Abstract: Systems and methods are disclosed for authenticating electronic messages. A data structure is generated by a computer server which allows for the authentication of the contents and computer server identity of a received electronic message and provides a trusted stamp to authenticate when the message was sent. Data which can authenticate the message, the computer server identity, and the time the message was sent is included into a data structure which is called an Electronic PostMark (EPM).

Abstract: The invention relates to a method of authenticating a user equipment in a communications network. The method involves sending a message from a network entity to the user equipment. This message includes a set of options for an authentication procedure for authenticating an internet protocol communication over a first interface between the user equipment and the network entity; said options including a “shared key”-based authentication procedure. The method also involves selecting an option from the set. In the event that the “shared-key”-based authentication procedure is selected, a shared secret from a security key established in a generic bootstrapping architecture (GBA) is generated over a second interface between the user equipment and a bootstrapping service function. The shared secret is then used to compute and verify authentication payloads in the key-based authentication procedure for the communication over the first interface.

Abstract: Computer-implemented methods, systems, and computer program products for document authentication and identification using encoding and decoding are provided. A method includes receiving a digitized document and comparing the digitized document to a set of markers to determine whether the digitized document is an encoded document with one or more characters replaced. In response to determining that the digitized document is encoded, information is extracted from the set of markers using a decoder according to an encoding strategy. The extracted information and the set of markers are compared with data stored in encoding history to authenticate and identify the received digitized document. Markers in the encoded document may be hidden in plain sight, such that the encoding is not readily apparent to a casual observer.

Abstract: A system and method for the creation and automated selection and inclusion an automated signature text with an electronic message, wherein the automated selection of the automated signature text is dependent on attributes of the message, the designated recipients, or attributes of the designated recipients as compared to the sender's attributes, such as the encoding type and/or transport method selected for the electronic message or the location of the recipient without the need for multiple user profiles or manual editing by the sender. At least one of a plurality of automated signature texts is associated with at least one encoding type of a plurality of encoding types, at least one message transport type, or with at least one predetermined recipient attribute or the outcome of a comparison of the recipient attribute with the sender's attributes. The appropriate automated signature text is inserted prior to encoding of the message for transport.

Abstract: In at least one implementation a method includes receiving an identifier associated with a device, entering the identifier into a network controller device, inviting the device associated with the identifier to join a network, admitting the device associated with the identifier to the network, sending the device associated with the identifier a name of the network, and confirming that the device has joined the network as a device recognized by the network controller device.

Abstract: An image forming apparatus extracts, from image data, authentication data by which a user is identified, sends the extracted authentication data to a control terminal that recognizes a function available to the user identified by the extracted authentication data, and then receives, from the control terminal, available-function data indicative of a result of the recognition. Then, the image forming apparatus chooses, in accordance with the available-function data thus received, a function that is available in the image forming apparatus. This enables the image forming apparatus to validate or invalidate each function in accordance with a user on the basis of the extracted authentication data.

Abstract: Systems, devices, and methods for modifying a signed bundle and verifying the modified bundle are disclosed. A signed bundle may be modified by removing a file specified in a server file list from a plurality of files in the bundle. The signed bundle comprises a catalog of files in the signed bundle and their associated hashes. The modified bundle includes the remaining files of the signed bundle that are not specified in the server file list and the catalog file of the signed bundle, the catalog signature of the signed bundle. The modified bundle may be verified by verifying the catalog signature of the modified signed bundle, and checking that the files specified in the catalog are either in the modified signed bundle or specified in the server file list. The hashes of the files in the modified signed bundle may also be checked to verify the modified signed bundle.

Abstract: A method for preparing and verifying a document, comprising the steps of: presenting the document to a document-registering office in a machine-readable format; editing the document to add an identification code associated with a non-copiable object; signing the edited document using a private key of the document-registering office; printing the digitally signed document in a machine-readable form; presenting the document and the object to an inspecting authority; recovering the digitally signed document from the machine-readable form of the printed document; verifying the digital signature of the document-registering office; and verifying that the identification code in the document corresponds to that of the presented object.

Abstract: A method and system are disclosed. In one embodiment the method includes calculating a trust level of a first entity. The first entity has a plurality of components. Each component in the first entity has at least the trust level of the first entity.

Abstract: Methods and systems for secure electronic data communication over public communication networks. A secure data communication component may be utilized to implement a communication protocol. New versions of the data communication component may be generated, with each version containing a different communication protocol. Source code of the data communication component may be modified using a polymorph engine to create a functionally-equivalent component having a different code structure. An anti-phishing component may intercept a link in an electronic communication activated by a user, analyze the link and the electronic communication, determine a phishing risk to the user posed by the link, and direct the user to a location indicated by the link or redirect the user to a valid location. A server authentication component may detect and prevent DNS attacks, injections, and defacing activities.

Abstract: A method of controlling access to content comprises receiving, at a domain gateway (3) of a domain (4), a request from a device (5) in the domain for access to the content. It is determined at the domain gateway whether the number of devices in the domain currently accessing the content is equal to a specified maximum number of devices that may simultaneously access the content. The maximum number of devices that may simultaneously access the content is independent of the number of devices in the domain. If the determination is that the number of devices in the domain currently accessing the content is less than the specified maximum number the request is allowed, otherwise it is refused.

Abstract: Methods, apparatus and articles of manufacture for program telecast monitoring using watermarks are disclosed. An example method for program monitoring disclosed herein comprises obtaining a sequence of watermarks detected from a presentation of media content at a monitored site, and comparing a data pattern obtained from the sequence of watermarks with a set of possible data patterns to identify a particular program transmission of the media content, the set of possible data patterns being associated respectively with a set of possible transmissions of the media content. An example method to watermark media content disclosed herein comprises encoding the media content with a sequence of watermarks, a watermark in the sequence of watermarks including content identifying payload data, and modifying the sequence of watermarks to also include a data pattern associated with a particular transmission of the media content.

Abstract: A system and method of signing a message to be sent from a first communication device to a destination via a second communication device. The message includes a first portion on the first communication device and a second portion on the second communication device. The method includes receiving at the second communication device the first portion of the message and a first signature for the first portion from the first communication device; combining the first portion and the second portion to form the message; obtaining a second signature for the message; and sending the first signature, the second signature and the message from the second communication device to the destination.

Abstract: Systems and methods for identifying content in electronic messages are provided. An electronic message may include certain content. The content is detected and analyzed to identify any metadata. The metadata may include a numerical signature characterizing the content. A thumbprint is generated based on the numerical signature. The thumbprint may then be compared to thumbprints of previously received messages. The comparison allows for classification of the electronic message as spam or not spam.

Abstract: A method and system for securely enrolling personal identity credentials into personal identification devices. The system of the invention comprises the manufacturer of the device and an enrollment authority. The manufacturer is responsible for recording serial numbers or another unique identifier for each device that it produces, along with a self-generated public key for each device. The enrollment authority is recognized by the manufacturer or another suitable institution as capable of validating an individual before enrolling him into the device. The enrollment authority maintains and operates the appropriate equipment for enrollment, and provides its approval of the enrollment. The methods described herein discuss post-manufacturing, enrollment, backup, and recovery processes for the device.

Abstract: A computer implemented method and apparatus for one-step signature trust of digitally signed documents comprising determining whether a digital signature is otherwise valid except for a lack of trust in a digital certificate; offering a recipient an option to establish trust in the digital certificate; and adding the digital certificate to a list of the recipient's trusted digital certificates when recipient opts to establish trust.

Abstract: A system, method and various software tools enable a video hosting website to automatically identified unlicensed audio content in video files uploaded by users, and initiate a process by which the user can replace the unlicensed content with licensed audio content. An audio replacement tool is provided that enables the user to permanently mute the original, unlicensed audio content of a video file, or select a licensed audio file from a collection of licensed audio, and insert the selected in place of the original audio. Where a video file includes unlicensed audio, the video hosting website provides access to video files to a client device, along with an indication to the client device to mute the audio during playback of the video.

Abstract: Technologies are disclosed to transfer responsibility and control over security from player makers to content authors by enabling integration of security logic and content. An exemplary optical disc carries an encrypted digital video title combined with data processing operations that implement the title's security policies and decryption processes. Player devices include a processing environment (e.g., a real-time virtual machine), which plays content by interpreting its processing operations. Players also provide procedure calls to enable content code to load data from media, perform network communications, determine playback environment configurations, access secure nonvolatile storage, submit data to CODECs for output, and/or perform cryptographic operations. Content can insert forensic watermarks in decoded output for tracing pirate copies.

Abstract: A method of authentication of a verifying device by a confirming device includes the confirming device receiving and storing a shared secret derived from at least a password of a user and sending a challenge. The method further includes the confirming device receiving a response to the challenge using the shared secret; determining if the response to the challenge is correct and if the response to the challenge is correct, authenticating the verifying device.

Abstract: An input personal identification number (PIN) is encrypted, identification information to identify a computer that has generated an encrypted PIN is associated with the encrypted PIN, and the associated information is sent to a recording medium. When the recording medium is again connected to the computer, it is checked whether the identification information is present in the recording medium. If the identification information is present in the recording medium, the encrypted PIN associated with the identification information is decrypted. These processes can be performed on both computer side and recording medium side.

Abstract: The present invention is designed to enable a secure device to authenticate a terminal application that operates on an information processing terminal and that accesses the secure device. An application issue request transmitter (301) of the information processing terminal (30) sends a request for issue of a terminal application to an application issuer (101). The application issuer (101) of an secure device (10) reads a terminal application (31) from an application storage (105) and embeds authentication information in the terminal application (31), associates an ID and the authentication information of the terminal application (31) and save them in an issue information storage (106), and sends the terminal application (31) to an application receiver (302) of the information processing terminal through an application transmitter (102). The application receiver (302) starts the terminal application (31).

Abstract: A method and system for a platform-based trust verifying service for multi-party verification. In one embodiment, the method includes a client platform accessing an service provider over a network. Upon accessing the service provider, the client platform receives a request from the service provider for platform measurement and verification. The client platform collects platform information and performs measurement and verification, including performing an integrity manifest comparison. If the integrity manifest comparison indicates a good client platform posture, then the client platform signs the client platform posture and sends an approval notification to the service provider indicating that the client platform has not been compromised. The client platform may then receive the service of the service provider.

Abstract: A method and apparatus for operating a computing device including a multi-touch surface. The method comprises: presenting a customer with an application form; transferring data from a customer's portable device (such as a cellphone) placed on or near the multi-touch surface to the application form; communicating with an authorization portable device (such as a staff identification badge) placed on or near the multi-touch surface by an authorized user; and transferring data from the authorization portable device to the application form to complete the application form.

Abstract: The present invention relates to a content protection apparatus and method using binding of additional information to an encryption key. The content protection apparatus includes an encryption unit for creating an encryption key required to encrypt data requested by a user terminal and then generating encrypted data in which the data is encrypted. An additional information management unit manages additional information including authority information about the encrypted data. A White-Box Cryptography (WBC) processing unit generates a WBC table required to bind the encryption key corresponding to the encrypted data to the additional information. A bound data generation unit generates bound data in which the encrypted key is bound to the additional information, using a cipher included in the WBC table.

Abstract: Methods and systems for image registration are described. An area of an image may be selected. A length of at least one encoded wavelength for the area may be accessed. One or more candidate wavelengths may be identified in the area in at least one direction that includes at least one large peak. The length of the at least one encoded wavelength may be compared to the length of at least one of the one or more candidate wavelengths to calculate an alteration ratio. The alteration ratio may identify at least one of a scale or a rotation of the image.

Abstract: A method, apparatus and program product provide a mechanism for managing the execution of electronic documents using electronic signatures. Documents requiring electronic signatures are automatically identified, mined, trimmed and split from a printer control data language stream. Status information pertaining to needed data, signatories, signature completions and authentication attempts is related to users during and after an electronic signing sequence.

Abstract: A system, method and apparatus are provided for secure e-mail message attachment optimization. Content attached to e-mail messages may not be suited to the resource constraints of the destination wireless device. In secure e-mail messages, the message may be signed and/or encrypted. A wireless server can determine resource parameters associated with a destination wireless device, such as display resolution, memory capacity, processor speed, and wireless interface constraints and re-scale the attached content to be optimized for delivery and presentation on the wireless device.

Abstract: A method, apparatus, and program product are provided for using watermarks to embed security features on avatars in a virtual world. A watermark engine receives security information for an avatar in a virtual world. The watermark engine creates a watermark for the avatar using the security information and associates the watermark with the avatar. The watermark may comprise at least one of: security preferences for the avatar, contact information for an owner of the avatar, and graphical information to cause alteration of the avatar when the avatar is recorded.

Abstract: Embodiments are directed to the providing a cloud keying and signing service and to securing software package distribution on the cloud. In an embodiment, a computer system instantiates a signing service configured to sign software packages. The computer system receives a signing request from a computer user requesting that a selected software package be signed. The signing request includes a computed hash of the selected software package. The computer system generates a private and public key pair on behalf of the computer user and stores the private key of the generated key pair in a secure data store.

Abstract: A system and method for searching and retrieving certificates, which may be used in the processing of encoded messages. In one broad aspect, a method is provided in which a certificate search request is received, a search of one or more certificate servers for certificates satisfying the request is performed, located certificates are retrieved and processed at a first computing device to determine data that uniquely identifies each located certificate, and search result data comprising the determined data is communicated to a second device (e.g. a mobile device) for use in determining whether each located certificate is already stored on the second device.

Abstract: In an example embodiment, an apparatus comprising a transceiver configured to send and receive data and logic coupled to the transceiver. The logic is configured to determine from a signal received by the transceiver whether an associated device sending the signal supports a protocol for advertising available services. The logic is configured to send a request for available services from the associated device via the transceiver responsive to determining the associated device supports the protocol. The logic is configured to receive a response to the request via the transceiver, the response comprising at least one service advertisement and a signature. The logic is configured to validate the response by confirming the signature.

Abstract: When input data (f0) is read into a digital signature generating apparatus, a hash value (h0) is calculated. The hash value (h0) is stored to a storage area (M1), which has the highest priority rank among 5 storage areas. Subsequently, when input data (f1) is read in, a hash value (h1) is calculated. Since the storage area (M1) is already occupied by the hash value (h0), the hash value (h0) is read out from storage area (M1), emptying the storage area (M1). The read hash value (h0) and the hash value (h1) are concatenated, forming a concatenated hash value (h0|h1) and a hash value (h0,1) is calculated. The hash value (h0,1) is stored to a storage area (M2), which has the highest priority rank after the storage area (M1). When input data (f2) is read in, a hash value (h2) is calculated and stored to the storage area (M1).

Abstract: A computer-implemented method for ensuring non-repudiation of a payment request and/or other action may include a step of receiving, over a network, the payment request together with a digital certificate identifying a user having caused the payment request to be generated. The certificate may include certificate-identifying information, user-identifying information, authority information that defines and delimits the authority of the user to make the payment request. The certificate-identifying information and the user-identifying information included within the received certificate may be validated. The authority information included within the received certificate may then be validated. The payment request and/or other action is then only executed when the certificate-identifying information, the user-identifying information and the authority information within the received certificate are successfully validated.

Abstract: A method and devices for dynamically embedding watermark and/or end-user access information into multimedia content. The method includes providing multimedia content transformed into blocks that each include an array of pixel blocks, and dynamically embedding portions of watermark and/or end-user access information into selected pixel blocks based on the values of the coefficients within the pixel blocks. For multimedia content encoded using discrete cosine transform (DCT) or other block-based encoding, the transform coefficients to include embedded information are chosen based on analysis of the coefficient values, rather than in a fixed or predetermined manner. Also, embedding watermark and/or end-user access information can occur across different pixel blocks within a given image to reduce the number of embedded coefficients per block, within the peripheral pixel blocks within a given image, and/or in different areas across images to reduce the duration of embedded information in any one area.

Abstract: A system for isolating a data communication network has been developed. The system includes an internal computer system with an internal computer that is in data communication with the internal computer system, and an external computer system with an external computer that is in data communication with the external computer system. The internal and external computers are connected with an ethernet adapter that only allows transmission of data from the internal computer system and prohibits the receipt of data by the internal computer system.

Abstract: An apparatus, system, and method are disclosed for link maintenance. A plurality of state machines operate a plurality of first links between data management nodes with each first link in an online state. A transition module transitions the plurality of first links from the online state to a degraded state and from the online state to an offline pending state in response to an offline request. The transition module further transitions the plurality of first links from the degraded state to an online pending state when a degraded link time interval expires and from the offline pending state to an offline state if all pending tasks on the plurality of first links are completed. The transition module further transitions the plurality of first links from the online pending state to the online state if each first link is validated.

Abstract: A server transmits a message and attachments from a sender to a recipient. A hash is provided of (a) the message, (b) an identification of the sender and (c) a hash of the attachments to form a data string. Instructions may be included for the recipient to send a hashed encryption of the string to a website at the server by registered electronic mail which provides options to obtain other electronic advantages.

Abstract: A digital signature authentication method and a digital signature authentication apparatus are provided in which a digital signature received from a user is structured and embedded into an agreement information file so that the digital signature may be managed safely and effectively. The method includes displaying an agreement information file and receiving the digital signature from a user; extracting signature data from the digital signature; and embedding the signature data into the agreement information file.

Abstract: A system and method for processing messages received at a vehicle. The method carried by the system involves wirelessly receiving at a vehicle a first communication message having secure credentials and a message signature for a second communication message. Then, the vehicle authenticates the first communication message via its secure credentials. Later, the vehicle wirelessly receives the second communication message and validates this second message using the message signature from the first message. In response to the validation, the second message is processed at the vehicle.

Abstract: A method and apparatus for securely booting software components in an electronic device to establish an operating environment are described herein. According to an aspect of the invention, software components are to be executed in sequence in order to establish an operating environment of a device. For each software component, a security code is executed to authenticate and verify an executable code image associated with each software component using one or more keys embedded within a secure ROM (read-only memory) of the device and one or more hardware configuration settings of the device. The security code for each software component includes a common functionality to authenticate and verify the executable code image associated with each software component. In response to successfully authenticating and verifying the executable code image, the executable code image is then executed in a main memory of the device to launch the associated software component.

Abstract: Detection and prevention of botnet behavior is accomplished by monitoring access request in a network. Each request includes a domain of content to access and a path of content to access, and each path includes a file name and query string. Once obtained, the query strings for each of these requests are normalized. A signature is then created for each of the normalized query strings. The obtained requests can then be grouped by signature. Once the requests have been grouped by signature, each grouping is examined to identify suspicious signatures based on common botnet behavior. Suspicious requests are used in back-end and front-end defenses against botnets.

Abstract: Techniques relating to directed digital signing policy are described. In one instance, a system includes means for storing a document as a plurality of logical parts. The system also includes means for establishing a document configuration when a digital signature is applied to the document, and means for indicating whether the document configuration is subsequently altered.

Abstract: In a dispersed storage network access control list information must be occasionally written out to system units across the network. A dispersed storage (DS) managing unit (18) combines (204) the access control list information with a clock stamp and hashes (206) that combined output. An encryptor (208) encrypts a security key (210) and the hash output to obtain a signature. A combiner (212) combines the signature and the output of combiner (204) and outputs to a publisher (214). Upon receipt of the output of the publisher (214) a dispersed storage unit (44) can reverse process and securely validate the access control list information provided by the publisher (214) to receive and store updated and valid access control list information. This processing is performed by the unit (44) using parsers (216), caches (218 and 228), hash operations (224), decryptors (222), comparators (226), logic (230), and key stores (220).

Abstract: A system and method for searching and retrieving certificates, which may be used in the processing of encoded messages. In one broad aspect, certificate identification data that uniquely identifies a certificate associated with a message is generated. The certificate identification data can then be used to determine whether the certificate is stored on a computing device. Only the certificate identification data is needed to facilitate the determination alleviating the need for a user to download the entire message to the computing device in order to make the determination.

Abstract: A system for device enabled verifiable stroke and image based workflows comprises a plurality of portable computing devices, coupled by a network to a stroke and image workflow server. The portable computing devices include a display, stroke capture capability and a wireless communication capability. The portable computing devices are adapted to receive images, add stroke annotations to the received images, and send the annotated received images. The stroke and image workflow server is coupled to the network for communication with the portable computing devices. The stroke and image workflow server sends and receives documents from the portable computing devices, maintains a log for verification, and implements a paper like workflow and processing the documents. Essentially, this stroke and image workflow server implements paper like workflow and handles the overhead of processing electronic documents so that it is invisible to the user.

Abstract: An apparatus comprising a network node configured to support a lightweight secure neighbor discovery (LSEND) protocol for securing neighbor discovery protocols (NDP) for energy-aware devices, wherein the network node is configured to wirelessly communicate with a host node, wherein the network node is configured to exchange LSEND protocol messages with the host node, and wherein the LSEND protocol uses reduced public key and signature sizes and more lightweight signature calculations in comparison to a secure neighbor discovery (SEND) protocol for securing NDP communications that are more suitable for low-power and lossy networks (LLNs).

Abstract: To provide an information processing apparatus, a server apparatus, a method of an information processing apparatus, a method of a server apparatus, and an apparatus executable program. An information processing apparatus uses signed integrity values unique to software configuration and asserting integrity of initial codes of a networked server. The server apparatus generates keys used for certifying the server apparatus (S810, S820, S830). One of the keys are certified by a third party to generate a digital signature (S840). The digital signature is attached to the integrity values and the signed integrity values are transmitted to the information processing apparatus for allowing the information processing apparatus to have secure services through the network (S850, S860).

Abstract: An image reading apparatus, an image information verification apparatus, an image reading method, an image information verification method, and an image reading program are disclosed. The image reading apparatus includes an image acquisition unit for acquiring an image from an image reading unit for reading the image formed on a medium, a medium description receiving unit for receiving a medium description provided by a medium description acquisition unit for acquiring the medium description of the medium, a set generating unit for generating a set of information about the image and information about the medium description, and a set unique value acquisition unit for acquiring a set unique value about the set.

Abstract: A method and system for document security are described. The method decrypts a key-map file located a composite document with embedded access control, decrypts a content part from the composite document with embedded access control, wherein the key-map file provides a key to access the content part, loads the content part in decrypted form into a document serialization maintained in a transient memory where the content part in decrypted form is maintained exclusively in the transient memory, and erases the content part in decrypted form upon termination of a program to access the decrypted content part from the document serialization.

Abstract: A method and system for verifying a check that is being used for an on-line transaction, utilizes a hash code value either printed directly on the check, or obtained from an insert card provided by a check printer. To conduct an on-line transaction using a check, the customer enters in data obtained from a MICR line of the check, whereby the data includes a one-way hash value that is based on the data provided on the MICR line as well as private data not provided on the MICR line. A web server of an e-tailer for which the customer seeks to make the on-line transaction, receives the data entered by the customer. The web server of the e-tailer transmits, to a check verifier, the data entered by the customer. The check verifier verifies whether or not the check is valid, by comparing the hash code value entered in by the customer with a hash code value that is separately calculated by the check verifier, based on private data of the customer obtained by the check verifier from a database.