Abstract: A method for securely authenticating a user of a portable consumer device at an access device comprising the following steps. First, a dynamic data element and a first set of transactional information is sent to the portable consumer device from the access device. Next, the portable consumer device creates an authentication code as a function of at least the dynamic data element, a subset of the first set of transactional information, and a password. The authentication code, along with other data, is then sent from the portable consumer device back to the access device. The access device then uses the authentication code to send an authentication request message to the service provider of the user. The service provider then attempts to authenticate the user by recreating the authentication code and comparing the recreated authentication code with the authentication code received from the access device.

Abstract: A method for sending a message includes randomizing a signature generation key with a random number to calculate a randomized signature generation key, encrypting the random number with a public encryption key to calculate an encrypted random number, signing a message with the randomized signature generation key to calculate a signed message, and sending the signed message and the encrypted random number to a recipient.

Abstract: The invention concerns a method for executing cryptographic calculation in an electronic component, based on a specific cryptographic algorithm including at least one secret key operation (102) to be performed with a secret encryption key (103) comprising m secret encryption key blocks of n bits on a data block (101), wherein m and n are positive integers, and a non-linear operation (107).

Abstract: The device and accompanying apparatus and method provides security among a calling function, such as an any executable code, and at least one target function, such as any executable code that the calling function wishes to have execute. In one example, the device includes an engine operative to perform run-time verification of the signatures of secure interrupt handler code and at least one target function before allowing execution of the at least one target function. If both the secure interrupt handler code's signature and the at least one target function's signature are successfully verified, the at least one target function is allowed to execute.

Abstract: “Embodiments relate to methods and apparatus for facilitating the protection from tampering of an electronic document to which an electronic signature is applied. In non-limiting examples, techniques may relate to the handling of document appearance data, dynamic signature biometric data, digital footprints data, pixel history data, and camera-acquired image data.

Abstract: Systems and methods for facilitating confirmation of completion of a transaction(s) for state synchronization over a non reliable network using signature processing are described. One of the methods includes receiving a read request from a first client, sending a last known signature with a context object to the first client in response to receiving the read request, and receiving an appended signature from the first client with a context object for a transaction at the first client. The appended signature includes the last known signature and an increment by the first client. The operation of receiving the appended signature occurs upon execution of the transaction at the first client. The method further includes updating the last known signature to the appended signature and sending the updated last known signature to the first client to facilitate marking of the transaction as complete resulting in a definitive state synchronization.

Abstract: A method that comprises obtaining a currently received signature from a device; obtaining a candidate identifier associated with the device; consulting a database to obtain a set of previously received signatures associated with the candidate identifier; and validating the currently received signature based on a comparison of the currently received signature to the set of previously received signatures associated with the candidate identifier. Also, a method that comprises obtaining a currently received signature from a device; decrypting the currently received signature to obtain a candidate identifier; and a candidate scrambling code; consulting a database to obtain a set of previously received scrambling codes associated with the candidate identifier; and validating the currently received signature based on a comparison of the candidate scrambling code to the set of previously received scrambling codes associated with the candidate identifier.

Abstract: Embodiments are directed to establishing the integrity of a portion of data on at least one level of a plurality of network stack levels and automatically continuing an established federation relationship between at least two federation computer systems. In an embodiment, a first federation computer system receives a digital signature corresponding to a computer system signed by a digital signature which includes the computer system's identity and other federation relationship information configured to establish a trusted federation relationship between a first federation computer system and a second federation computer system. The first federation computer system attempts to validate the received digital signature at a first level of a network stack and determines that the validation at the first network stack layer was unsuccessful. The first federation computer system then validates the received digital signature at a second, different level of the network stack.

Abstract: A system and a method automatically generate video-based tests to distinguish human users from computer software agents. The system comprises a CAPTCHA generation engine, a CAPTCHA serving engine, a video clips database, and a video tests database. The CAPTCHA generation engine selects a video clip from the video clips database, and segments the video clip into multiple video segments. For each video segment, the CAPTCHA generation engine associates a plurality of related queries with the video segment, generates a video test based on the association, and stores in the video tests database. A CAPTCHA serving engine selects a video test for a user, maintaining a user trial counter for each user taking the video test. Based on the user trial counter information and the response to the selected video test, the CAPTCHA serving engine determines whether the user is a human user.

Abstract: A computer system to authenticate documents periodically appending a hash representing a document to a data structure, the data structure configured to store one or more hashes and creating a commitment for the data structure at pre-established intervals by creating a digest of the one or more hashes of the of the data structure, wherein the size of the commitment is constant regardless of the number of hashes in the data structure.

Abstract: This disclosure describes techniques for dynamically assembling and utilizing a pedigree of a resource. A pedigree of a resource is a set of statements that describe a provenance of the resource. As described herein, a document may include local pedigree fragments and optionally one or more pointers to remote pedigree fragments not locally stored in the document. A pedigree fragment, generally, is a data structure that specifies a direct relationship between a first resource, e.g., a primary resource, and a second resource from which an asserted fact of the first resource is derived. Because a pedigree fragment specifies such direct relationships, a set of pedigree fragments may be used to assemble the complete pedigree of resource.

Abstract: Techniques to facilitate a system to capture, process, and archive a series of user interactive events and subsequently retrieve the stored user interactive events are disclosed. The captured information is indexed and stored for future access either on a terminal device or an accessible remote server device.

Abstract: The method and accompanying apparatus and device protects against programming attacks and/or data corruption by computer viruses, malicious code, or other types of corruption. In one example, signature verification policy information that identifies a plurality of policies associated with a plurality of target memory segments is programmed during a secure boot process. The programmed signature verification policy information associated with each of the plurality of target memory segments is then evaluated during run-time. Signature verification is then repeatedly performed, during run-time, on each of the plurality of target memory segments based on the programmed signature verification policy information associated with each target memory segment.

Abstract: A method and apparatus for identifying an object include encoding physical attributes of an object where the encoded information is utilized as at least one element for composing a digital watermark for the object. In another embodiment the physical attributes of the object are utilized as a key for accessing information included in a digital watermark for the object.

Abstract: A method and apparatus for determining a digital signature from an article. A coherent light source directs a beam to illuminate the article and a detector arrangement collects data points from light scattered from many different parts of the article to collect a large number of independent data points, typically 500 or more. By collecting a large number of independent signal contributions specific to many different parts of the article, a digital signature can be computed that is unique to the area of the article that has been scanned. This measurement can be repeated whenever required to test authenticity of the article. Using this method, it has been discovered that it is essentially pointless to go to the effort and expense of making specially prepared tokens, since unique characteristics are measurable a in a straightforward manner from a wide variety of every day articles.

Abstract: A method and mechanism for protecting a website against defacement are provided. A content owner may associate content with a digital signature. The digital signature allows a recipient of the content to verify that the content originated from the content owner, and that the content has not been defaced. The digital signature may be comprised within the content, or stored external to the content, e.g., in a repository accessible to a Web cache server serving the content. To construct the digital signature, initially, the content owner creates a content validity value for a portion of content, the content validity value is encrypted to create the digital signature. The Web cache server may use the digital signature to determine whether the content has been defaced.

Abstract: Systems and methods for authenticating a request submitted from a client device through a third party content provider to an electronic entity are described. In one embodiment, a method includes providing a trusted script to the third party content provider, passing a trust token to the third party content provider and to the client device, and, in response to a request submitted from the client device through the third party content provider, validating the trust token associated with the request with the token passed to the client device, and processing the request. The trusted script is configured to create a trusted window on the third party Web page displayed on the client computing device, receive a trust token from the electronic entity through the trusted window, and associate the trust token with requests submitted from the client computing device through the third party content provider to the electronic entity.

Abstract: An image processing device includes: an image obtaining unit that obtains original images one by one from an original document on which image processing is to be performed by the image processing device; an output unit that outputs each of the original images obtained by the image obtaining unit; an information acquiring unit that acquires control information for controlling operations to be performed by the image processing device, the control information being extracted from a control image represented by a specific image in the original image obtained by the image obtaining unit; and a control unit that determines whether the control information acquired by the information acquiring unit requires an authentication, determines whether an output of the original image having the control information is restricted on the basis of a result of the authentication when the control information requires an authentication, restricts the output of the original image when the output is determined to be restricted, and c

Abstract: An electronic card is disclosed including circuits of the protected zone include at least one control circuit. The electronic card further includes another zone defining a non-protected environment; the circuits of this zone do not need to comply with the distance constraint. The communication between the circuits of the protected zone and the non-protected environment is carried out by a communication circuit allowing or not allowing the electrical signals to pass. The passage of the electrical signals in the communication circuit is conditioned by an electrical control signal sent by the control circuit. Also disclosed is a method allowing the control circuit to be blocked if the electrical status of the signal controlling the passage of the signals does not correspond to the status imposed by the control circuit.

Abstract: The invention relates to a method for inserting a new device in a community of devices wherein each device of the community is able to store insertion requests received from at least one new device and to forward these insertion requests to a device chosen by a user of the community for confirming authorization to join the community.

Abstract: Methods and apparatus are provided for establishing a secure connection with a mobile device that is configured to store a first private key that mathematically corresponds to a first public key. The method comprises receiving a quasi-public key from a trusted entity, wherein the quasi-public key mathematically corresponds to a quasi-private key that is stored on the mobile device, receiving a first digital certificate from the mobile device, the first digital certificate comprising the first public key and a first digital signature generated with the quasi-private key, and authenticating the first digital certificate using the first digital signature and the quasi-public key.

Abstract: Direct Anonymous Attestation involves a Signer using a credential supplied by an Issuer to anonymously prove to a Verifier, on the basis of a public key of the Issuer, the Issuer's attestation to the Signer's membership of a particular group. To facilitate membership revocation, the Issuer updates the public key at intervals, and also effects a complementary updating to the Signer's credential unless the Signer has ceased to be a legitimate group member. A non-updated credential is inadequate to enable the Signer to prove its Issuer attested group membership to a Verifier on the basis of the updated Issuer public key.

Abstract: Apparatuses, articles, methods, and systems for secure platform voucher service for software within an execution environment. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by authenticated, authorized and verified software components. A provisioning remote entity or gateway only needs to know a platform's public key or certificate hierarchy to receive verification for any component. The verification or voucher helps assure to the remote entity that no malware running in the platform or on the network will have access to provisioned material. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the software component.

Abstract: A security module on a client detects a signed file at the client and reports signing information identifying a certificate used to sign the file and a file identifier identifying the file to a security server. The security server uses the signing information to determine whether the certificate is compromised. If the certificate is compromised, the security server compares a discovery date of the file with a compromise date of the certificate. The security server generates trust data assigning a trust level to the file responsive to the comparison. The trust data assign a low trust level to the file if the comparison indicates that the file discovery date is after the compromise date and assign a high trust level to the file if the comparison indicates that the file discovery date is not after the compromise date. The security server provides the trust data to the client.

Abstract: Embodiments of the systems and methods described herein facilitate the transmitting, receiving, and processing of encoded messages wherein the header fields in the message header are protected. In one embodiment, the contents of the header fields to be protected are inserted into the message body as one or more additional lines of text, for example, prior to encoding and transmitting the message to a message recipient. Upon receipt of the message, the message recipient processes the encoded message such that the contents of the protected header fields can be extracted from the message body. Accordingly, by inserting the contents of the header fields to be protected into the message body, the header fields may be protected using existing standards and protocols for facilitating secure message communication.

Abstract: The invention relates to a method and system for embedding in a digital media file user fingerprint which the user cannot detect when using the digital media file. In the method, a user-detectable watermark is first embedded in the digital media file. This watermark can be transformed in a client device to a non-detectable fingerprint of the user by utilizing digital media file-specific information issued by a digital media rights owner when the user has bought a user license. Afterwards the digital media rights owner can read the embedded user fingerprint from the digital media file if it is illegally distributed between other users.

Abstract: There is provided an anonymous service method of providing local linkability. The anonymous service method providing local linkability according to exemplary embodiments of the invention, an anonymous authentication operation based on a short group signature is performed, for which the concept of a local linkability is introduced to secure linkability within the same service domain. Namely, in the interior of a service provider, a virtual index having a fixed value is calculated for each service user, and in this case, although a plurality of service providers collude with each other, they cannot calculate a virtual index having the same value, whereby the linkability can be secured within the same service domain but not within the interiors of different service domains.

Abstract: An improved encryption and digital signature system and method in accordance with the invention reuses an encryption ephemeral key pair from an encryption process in a digital signature process. The reuse of the encryption ephemeral key pair in the digital signature process advantageously results in reduced byte size of the digital signature and reduction of costly computation overhead. In a preferred embodiment, the invention is based on the El Gamal encryption scheme and the Nyberg-Rueppel signature scheme. The present invention is particularly useful for operation in conjunction with small communication devices having limited processing and storage, wherein such devices may communicate via bandwidth sensitive RF links.

Abstract: According to an aspect of an embodiment, a method of establishing a chain of trust into a virtual machine on a hardware system is described. The method may include measuring an immutable portion of a virtual machine image configured to instantiate as the virtual machine to generate a trust anchor measurement. The method may also include storing the trust anchor measurement in a sealed memory.

Abstract: A system, method, and computer readable medium for managing secure content by CDN service providers are provided. A network storage provider stores one or more resources on behalf of a content provider. A CDN service provider obtains client computing device requests for secure content. Based on processing first signature information, the CDN service provider determines whether the secure content is available to the client computing device. If the CDN service provider does not maintain the requested content, the CDN service provider transmits a request to the network storage provider. Based on second signature information and an identifier associated with the CDN service provider, the network storage provider processes the request based policy information associated with the identifier.

Abstract: A system and method are provided for implementing a digital signature scheme for embedding and validating multiple nested digital signatures in digitally produced documents without modifying a file size of the digitally produced and signed documents or otherwise corrupting previously-embedded digital signatures. A number of fixed fields are included in a digitally produced document, upfront, that will be populated with multiple digital signatures. With the fixed fields in the digitally produced documents, the entire file is cryptographically “hashed” and the individual digital signatures are independently verifiable via simple cryptographic schemes. Multiple digital signatures are embedded in documents including complex file formats in a manner that does not corrupt the documents. Known cryptographic techniques such as, for example, a known hash algorithm, are applied to the digitally produced documents including the multiple sequentially input digital signatures in a process that is independently verifiable.

Abstract: Systems and methods are disclosed for embedding information in software and/or other electronic content such that the information is difficult for an unauthorized party to detect, remove, insert, forge, and/or corrupt. The embedded information can be used to protect electronic content by identifying the content's source, thus enabling unauthorized copies or derivatives to be reliably traced, and thus facilitating effective legal recourse by the content owner. Systems and methods are also disclosed for protecting, detecting, removing, and decoding information embedded in electronic content, and for using the embedded information to protect software or other media from unauthorized analysis, attack, and/or modification.

Abstract: The invention relates to a system for exchanging data between at least one sender and one receiver, such as a central server, by means of a data transmission network of Internet type, this system comprising means for encrypting/decrypting the data exchanged. The senders and the receiver comprise generators of encryption/decryption keys, which generators are synchronized to generate new keys for message encryption/decryption with each dispatching of a new message from the sender to the receiver.

Abstract: CAPTCHA (Completely Automated Public Test to tell Computers and Humans Apart) data generation methods for use in an electronic device and related management systems are provided. First, the electronic device determines a first data set according to at least one first data corresponding to an operation to be performed, wherein the first data represents sensitive data corresponding to the operation. Then, the electronic device generates a group of CAPTCHA data corresponding to the first data set according to the first data. The electronic device may be a server or a client. When the electronic device is the client, the client obtains at least one generation module from the server to determine the first data set, and generate the CAPTCHA data. In some embodiments, during a data transmission procedure, the client performs the operation with the server using the CAPTCHA data.

Abstract: A method for securing data in hardcopy documents. The method includes obtaining a page image having a private data item; generating an encrypted version of the private data item; obtaining a decoder identification (ID) value of a decoder; generating, using an encoder, a symbol having the encrypted version of the private data item and the decoder ID value; and generating a hardcopy document by recording the symbol on a physical medium, where the hardcopy document is transported to a subsystem having the decoder, and where the subsystem decrypts the encrypted version of the private data item after extracting the encrypted version of the private data item from the symbol.

Abstract: A method and system for supply of data, including generating a first digital certificate referred (empowerment certificate) signed with a first signing entity's electronic signature. The empowerment certificate includes attributes of the described entity, information identifying the first signing entity, indication of data relating to the described entity, indication of a source of the data, and identification of a relying entity to which the data can be supplied. The relying entity forwards the empowerment certificate to a source supplying the data indicated in the empowerment certificate. The data may be supplied to the relying entity by a second digital certificate (custom certificate), signed with a second signing entity's electronic signature. Custom certificates may appear in custom certificate revocation lists. A system and method for transfer of ownership of electronic property from a first entity to a second entity, and a method and system for electronic voting are also provided.

Abstract: A method of creating an electronic document is disclosed that is able to maintain confidentiality and prevent leakage (unauthorized disclosure) of contents of the electronic document.

Abstract: Disclosed is a broadcasting signal receiving apparatus for controlling use of a broadcasting program using a signature in program information and a method thereof. The broadcasting signal receiving apparatus includes a communicating unit for receiving a broadcasting signal, an extracting unit for extracting a broadcasting program and program information from the received broadcasting signal, and a determining unit configured to generate a temporal signature for confirmation (confirmation signature) which determines whether the program information is changed or not from the original program information and determine validity of the program information by comparing a signature included in the extracted program information with the confirmation signature.

Abstract: The invention relates to a method in which program information is obtained to an execution environment in an electronic device. The program information comprises at least a program code. A key is computed of the program information and a device specific secret value. The key is used to decrypt program specific state data in the execution environment and to encrypt modified state data after the execution.

Abstract: When transmitting position/time information calculated by means of a GPS function to a server apparatus, authentication is carried out with the server apparatus. The position/time information may be certified as legitimate measured by a portable apparatus with a GPS reception function employed by a user. When transmitting information related to the position and the time acquired from a portable phone terminal having the GPS function and a network function by means of the GPS function to the server apparatus, authentication is carried out between the portable phone terminal and the server apparatus. The position/time information is transmitted to the server apparatus, only if the server apparatus is authenticated as a legitimate counterpart for connection. A secret key holding section is provided for holding different secret keys for different apparatuses.

Abstract: A method and apparatus that provides information assurance attributes through a data providence architecture is disclosed. The method may include receiving a message having a data provenance wrapper, examining each data provenance record of the message and any attachments for discrepancies, identifying any discrepancies in the examination of each data provenance record of the message and any attachments; calculating a degree of trust based on any discrepancies identified in the examination of each data provenance record of the message and any attachments, and outputting the degree of trust to the user.

Abstract: A system and method for enhancing spam avoidance efficiency by automatically identifying a phishing website without human intervention. The system receives a stream of suspect Internet urls for potential phishing websites and uses a comparison strategy to determine whether the potential phishing website has already be labeled as a bonefid phishing website. A comparison system is utilized in which similarity data is calculated on various elements of the potential phishing website and then compared to similarity data of known phishing websites. Various types of similarity measure methodologies are potentially incorporated and a similarity threshold value can be varied in order to respond to phishing threats.

Abstract: A file server receives a request from a client to mount an encrypted file system. The file server informs the client that the requested file system is encrypted and, in turn, receives a session ticket from the client that includes a security protocol mounting selection. The file server decrypts the client's user's encrypted private key, and then decrypts the requested encrypted file system using the private key. In turn, the file server sends the decrypted file system to the client over a secure channel, which is based upon the security protocol mounting selection. In one embodiment, a key distribution center server receives a request from the client for the client's user to access the encrypted file system at the file server. The key distribution center server retrieves an intermediate key; includes the intermediate key in a session ticket; and sends the session ticket to the client.

Abstract: A method for data integrity protection includes arranging data in a plurality of data blocks. A respective block signature is computed over each of the data blocks, thereby generating multiple block signatures. The data blocks and the block signatures in an integrity hierarchy are stored in a storage medium, the hierarchy comprising multiple levels of signature blocks containing signatures computed over lower levels in the hierarchy, culminating in a top-level block containing a top-level signature computed over all of the hierarchy. A modification is made in the data stored in a given data block within the hierarchy. The respective block signature of the given data block is recomputed in response to the modification, and the recomputed block signature is stored in the top-level block for use in verifying a subsequent requests to read data from the given data block.

Abstract: A method implemented in a network element for controlling access to a set of resources on a per-application basis, the set of resources including subsets of the resources where each subset is accessible to a set of one or more applications through the use of a separate group key, the method comprising the steps of receiving an authentication request from a node communicatively connected to the network element through a first network interface of the network element, the authentication request including a certificate for the node, validating the certificate for the node, determining that the certificate has been authorized for the set of one or more applications through a query of a certificate database, retrieving each group key that corresponds to the set of one or more applications through a query of a group key database, and returning each group key retrieved from the group key database to the node.

Abstract: In one embodiment, a mobile device performs an over-the-air firmware update by writing the updated firmware to a inactive system image partition, and rebooting the device. The security of the OTA update is maintained through checking a plurality of security signatures in an OTA manifest, and the integrity of the data is maintained by checking a hash value of the downloaded system image.

Abstract: The system relates to a method for collecting signatures from pre-validated signers. In one aspect of the method, a pre-validated signer's signature is affixed to an electronic document in an appropriate location after the pre-validated signer authorizes the use of his or her signature.

Abstract: In accordance with the present disclosure, a system and method for multilayered authentication of trusted platform updates is described. The method may include storing first cryptographic data in a personality module of an information handling system, with the first cryptographic data corresponding to a verified firmware component. A second cryptographic data may also be determined, with the second cryptographic data corresponding to an unverified firmware component. The unverified firmware component may be stored in a memory element of the information handling system, and the second cryptographic data may be determined using a processor of the information handling system.

Abstract: A code signing system and method is provided. The code signing system operates in conjunction with a signed software application having a digital signature and includes an application platform, an application programming interface (API), and a virtual machine. The API is configured to link the software application with the application platform. The virtual machine verifies the authenticity of the digital signature in order to control access to the API by the software application.

Abstract: Content fingerprints and watermarks are combined in various ways for content identification applications. Fingerprints are used to identify content generally while watermarks provide more detailed localization of parts within the content, and vice versa. Fingerprint techniques are further used for signal synchronization and other pre-processing steps to assist in digital watermark decoding. A variety of fingerprint/watermark techniques identify characteristics of the channel of content from content samples.