparatus in one aspect detects branded electronic messages and performs validation before it is sent to a recipient. In another aspect, an electronic messages is branded by embedding branding assets and validation signatures. Algorithms that generate validation signatures are dynamically selected to further strengthen the security aspects. Branding assets are presented to a user using a distinct indicia that represents to the user that the branding assets are secure.

Abstract: A method of verifying integrity of a digital file includes receiving the digital file subsequent to exposure to a foreign environment and validating the digital file. The received digital file has an appended signature label that includes one or both of a first hash value and a digital signature. Validating the digital file includes hashing the digital file to obtain a second hash value, retrieving the first hash value from the signature label, and comparing the first hash value and second hash value.

Abstract: The subject disclosure is directed towards a technology by which data is securely distributed using a homomorphic signature scheme and homomorphic network coding signature schemes. A homomorphic signature scheme for signing the data is based upon binary pairing with standard prime order groups. Sets of data are signed based upon dividing a larger block of data into smaller blocks, and separately signing each smaller block. The smaller blocks may be distributed to nodes of a network topology that are configured for network coding. In one alternative, the homomorphic signature scheme protects against changes to the block identifier. Proof data may be provided independent of a random oracle, may be provided by providing parameters for verification in a Groth-Sahai proof system, or may be provided by providing parameters for verification independent of a Groth-Sahai proof system.

Abstract: A computer implemented method for logging extensions to platform configuration registers inside a trusted platform module instance is provided. A request to extend the current state of at least one of a plurality of platform configuration register is received. At least one platform configuration register within the trusted platform module instance is extended. The extension of the at least one platform configuration register is logged inside the trusted platform module instance as a logged entry by storing at least a tuple of platform configuration register indexes and hash values used for extending the platform configuration register. Information about new entries in the consolidated logs can be retrieved by polling or by subscribing to events that are automatically generated. A report of an extend operation and its logged hash value is sent to subscribers interested in receiving notifications of extend operations on a set of PCR registers.

Abstract: Software is authorized in accordance with a reputation of the software. A trust in the author and/or publisher of the software is determined via digital signatures and/or CoAs, and a reputation of the software is utilized to determine the intent of the software. The reputation of the software can be determined via a local service, such as an enterprise IT department and/or via a reputation determination service. When software is downloaded or to be executed, the trust in the author/publisher is determined using digital signatures and/or CoAs associated with the software. If the author/publisher is determined to be trusted, a service is called to determine the reputation of the software. The software can be installed and/or executed dependent upon the reputation of the software and trustworthiness of the author/publisher.

Abstract: Provided is a message sending method for sending a message by a process of a computer including a processor and a memory.

Abstract: According to one embodiment, a authentication method comprising: generating a second key by the first key, the first key being stored in a memory and being prohibited from being read from outside; generating a session key by the second key; generating first authentication information, the secret identification information stored in a memory and being prohibited from being read from outside; transmitting encrypted secret identification information to an external device and receiving second authentication information from the external device, the encrypted secret identification information stored in a memory and readable, the second authentication information generated based on the encrypted secret identification information; and determining whether the first authentication information and the second authentication information match.

Abstract: The systems, methods and apparatuses described herein provide a computing environment that includes secure time management. An apparatus according to the present disclosure may comprise a non-volatile storage to store a synchronization time and a processor. The processor may be configured to generate a request for a current time, transmit the request to a trusted timekeeper, receive a digitally signed response containing a current, real-world time from the trusted timekeeper, verify the digital signature of the response, verify that the response is received within a predefined time, compare a nonce in the request to a nonce in the response, determine that the current, real-world time received from the trusted timekeeper is within a range of a current time calculated at the apparatus and update the synchronization time with the current, real-world time in the response.

Abstract: This invention relates to security for data objects; more particularly, the present invention relates to improved security based on subliminal and supraliminal channels for data objects. In another embodiment, a method of protecting a data object comprises: steganographically encoding a subset of candidate bits in a digitized sample stream; perceptibly manipulating data in the digitized sample stream; and combining the imperceptible and perceptible data changes to create a secure/unique digital sample stream. In yet another embodiment, a method for securing a data signal comprises: preanalyzing said data signal for candidate watermark/signature bits; steganographically encoding independent data into the data signal into a subset of the candidate watermark bits, at least one time; and encoding the data signal subsequently with a perceptible technique.

Abstract: A method for secure transmission using a fax server, including transmitting a document to be faxed, by a sender to a server, in the form of a digital file in a non-fax format, as well as information relative to the identity of the recipient; calculating a Tiff format file from the digital file on the one hand, the creation time and date of the file and an informative file on the other hand; calculating a signature from said Tiff document and entering the result of this calculation in an additional file; recording the files in a secured space accessible by the sender and the recipient; modifying the Tiff file to be transmitted to insert the signature and information allowing the recipient to access the recorded files; transmitting the file by the server to the telephone address of the recipient, according to a fax standard, and issuing a transmission report by the server in the form of an electronic message in a non-fax format.

Abstract: Methods, processes, systems and devices for allowing a computer user to sign and execute a document over the interne using a pointer device such as a mouse to generate a digital signature by an cursive signature (handwritten). The invention allows for vector points in the digital signature to be encoded/encrypted, stored and later be retrieved so that it can be verified where it came from, and what specific document it was on. If necessary, the invention allows for a newly executed signature to be forensically verified against a signature sample.

Abstract: An image forming apparatus receives authentication information about a user who requests a function and determines whether the user needs to be authenticated before executing the requested function. The image forming apparatus then transmits the authentication information to an authentication device that performs authentication of the user, and receives an authentication result from the authentication device indicative of whether the user is authentic. The image forming apparatus executes the function specified in the request only when the authentication result shows that the user is authentic.

Abstract: An apparatus in a system which includes at least a high-level apparatus and a plurality of low-level apparatuses, said apparatus being one of the low-level apparatuses. The apparatus includes a storage unit configured to store an individual certificate set and a common certificate set and a communication unit configured to transmit own authentication information to the high level apparatus to allow the high level apparatus to perform decryption to authenticate the validity of the apparatus.

Abstract: An electronic signature method uses a signature generation unit with a memory that is spatially separated from a data processing device. At least one biometric trait of a person who will electronically sign an electronic dataset is captured, and an electronic biometric dataset is generated based thereon. The biometric dataset is encrypted using a randomly generated value. Subsequently, the encrypted biometric dataset is transmitted to the data processing device, a first checksum is generated in the data processing device for the encrypted biometric dataset and the electronic dataset, and the first checksum is transmitted from the data processing device to the signature generation unit. The random value is encrypted using the first checksum, and the encryption result is further encrypted using the stored key. The result of this is then transmitted to the data processing device.

Abstract: A method and system generates and compares fingerprints for videos in a video library. The video fingerprints provide a compact representation of the spatial and sequential characteristics of the video that can be used to quickly and efficiently identify video content. Because the fingerprints are based on spatial and sequential characteristics rather than exact bit sequences, visual content of videos can be effectively compared even when there are small differences between the videos in compression factors, source resolutions, start and stop times, frame rates, and so on. Comparison of video fingerprints can be used, for example, to search for and remove copyright protected videos from a video library. Further, duplicate videos can be detected and discarded in order to preserve storage space.

Abstract: A method and apparatus for remote watermarking of a media program is disclosed. The method inserts a pattern of substituted second versions of media program portions that are invisible to the viewer, into reproduced copies of the media program. The method permits the watermarking of encrypted media programs.

Abstract: This patent application is generally related to watermarking and steganography. One claim recites a method of transmarking an audio or video signal previously embedded with a first digital watermark using a first digital watermark embedding method. The method includes: utilizing a programmed electronic processor, decoding the first digital watermark from the audio or video signal; converting the audio or video signal into a different form; and utilizing a programmed electronic processor, embedding decoded message information from the first digital watermark into a second digital watermark in the different form such that the second digital watermark is adapted to robustness or perceptibility parameters associated with the different form. Of course, other combinations and claims are provided as well.

Abstract: Systems, methods and computer readable media are disclosed for a trusted proxy to intercept communications between an untrusted computerized gaming system and an online multi-player gaming service that requires games to be trusted, allowing the untrusted computerized gaming system to use the multi-player gaming service. In addition to allowing the untrusted computerized gaming system to use the multi-player gaming service in general, the trusted proxy can also limit the extent of the interaction between the untrusted computerized gaming system and the multi-player gaming service.

Abstract: Cell phones and other portable devices are equipped with a variety of technologies by which existing functionality can be improved, and new functionality can be provided. Some relate to visual search capabilities, and determining appropriate actions responsive to different image inputs. Others relate to processing of image data. Still others concern metadata generation, processing, and representation. Yet others relate to coping with fixed focus limitations of cell phone cameras, e.g., in reading digital watermark data. Still others concern user interface improvements. A great number of other features and arrangements are also detailed.

Abstract: A digital signature system and method are disclosed. The digital signature system may include a remote certificate server for storing and maintaining at least one digital certificate of a user by a service provider and a digital signature printer driver loaded on the user's computer for communicating with the service provider via a network, such as the Internet. The digital signature printer driver may obtain verification of the user's identity from the service provider via the network and electronically place on a printable document a digital signature of the user based on the remotely stored digital certificate. The system may further include a remote storage server for storing a digital copy of the digitally signed document. The digital signature may include a unique identifier for subsequent validation of the digital signature by the service provider.

Abstract: A long-term signature registration system 8 receives an input of attributes from a user to set an attribute value group with respect to original data. The attribute value group is compressed to generate single long-term signature compressed data. The long-term signature registration system 8 outputs and registers long-term signature compressed data to a long-term signature system 1. The long-term signature system 1 decompresses long-term signature compressed data to acquire original data and an attribute value group. The long-term signature system 1 performs a long-term signature on a set (group) of original data and attribute value group, and creates XAdES (long-term signature data) for the set of original data and attribute value group. The long-term signature system 1 compresses original data, the attribute value group, and XAdES to create a package of long-term signature data, and outputs and registers the package of long-term signature data to a document management system 9.

Abstract: In a network device, a method for verified communication includes generating a network communication message using a selection of predetermined message elements having digital signatures generated with a private key. The network device generates a signature for the message by applying a homomorphic operation to the digital signatures of the selected predetermined message elements and to a one-time signature corresponding to a random number. The network device transmits the message in association with the signature for the message and the random number to at least one other network device.

Abstract: A client terminal 3 can generate PAdES while performing communication with a long-term signature server 2 without delivering a PDF document and a secret key used in an electronic signature to the long-term signature server 2. PAdES is a long-term signature format which is specified for a PDF file. The client terminal 3 transmits CAdES with the electronic signature before time stamp issuance to the long-term signature server 2 to request to issue a time stamp to CAdES. The client terminal 3 requests the long-term signature server 2 to collect verification information, acquires the verification information, further generates information for confirming unfalsification of a signed PDF document and the verification information therefrom, and transmits the information to the long-term signature server 2 to request to generate DTS. With the above, it is possible to perform a long-term signature while retaining confidential information on a user side.

Abstract: A method for communicating information between at least a pair of correspondents, the method comprising the steps of each of the correspondents selecting a plurality of cryptographic algorithms known to each of the correspondents. One of the correspondents applies the algorithms in a predetermined manner to a message for producing a set of processed information. The set of processed information is transmitted to the other correspondent. The other correspondent applies complimentary operations of the cryptographic schemes in accordance with the predetermined manner for deriving information related to the message from the processed information.

Abstract: A system and method for storing identifying information and telephone numbers associated with individuals, and cross-referencing said information so as to link a first individual to other referee individuals capable of identifying the first individual as a result of a telephone conversation. When a relying party wishes to confirm the identity of a contracting party, the system is contacted and, using identifying information pertaining to said contracting party, identifies the set of referee individuals capable of identifying said contracting party, contacts a referee selected at random from the set, and places the contracting party in telephonic communication with the referee. At the conclusion of said telephonic communication, said system invites the referee to state the name of the first individual; by comparing the voice sample with a stored voice sample, the apparatus then provides identity confirmation to said relying party.