Abstract: Third-party applications for platforms are linked to identified individuals that guarantee the security of the applications. The linkage is achieved by acquiring one or more biometric records of the individual guarantor, storing those records as a signature in a database, assigning a unique identifier to the signature, and embedding that unique identifier in the executable file of the application. The signature of the guarantor can be compared to other stored signatures of other guarantors to check for individuals posing under multiple aliases. The signature of a guarantor linked to a malicious application can be flagged so that a subsequent application guaranteed by the same individual can be disapproved.

Abstract: An apparatus and method for encoding and decoding additional information into a stream of digitized samples in an integral manner. The information is encoded using special keys. The information is contained in the samples, not prepended or appended to the sample stream. The method makes it extremely difficult to find the information in the samples if the proper keys are not possessed by the decoder. The method does not cause a significant degradation to the sample stream. The method is used to establish ownership of copyrighted digital multimedia content and provide a disincentive to piracy of such material.

Abstract: A system and method for enhancing spam avoidance efficiency by automatically identifying a phishing website without human intervention. The system receives a stream of suspect Internet urls for potential phishing websites and uses a comparison strategy to determine whether the potential phishing website has already be labeled as a bonefid phishing website. A comparison system is utilized in which similarity data is calculated on various elements of the potential phishing website and then compared to similarity data of known phishing websites. Various types of categorization structures and notification strategies are utilized in the system.

Abstract: Methods and apparatus to provide a tamper-resistant environment for software are described. In some embodiments, procedures for verifying whether a software container is utilizing protected memory and is associated with a specific platform are described. Other embodiments are also described.

Abstract: A method of issuing electronic vouchers (Vi) which a user (U) may submit to a merchant (M) in exchange for goods or services comprises the steps of: an issuer (I) receiving an electronic declaration (Di?1) from the user (U), the issuer verifying the electronic declaration (Di?1), and the issuer issuing a new electronic voucher (Vi) for use with the merchant (M) only if the electronic declaration comprises a signature (SM) of a merchant on a previous electronic voucher (Vi?1). The vouchers (Vi) and declarations (Di?1) are preferably blinded by the user such that the user remains anonymous. However, the electronic vouchers (Vi) may contain the identity (Q) of the user (U), which identity may be revealed when a voucher is submitted more than once.

Abstract: In accordance with certain embodiments of the present disclosure, a method for creating a veiled certificate is provided. The method comprises requesting a certificate from a regulator by sending a message with a digital signature of the message signed by the owner. The message comprises an owner's veiled certificate token, the veiled certificate token comprising an encrypted version of the owner's identification data and the owner's identification public key for the certificate. The message further comprises the identification public key, the whole message being encrypted using the regulator's external public key. The certificate request is validated by verifying the sender's identity through validation of the digital signature using the owner's external public key and verifying the veiled certificate token using the individual' external public key.

Abstract: Techniques for creating and using credentials for blinded intended audiences are provided. A principal desires access to a target service. An identity associated with the target service is hidden from an identity service via a random identifier. The identity service supplies an assertion with credentials and the random identifier. The principal sends the assertion and an access message, which also includes the random identifier to the target service. The target service compares the identifier included with the message to the identifier in the assertion and when a match occurs access is permitted to the target service, assuming other credentials associated with the assertion are satisfied as well.

Abstract: Multiple information is extracted from an unknown recording and information associated therewith. Associated information includes the filename, if the recording is a computer file in, e.g., MP3 format, or table of contents (TOC) data, if the recording is on a removable medium, such as a compact disc. At least one and preferably several algorithmically determined fingerprints are extracted from the recording using one or more fingerprint extraction methods. The information extracted is compared with corresponding information in a database maintained for reference recordings. Identification starts with the most accurate and efficient method available, e.g., using a hash ID, a unique ID or text. Fingerprint matching is used to confirm other matches and validation is performed by comparing the duration of the unknown and a possibly matching reference recording.

Abstract: Methods, devices and computer program products facilitate conditional access to a content embedded with watermarks. For such a content, when copy control rules associated with an embedded watermark message prohibits unconditional access to the content, it is determined whether or not an exception to the copy control rules exists, and if an exception to the copy control rules exists, the content is conditionally accessed. Additional watermark messages can be extracted while the content is being conditionally accessed, and based on the additionally extracted watermark messages, it is verified that conditional access to the content has been fulfilled.

Abstract: Methods, devices and computer program products facilitate embedding and extraction of watermarks into and from a host content. Embedded watermarks include an automatically generated portion that is associated with metadata. The metadata, which includes one or more identifiers of the host content, is stored at a database and can be accessible to both the watermark embedder and a watermark extractor. The automatically generated portion of the payload can be a serial number is changed for each watermark embedding session.

Abstract: The present invention controls to read encrypted digital data from a detachable storage medium, in which the digital data and a decode key for decoding encryption of the digital data are stored. In reading the digital data, the decode key is read, the decode key is deleted from the storage medium, the encrypted digital data is read, and then encryption of the encrypted digital data is decoded by the read decode key.

Abstract: A distributed digital certificate validation method of a client connectable in communication with a host is provided. A first connection is made with the host to establish data communication with the host. A request for a certificate validation result is sent to the host. A file containing at least the requested certificate validation result is imported from the host and the imported file is stored locally for later retrieval of at least the requested certificate validation result.

Abstract: Provided are a system and method for evaluating and certifying video PAT software, including a module for embedding a related information into the video image data and detecting the embedded information. A receiving module receives video PAT software and a certificate application associated with the video PAT software. A setting module sets an evaluation environment according to use cases of the PAT software received through the receiving module. An embedding module embeds predetermined information into a test video image data using an embedder of the received video PAT software. An attack module attacks the test video image data with the embedded information through various attack tools and generating an attacked video image data. A detecting module detects the embedded information from the attacked video image data by using a detector of the received video PAT software. An evaluating module evaluates statistic information about reliability of the video PAT software from the detected information.

Abstract: A system and method for enabling a user to retrieve, decode, and utilize hidden data embedded in audio signals. An exemplary implementation includes a microphone structured to receive sound waves representative of an audio signal and hidden data embedded in the audio signal. The then microphone converts the received sound waves into an electrical output signal. The system also includes a processor electrically coupled to the microphone and configured to receive the electrical output signal in order to extract the hidden data and provide information represented by the hidden data as an output thereof. A user interface is also provided and is electrically coupled to the processor and configured to receive a first input from the user and activate the processor to selectively initiate extraction of the hidden data. The processor produces as an output the information represented by the hidden data. Finally, the system includes a user presentation mechanism configured to present the information to the user.

Abstract: A CPU, a computer system and a secure boot mechanism are provided in which a symmetric encryption key may be incorporated into a non-volatile memory area of the CPU core, thereby substantially avoiding any tampering of the encryption key by external sources. Moreover, pre-boot information may be internally stored in the CPU and may be retrieved upon a reset or power-on event in order to verify a signed boot information on the basis of the internal symmetric encryption key. Furthermore, the BIOS information may be efficiently updated by generating a signature using the internal encryption key.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, create and use software installation packages including digital signatures.

Abstract: The object of the present invention is to safeguard the authenticity and integrity of real-time data in a distributed real-time computer system. The present invention considers other requirements of real-time data processing, such as the timeliness of real-time data transmission and limited resource availability. Frequent modification of an asymmetric key pair hinders intruders from cracking a key before its validity has expired. The present method can also be extended to safeguard the confidentiality of real-time data. It can be implemented efficiently on a multiprocessor system-on-chip (MPSoC).

Abstract: Some embodiments of the invention provide a method of verifying the integrity of digital content. At a source of the digital content, the method generates a signature for the digital content by applying a hashing function to a particular portion of the digital content, where the particular portion is less than the entire digital content. The method supplies the signature and the digital content to a device. At the device, the method applies the hashing function to the particular portion of the digital content in order to verify the supplied signature, and thereby verifies the integrity of the supplied digital content.

Abstract: A method of sending a self-signed certificate from a communication device, the self-signed certificate being signed by the communication device. The method includes: receiving a communication in relation to establishing a session from a second communication device in proximity to said communication device, outputting on an output device of said communication device a certificate hash of the self-signed certificate or an address of where to obtain the certificate hash, and sending the self-signed certificate to said second communication device. The method may also include sending a broadcast message to announce a presence of the communication device.

Abstract: The invention discloses system and method for data authentication among processors. The method comprises: generating a first key, by a first processor, according to a first identification data and a first algorithm; generating a first digest, by the first processor, according to data to be transmitted, the first identification data and a second algorithm; generating a digital signature, by the first processor, according to the first key, the first digest and a third algorithm; and transmitting the data and the digital signature from the first processor to a second processor.

Abstract: A method for creating and authenticating a digital signature is provided, including selecting a first session parameter k and generating a first short term public key derived from the session parameter k, computing a first signature component r derived from a first mathematical function using the short term public key, selecting a second session parameter t and computing a second signature component s derived from a second mathematical function using the second session parameter t and without using an inverse operation, computing a third signature component using the first and second session parameters and sending the signature components (s, r, c) as a masked digital signature to a receiver computer system. In the receiver computer system, a recovered second signature component s? is computed by combining a third signature component with the second signature component to derive signature components (s?, r) as an unmasked digital signature.

Abstract: A signature is generated by a scheme in which x denotes a secret key of a signature generating apparatus, mrec?{0, 1}M denotes a recovery message, k denotes an arbitrary value, g denotes a generator of a cyclic group G of order q, R represents gk?G, H1 represents a hash function H1: {0, 1}*?{0, 1}L, H2 represents a hash function H2: {0, 1}*?{0, 1}M that has a variable output length, H3 represents a hash function H3: {0, 1}*?Zq, r=H1(R, mrec)|mrec(+)H2(R, H1(R, mrec)), where (+) represents an exclusive-OR operator, t is defined for ?, which depends on r, as t=H3(?), s is defined as s=k?t·x?Z, and a signature is ?=(r, s).

Abstract: Apparatus, systems, and methods may operate to compare a first hashed value of at least a first decryption key, the first decryption key received from a sender, to a second hashed value of at least a second decryption key that has been received as a signed value from a receiver. Further operations may include sending the first decryption key to the receiver and sending the signed value to the sender upon determining that the first hashed value matches the second hashed value. Additional apparatus, systems, and methods are disclosed.

Abstract: An image processing apparatus is an image processing apparatus capable of reading a security paper document that has a ground design pattern and performing image processing, and is provided with: a second modification processing unit that visualizes a latent image included in the ground design pattern; a first modification processing unit that performs a modification process so that the latent image included in the ground design pattern is not visualized; a CPU that performs authentication regarding whether or not a user of the security paper document is an authorized user; and a CPU that performs control so that the first modification processing unit performs modification processing and the latent image is not visualized, or performs control so that the latent image is not visualized by the second modification processing unit, in the case where the user has been authenticated as an authorized user of the security paper document.

Abstract: An integer partitioning unit inputs an order p of a finite group G and an integer e, and calculates an integer e1 and an integer e2 that satisfy e1·e?e2 (mod p) based on the order p of the finite group G and the integer e which are input. A verification value calculation unit inputs an element s of the finite group G and an element h of the finite group G, and calculates an element a (=e1·h?e2·s) of the finite group G based on the element s and the element h which are input and the integer e1 and the integer e2 which are calculated by the integer partitioning unit in the integer partitioning process. A verification judging unit judges, based on the element a calculated by the verification value calculation unit, whether or not the element a is an identity element O of the finite group G. Hence, whether or not h =e·s is judged at high speed.

Abstract: A method of authenticating an entity by a verification entity, said entities sharing a pair of secret keys X and Y which are n×m (n, m>i) binary matrices. The method may be applied to cryptographic protocols for authenticating electronic chips at a very low cost.

Abstract: A method and apparatus for binding trusted platform module (TPM) keys to execution entities are described. In one embodiment, the method includes the receipt of an authorization request issued by an execution entity for authorization data. According to the authorization request, the execution entity may be measured to generate an entity digest value. Once the entity digest value is generated, a platform reference module may grant the authorization request if the entity digest value verifies that the execution entity is an owner of the key held by the TPM. Accordingly, in one embodiment, a platform reference module, rather than an execution entity, holds the authorization data required by a TPM to use a key owned by the execution entity and held within sealed storage by the TPM. Other embodiments are described and claimed.

Abstract: The disclosed technology generally relates to methods for identifying audio and video entertainment content. Certain shortcomings of fingerprint-based content identification can be redressed through use of human-reviewers.

Abstract: The present invention relates to both systems and methods for product authentication. A system used herein, for example, comprises a population of entities which comprises at least two distinct clusters of entities having detectable counts or relative counts of entities per cluster; a measurement system capable of measuring a signature array of said population of entities; and a means for analyzing said signature array. The methods involve the systems of the invention for authenticating a given product.

Abstract: A method for reducing overhead when transmitting and receiving an Internet Protocol (IP) packet by a device begins with receiving of the IP packet by the device. In the packet, an IP address of the packet has been removed and replaced with a watermarking signature based on the IP address. The IP address is obtained using the watermarking signature. The IP address is attached to the packet and the packet is forwarded by the device to a destination over a network using the IP address.

Abstract: A method of embedding information in a computer program code, including a plurality of program statements. The method comprises: inserting a conditional program statement in the computer program code, the conditional program statement including a condition and a plurality of alternative program statements, the conditional program statement being adapted to cause a data processing system to evaluate said condition and, responsive to a result of said evaluating step, to selectively execute one of said plurality of alternative program statements; wherein said condition is indicative of at least a part of said information; and wherein the plurality of alternative program statements are adapted to cause the computer program code to produce the same program output irrespective of which of said alternative program statements is executed.

Abstract: A digital signature generation apparatus includes memory to store finite field Fq and section D(ux(s, t), uy(s, t), s, t) as secret key, section being one of surfaces of three-dimensional manifold A(x, y, s, t) which is expressed by x-coordinate, y-coordinate, parameter s, and parameter t and is defined on finite field Fq, x-coordinate and y-coordinate of section being expressed by functions of parameter s and parameter t, calculates hash value of message m, generates hash value polynomial by embedding hash value in 1-variable polynomial h(t) defined on finite field Fq, and generates digital signature Ds(Ux(t), Uy(t), t) which is curve on section, the x-coordinate and y-coordinate of curve being expressed by functions of parameter t, by substituting hash value polynomial in parameter s of section.

Abstract: Methods and apparatus for characterizing media are described. In one example, a method of characterizing media includes capturing a block of audio; converting at least a portion of the block of audio into a frequency domain representation; dividing the frequency domain representation into a plurality of bands; determining a characteristic difference of a first band of the plurality of bands based on a comparison of a characteristic of the first band and a characteristic of a second band different from the first band, wherein the characteristic of the first band occurs at a time that is different than a time at which the characteristic of the second band takes place; and determining a signature bit based on a characteristic difference. Other examples are shown and described.

Abstract: One or more techniques and/or systems are disclosed for generating a genus 2 curve for use in cryptography. One or more invariant values used to generate the genus 2 curve are determined by evaluating one or more invariant functions on a Hilbert modular surface. The genus 2 curve is generated using the one or more invariant values to determine an equation describing the genus 2 curve. A group is generated from the genus 2 curve, and the group may be used for a cryptographic application.

Abstract: A plurality of users is assumed in which user A is the owner of content providing the source of a link, user B is the owner of the content providing the destination of the link, and user C is a viewer. Each user has a private key and a public key, and the public keys are shared by the users. User B selects user C in advance as a viewer. User B creates data including a value in which an encryption key with a proxy signature generated on the basis of the public key of user C and its own private key is encrypted using the public key of user A, and distributes the data to user A, which is the owner of the content providing the source of the link. User A decrypts the received data including the value using its own private key. This makes a function available based on encryption with the proxy signature. User A converts the link information using this function, signs the information using its own private key, and sends it to user C.

Abstract: A hash module of a mail sender creates a hash data context structure. The hash module processes the headers and the body of an e-mail message in the order required, for example by the DKIM specification, until the data to be hashed has been input. The hash module converts the context structure into printable characters and the encoded structure is transmitted over the Internet or other network to the next participating system. The token authority's hash module decodes the context back into binary form. After ensuring business logic is satisfied, it generates additional headers required for signature, which are then added to the developing hash. The hash module finalizes the hash function and creates the hash value. The authorization module creates the signature and returns it to the e-mail module, which attaches the signature to the message and transmits it to the destination mailbox provider, which verifies the token.

Abstract: Authenticity and responsiveness of evidence (e.g., biometric evidence) may be validated without regard for whether there is direct control over a sensor that acquired the evidence. In some implementations, only a data block containing evidence that is (1) appended with a server-generated challenge (e.g., a nonce) and (2) signed or encrypted by the sensor may validate that the evidence is responsive to a current request and belongs to a current session. In some implementations, trust may be established and/or enhanced due to one or more security features (e.g., anti-spoofing, anti-tampering, and/or other security features) being collocated with the sensor at the actual sampling site.

Abstract: A system and method for code signing. The entities may be software application developers or other individuals or entities that wish to have applications digitally signed. Signing of the applications may be required in order to enable the applications to access sensitive APIs and associated resources of a computing device when the applications are executed on the computing device.

Abstract: Systems and methods are provided for protecting and managing electronic data signals. In one embodiment a strong watermark is inserted in a data signal that is divided into a sequence of blocks, and a digital signature for each block is embedded in the signal via a watermark. The signal is then stored and distributed. When attempts are made to use or access the signal, the signal is checked for the presence of a watermark containing the digital signature for the desired portion of the signal. If the watermark is found, the digital signature is extracted and used to verify the authenticity of the desired portion of the signal. If not found, the signal is checked for the presence of the strong watermark, which if found causes the system to inhibit further use of the signal, and if not found further use of the signal is allowed.

Abstract: A system for protection against unauthorized modifications of digital content, in particular image content, in which a content processing system retrieves content, a fingerprint for the content and at least one modification limit expressing authorized modifications to the content. The content may then be modified, but before saving or exportation is allowed, a second fingerprint is calculated, and the difference between the fingerprints is compared with the at least one modification limit. If the difference is within the allowed bounds, then saving or exportation is allowed; if not, it is prevented. Also provided are a method and a content consumer device performing essentially the same steps before allowing rendering of the content.

Abstract: In one embodiment, the present invention is a method and apparatus for creating and editing electronic documents. One embodiment of the inventive method involves generating an electronic document in a first document format type, in accordance with one or more user-specified parameters, and converting the electronic document from the first document format type into a second document format type, in accordance with a user instruction to finalize the electronic document. In one embodiment, the first document format type is a structured document format type, such as hypertext markup language or extensible markup language, while the second document format type is a secure document format type such as portable document format.

Abstract: A video watermarking scheme is disclosed, which is designed for the digital cinema format, as it will be used on large projector screens in theaters. The watermark is designed in such a way that it has minimal impact on the video quality, but is still detectable after capture with a handheld camera and conversion to, for instance, VHS, CD-Video or DVD format. The proposed watermarking system only exploits the temporal axis. This makes it invulnerable to geometrical distortions generally caused by such a way of capturing. The watermark is embedded by modulating a global property of the frames (e.g. the mean luminance) in accordance with the samples of the watermark. The embedding depth is preferably locally adapted within each frame to local statistics of the respective image. Watermark detection is performed by correlating the watermark sequence with extracted mean luminance values of a sequence of frames.

Abstract: A flash storage device and a method for using the flash storage device to prevent unauthorized use of a software application are provided. An identifier may be encoded within specific sectors of the flash storage device. One bits of the identifier may be encoded as unusable ones of the specific sectors and zero bits of the identifier may be encoded as usable one of the specific sectors. Alternatively, the zero bits of the identifier may be encoded as the unusable ones of the specific sectors and the one bits of the identifier may be encoded as the usable ones of the specific sectors. The software application may be permitted to execute on a processing device connected to the flash storage device only when the identifier is encoded within the flash storage device.

Abstract: The present invention provides a signature generation device and a signature verification device capable of countering a transcript attack that seeks a private key by analyzing a plurality of signed documents (pairs of a message and a signature) signed using the NTRUSign signature scheme. The signature generation device calculates a hash value vector H of message data, adds a vector based on a private distribution to the hash value vector H to calculate a converted hash value vector H?, and seeks, as a signature vector S, the closest lattice point to the converted hash value vector H? in a lattice defined by private key basis vectors. The signature verification device determines whether the distance between the hash value vector H of the message data and the signature vector S is equal to or less than L? and, if so, recognizes the message data as valid.

Abstract: Systems, methods, apparatus and computer-executable instructions stored on computer-readable media for communicating a modified hash message authentication code (HMAC) signed message between two endpoints are provided. The HMAC signature of the message may include a plurality of components. In some cases, the HMAC signature is a Server Message Block (SMB) signature. The first and/or second endpoint may be a client, server, or host. Some embodiments of the present application utilize a proxy, such as a CIFS proxy. In one embodiment, HMAC signature information sent from the first endpoint to the second endpoint may be intercepted. A value for a component of the HMAC signature may be determined by, for example, using the intercepted HMAC signature information. The intercepted message may be modified, resigned using the intercepted HMAC signature information, and transmitted to a receiving endpoint.

Abstract: A system and method that trusts software executables existent on a machine prior to activation for different types of accesses e.g. execution, network, and registry. The system detects new executables added to the machine as well as previously existent executables that have been modified, moved, renamed or deleted. In certain embodiments, the system will tag the file with a flag as modified or newly added. Once tagged, the system intercepts particular types of file accesses for execution, network or registry. The system determines if the file performing the access is flagged and may apply one or more policies based on the requested access. In certain embodiments, the system intercepts I/O operations by file systems or file system volumes and flags metadata associated with the file. For example, the NT File System and its extended attributes and alternate streams may be utilized to implement the system.

Abstract: A method for authenticating a message that is transmitted wirelessly. The method includes providing a set of private key values that define a private key and performing a key pair generation process that provides a key pair including the private key and a public key, where performing the key pair generation process includes applying one or more hash functions to the private key values, where a succeeding hash function provides a hash of a previous hash function. The scheme uses a signature generation process that generates a message digest by applying a hash function on the message to be signed and then separates the message digest into two parts including signing bits and selection bits and using the private key to sign the message. A receiver verifies the authenticity of the received message using the public key and a signature verification algorithm.

Abstract: An image processing apparatus includes a first partial information providing unit that provides first partial information to another device holding a first signing key KS corresponding to a first verification key KV, the first partial information constituting a part of a second verification key KV? (KV??KV) that is capable of verifying an electronic signature ? generated using the first signing key KS and being unable to identify the second verification key KV?; a second partial information acquisition unit that acquires second partial information which is generated by the another device using the first partial information and the first signing key KS, and which is unable to identify the first signing key KS and used for generating the remaining part of the second verification key KV?; and a second verification key generation unit that generates the second verification key KV? based on the first and second partial information.

Abstract: Systems, methods, and software for providing digital security to a child message transmitted from a mobile device to a messaging server, where the mobile device typically does not transmit the parent message with the child message to the messaging server. Whether to apply digital security, such as encryption or a digital signature, or both, is determined, and if the mobile device does not include a complete copy of a parent message for insertion into the child message, the mobile device selectively downloads the parent message from the messaging server prior to the computation of a digital signature or prior to encryption. The systems and methods may also provide a check of the child message size, when the child message includes inserted parent content, to ensure that the child message does not exceed any prescribed limits on message size.

Abstract: A method and apparatus that simulates a workflow and analyzes the behavior of information assurance attributes through a data providence architecture is disclosed. The method may include injecting one or more faults into a simulated workflow, receiving a message in the simulated workflow having a data provenance wrapper, examining each data provenance record of the message and any attachments for discrepancies, identifying any discrepancies in the examination of each data provenance record of the message and any attachments; calculating a degree of trust based on any discrepancies identified in the examination of each data provenance record of the message and any attachments, analyzing the calculated degree of trust with respect to the one or more injected faults and the information assurance attributes, and outputting the analysis to a user.