Abstract: Systems, methods, and software for providing digital security to a child message transmitted from a mobile device to a messaging server, where the mobile device typically does not transmit the parent message with the child message to the messaging server. Whether to apply digital security, such as encryption or a digital signature, or both, is determined, and if the mobile device does not include a complete copy of a parent message for insertion into the child message, the mobile device selectively downloads the parent message from the messaging server prior to the computation of a digital signature or prior to encryption. The systems and methods may also provide a check of the child message size, when the child message includes inserted parent content, to ensure that the child message does not exceed any prescribed limits on message size.

Abstract: An information processing apparatus includes a data processing unit which executes processing for decoding and reproducing encrypted content. The data processing unit executes processing for determining whether the content can be reproduced by applying an encrypted content signature file. The encrypted content signature file stores information on issue date of the encrypted content signature file and an encrypted content signature issuer certificate with a public key of an encrypted content signature issuer. In determining whether the content can be reproduced, the data processing unit compares expiration date of the encrypted content signature issuer certificate with the information on issue date of the encrypted content signature file, and does not perform processing for decoding and reproducing the encrypted content when the expiration date is before the issue date, and performs the processing for decoding and reproducing the encrypted content only when the expiration date is not before the issue date.

Abstract: Content screening operations are facilitated in devices that receive a content that is subject to screening obligations. When such a content is received at a device, a watermark extraction record is obtained and accessed to fulfil content screening obligations. Upon the receipt of such an extraction record, verification of the received extraction record is carried out based on a verification rate. If the verification is successful for an extraction record with permissive information, the verification rate is decreased, thereby reducing the processing load of the device. If the verification is unsuccessful, the verification rate is increased, which can adversely affect the processing load of the device.

Abstract: For protecting by watermarking against non-authorised use, e.g. non-authorised recording or copying, original audio or video data which are to be presented in a digital cinema, a sender site generates from the original signal at least two differently pre-watermarked versions for successive blocks or frames of the signal, wherein these versions are derived by applying a repeated watermark symbol value to a version and different watermark symbol values to the different versions. The pre-watermarked signal versions are encrypted and transferred e.g. as data files to a digital cinema unit in which they are decrypted. According to the values of a desired watermark information word, corresponding frames or blocks from said decrypted and pre-watermarked versions are assembled in a successive manner, so as to provide and present a watermarked version of said original audio or video signal that carries said watermark information word.

Abstract: To reduce a load on a user terminal imposed when verifying signature data and at the same time reduce a load on a server, a signature key matrix KM includes a plurality of signature keys Ki-j arranged in a matrix structure of m rows and n columns, and is stored in a signature key matrix database 21. A correspondence relationship between a signature key set CK which is an aggregate of any signature keys selected from the n columns respectively and a user terminal 30 is stored in a correspondence relationship information database 22. A signature data generating unit 24 generates signature data having a matrix structure by encrypting a content digest D generated based on content data C by n number of signature keys included in the signature key matrix KM.

Abstract: According to one embodiment, a security gateway (SG) is coupled between a hypertext transport protocol (HTTP) client and a web application server. Responsive to a first HTTP message being transmitted between the HTTP client and the web application server as part of an HTTP session, the SG generates security gateway session security state information (SGI) based on a policy. The SG also generates a digital signature (SGS) from the SGI, creates an SG signed session security state information cookie (SGC), and sends the SGC to the HTTP client for storage instead of storing the SGI in the SG. Responsive to a second HTTP message of the HTTP session, the SG attempts to validate a claim made in the second HTTP request using at least the policy and the SGC that is supposed to be returned with the second HTTP message.

Abstract: The present invention relates generally to generating travel-logs or geographical representation of encountered media. One claim recites a method including obtaining a plurality of imagery, wherein each item of imagery from the plurality of imagery comprises steganographic encoding, the steganographic encoding altering data representing the imagery, the steganographic encoding comprising multi-bit data, and wherein the presence of the multi-bit data is imperceptible to a human observer of the imagery absent machine-detection; detecting the multi-bit data from the plurality of imagery, wherein the multi-bit data is associated with geolocation metadata; and providing a geographic path associated with the plurality of imagery based at least in part on the geolocation metadata. The geographic path is provided for display to a user relative to a graphical map. Of course, other different claims are provided as well.

Abstract: A method for managing an agent includes verifying an integrity of the agent in response to a registration request. Memory protection is provided for the agent dining integrity verification. An indication is generated when registration of the agent has been completed. According to one aspect of the present invention, providing memory protection includes having a virtual machine monitor limit access to the agent. Other embodiments are described and claimed.

Abstract: An approach is provided for managing access rights of users to information spaces using signatures stored in a memory tag. A signature manager caused reading of a memory tag to initiate a request, from a device, for an initial access to an information space. The request includes an authorization signature associated with the device. The signature manager determines a level of access to the information space by comparing the authorization signature against a lattice of signature primitives associated with the information space. The signature manager then modifies the authorization signature based on the determination and stores the modified authorization signature for validation of subsequent access to the information space by the device.

Abstract: A watermarking apparatus for an electronic circuit is described, which comprises the following features: a watermark memory operative to store a watermark characterizing said electronic circuit, and a watermarking signal generator operative to generate based on said watermark a watermarking signal on a power supply line of said electronic circuit, wherein said watermarking signal is detectable for a recognition of said watermark.

Abstract: A license to use content (e.g., a movie, song, application, etc.) is provided to a consumer. The license allows for use of the content by the device the consumer is using (e.g., logged into) and devices near the device the consumer is using. For example, a first computing device obtains a license to restricted content. A second computing device obtains a copy of the restricted content; however, the second computing device is not licensed to use the content and may not be able to access the content because the content is encrypted or otherwise restricted. The first computing device is brought into proximity with the second computing device. In response to detecting that the first computing device is in proximity with the second computing device, the second computing device is provided with legal access to the restricted content. The second computing device can then decrypt (or otherwise access) and play the content.

Abstract: Various embodiments of a system and method for parts-based digital rights management are described. Various embodiments may include a digital rights management component configured to receive content comprising a plurality of portions of content. The digital rights management component may also receive a license for the encrypted content; the license may include a plurality of permissions each specific to a respective portion of the content. Additionally, each permission may specify one or more access privileges for the respective portion of the content. The digital rights management component may receive a digital signature for the entire license. The digital rights management component may validate the digital signature to determine that the permissions have not been modified. The digital rights management component may also be configured to, in response to determining that said permissions have not been modified, provide access to content in accordance with said license including said permissions.

Abstract: One embodiment of the present invention provides a system that uses digital certificates to facilitate enforcing licensing terms for applications that manipulate documents. During operation, the system obtains a credential, wherein the credential includes a private key and a digital certificate containing a corresponding public key. This digital certificate also contains a profile specifying allowed operations which can be performed on documents signed with the credential. Next, the system digitally signs a document using the credential, so that the resulting signed document is signed with the private key and includes a copy of the digital certificate with the profile specifying the allowed operations. The certificate issuer can subsequently revoke the digital certificate (which effectively revokes the license) if teens of a license agreement associated with the digital certificate are violated.

Abstract: Data received over a network is processed by a server. The processing includes determining identity information corresponding to an identity associated with a document represented by document data received over an input port of the server from a sender. At the server, a private key is computed based on: a master private key, and the identity information. At the server digital information is computed based at least in part on the document data using the computed private key. The digital information is stored in a storage medium accessible to the server in association with the identify information.

Abstract: A method and system for steganography and steganalytic techniques are provided for effecting embedded communications in a variety of communication environments. One aspect may include an embedded transmitter for inserting embedded data into a packet and an embedded receiver for receiving the packet via, for example, a packetized communication network such as the Internet. Various aspects of the present invention provide robust communications with optimized throughput and may include various error handlers to maximize performance and ensure transfer of incorrupt data. A method for identifying and blocking embedded communications is also provided.

Abstract: A system and method for performing a security check may include using at least one processor to periodically check a status of a flag, generate and store a baseline representation of modules stored on the device where the flag is determined to be set to a first state, and, where the flag is determined to be set to a second state, generate an active representation of modules stored on the first device, compare the active representation of modules to the baseline representation of modules, and, responsive to a determination in the comparing step of a difference between the baseline and active representations of modules, output an alert. The flag status may depend on an association of the device with one of a plurality of authorization policies, each mapped to one of the two states. Results of the comparison may be appended to an activity log of the device.

Abstract: Systems and methods for updating status of digital certificate subkeys. A request is made to a key server to verify if a given key is revoked. If it is not, then the key with its subkeys is acquired from the key server. If one or more subkeys or signatures of the subkeys are different in the acquired key, then the key is replaced.

Abstract: A method and an apparatus to process a digital image is provided. The method may comprise receiving host image data, receiving audio data and embedding the audio data within the host image data to provide an embedded image wherein the audio data if freely recoverable from the embedded image. The method may comprise processing the audio data using a Short Term Fourier Transformation (STFT) prior to embedding the audio data within the host image data. The method may reduce an amount of digital data that represents an audio signal included in the audio data prior to embedding the audio data within the host image. In one embodiment, the method comprises quantizing magnitude data and discarding phase data of the audio signal to provide the audio data for embedding. The method may comprise quantizing the audio data to match a shell of a D4 Lattice.

Abstract: The present invention captures user's biometric data during enrollment and converts it by a given conversion parameter to create a template. It creates verification information for the conversion parameter, and enrolls it in an authentication server together with the template. The conversion parameter is stored in an IC card or the like for issuance to the user. During authentication, the authentication server verifies that the authentication terminal knows the conversion parameter, using conversion parameter verification information. Next, the authentication terminal converts user's biometric data newly captured by a conversion parameter to create matching information, and transmits it to the authentication server. The authentication server matches the matching information with the template to determine whether the user is a principal.

Abstract: A signing method, apparatus, and system, which relate to the information security field. The present invention overcomes the problem of signature counterfeit in prior art. The client host generates a transaction message and determines the key information of the message after receiving transaction information entered by a user, forms a data packet for signing, and transmits the data packet to the USB key, which will then extract the key information and output it for confirmation by the user, and if a confirmation is received, the USB key signs the data packet and transmits a signature to the client host; after receiving the signature and the transaction message from the client host, the server extracts the key information from the transaction message to form a data packet for signing and verifies the signature against the data packet. The embodiments of the present invention are mainly applicable to the field of information security.

Abstract: The invention relates to a method of authentication and session key agreement for secure data transmission between a first and second data communication entity in an electronic data transmission system. Furthermore, the invention relates to an electronic transmission system to perform a method of authentication and session key agreement.

Abstract: Methods, devices and computer program products facilitate the extraction of embedded watermarks in the presence of content distortions. Subsequent to the detection of a tentative watermark, particular sections of the content are examined to form one or more extrapolated watermarks or watermark segments. Weights are assigned to the extrapolated watermarks or watermark segments, and used in combination with the detected tentative watermark to collectively assess if a desired probability of false detection is satisfied.

Abstract: Methods, devices and computer program products facilitate the extraction of embedded watermarks in the presence of content distortions. Pre-distorted synchronization templates are used to detect synchronization portions of embedded watermark frames. A pre-distorted synchronization template that best matches the synchronization portion of the embedded watermark frame produces an estimation of one or more distortions that are present in the content. The remainder of watermark frame can be evaluated based on the outcome of the comparison.

Abstract: Systems and methods are provided for enchancing pseudo random number generation to thwart various security attacks to a system that relies on digital signature security measures. For example, a random number may be bound to a message that is to be signed using a digital signature. Alternatively, a random number may be bound to a secret seed value, which may be updated subsequent to each signing. Alternatively still, a random number may be bound to both the message to be signed using a digital signature and a secret seed value.

Abstract: Methods and devices for allowing a wireless communication device (1301) initially unauthorized for communication with a network to obtain persistent soft network subscription credential information (1303) from a wireless communication device (1401) initially authorized for communication with the network are disclosed. In performing the persistent transfer of the soft network subscription credential information (1303), one of a token management module (1312), a session initiation protocol communication module (1408), or a electronic rights manager (1406) may be used to ensure that only one communication device is capable of communicating with a network at any one time.

Abstract: This invention relates generally to a method and apparatus, as implemented by a software program on a computer system, for digitally producing counterfeit-deterring scrambled or encoded indicia images. This method and system are capable of combining a source image with a latent image so the scrambled latent image is visible only when viewed through a special decoder lens. The digital processing allows different latent images to be encoded according to different parameters. Additionally, latent images might be encoded into single component colors of an original visible image, at various angles from each other.

Abstract: Embodiments disclosed allow authentication between two entities having agreed on the use of a common modulus N. The authentication includes generating a pseudorandom string value; generating a public key value based on the modulus N and the pseudorandom string value; generating a private key value corresponding to the public key value; receiving a verifier's public key value; generating a shared secret value based on the modulus N, the private key value and the verifier's public key value; calculating an authentication signature value using the shared secret value; and transmitting the authentication signature value for authentication. When the authentication signature is received, the public key value and the shared value are generated to calculate an authentication signature value. Thereafter, the authentication signature values are compared and authenticated.

Abstract: A technique to ensure watermarking a highest selected layer for decoding when receiving a scalable coded bitstream having a plurality of bitstream layers. In one technique, the watermark is associated only with the highest layer that is selected from the hierarchically arranged layers and not in any of the lower layers of the hierarchy. In another technique, the watermarks are present in all the layers, but each lower layer watermark is compensated in a next higher layer to remove effects of the presence of the lower layer watermark in the next higher layer.

Abstract: The present invention provides steganographically embedded auxiliary data in motor vehicle documentation. The auxiliary data is used to authenticate the documentation or provide additional or redundant information pertaining to the documentation. Examples of such documentation are license plates, vehicle titles, insurance cards, registration cards and emissions documentation. In one implementation of the invention, a title document is digitally watermarked for authentication. The digital watermark may include a digital signature related to a buyer and a digital signature related to a seller. In another implementation, the transfer of motor vehicles is facilitated via digital watermarking. In still another implementation, a document includes two or more digital watermarks. The digital watermarks are intertwined with each other and at least one of the watermarks is intertwined with the document.

Abstract: The subject invention relates to a system and methodology facilitating automated manufacturing processes in a regulated industrial controller environment. In one aspect, a system for automated industrial processing is provided. The system includes an interface component to facilitate processing of one or more electronic signature components and a verification component that operates with the interface components and the electronic signature components to validate requested or proposed process changes before actual system implementation of the process changes.

Abstract: Techniques for authentication via a mobile device are provided. A mobile device is pre-registered for website authentication services. A user encounters a website displaying an embedded code as an image alongside a normal login process for that website. The image is identified by the mobile device, encrypted and signed by the mobile device and sent to a proxy. The proxy authenticates the code and associates it with the website. Credentials for the user are provided to the website to automatically authenticate the user for access to the website bypassing the normal login process associated with the website.

Abstract: Methods and systems for video transmission and processing with customized watermarking delivery are disclosed and may include watermarking data at a communication device utilizing received global positioning (GPS) data and communicating the watermarked video data to a receiving communication device. The receiving communication device may verify the watermarked data, and may determine whether to render the received watermarked data based on the verification. The communication device may include an edge device, and may receive a feedback signal communicated from the receiving communication device. The watermarking of subsequently processed data may be adjusted based on the received feedback signal, which may include GPS data and/or device parameters corresponding to the receiving communication device. The watermarked video data communicated to the receiving communication device may be adjusted based on one or more device parameters corresponding to the receiving communication device and/or GPS information.

Abstract: A method for providing digital signatures for authenticating the source and content of binary files which are flash programmed into automotive embedded controllers. A piece of electronic content is digitally signed on a signing server by creating a hash value and encrypting it using the signer's private key. The content file and digital signature files are then delivered using one of several alternative approaches to a programming tool, which in turn loads the content and signature files onto the controller on which the content will execute. The controller verifies the content by decrypting the signature file to restore the hash value, and comparing the decrypted hash value to a hash value calculated from the content itself. Multiple signature files for a piece of content are supported.

Abstract: A computer divides a target electronic document into a plurality of document segments. Then, the computer generates a signature (s, t) that includes a set of two values having a signature value s forming a signature on the electronic document and a deletion signature value t used for deletion, the signature value s which serves as a body of the signature being formed by a superposition of signature information on the individual document segments. Then, in a case where one of the plurality of document segments obtained by the division is to be extracted, the computer superimposes deletion information of a document segment to be deleted on the deletion signature value t to generate a new signature value t?, and produces an updated signature (s, t?).

Abstract: A transaction system combats malware and phishing-based MitM attacks on transaction processing systems by using digital signatures to integrity-protect the user-verified transaction data. With this system, a user submits a transaction from a client device (e.g., desktop web browser) over a communications channel to a server device, such as a transaction server. Before accepting the transaction, the transaction server securely delivers all relevant transaction data to a second device (e.g., the signing device), such as a smart phone, in the possession of the user. The signing device has its own distinct communication channel with the server device. The user verifies the data and the signing device creates a digital signature value for the transaction. The user submits the signature to the transaction server to confirm the transaction with the transaction server.

Abstract: According to some embodiments of the invention, a message is processed before encryption so that the encryption method generates a short ciphertext. The message processing can be viewed as a mapping (610) that maps the message into another message that generates the short ciphertext. The mapping is reversible at least if the (possibly encoded) message (H(M)) is in a restricted set, e.g. a set [0,h?] of short messages. In some embodiments of the present invention, short signatures are provided by mapping the signature into a short signature. The mapping (810) is reversible at least if the original message (H(M)) used to generate the signature is short. Signcryption, aggregate signature, and ring signature outputs are also shortened.

Abstract: A receiver is configured to receive, from a mobile device of a first type adapted to read a content from a recording medium and run the content, a first device identifier identifying the mobile device of the first type and a recording medium identifier identifying a recording medium loaded in the mobile device of the first type, along with a digital signature generated in the mobile device of the first type using an encryption key secretly stored in the mobile device of the first type. A signature verification unit is configured to verify the authenticity of the digital signature. A voucher issuance unit is configured to issue a voucher to a mobile device of a second type adapted to acquire a content by downloading the content and to run the content accordingly and mapped into the mobile device of the first type, so that the mobile device of the second type is capable of downloading a content.

Abstract: Provided is an authentication device including a key setting unit for setting a multi-order polynomial ui(t) (i=1 to n?1) to a secret key and setting a multi-order polynomial f that satisfies f(u1(t), . . . , un-1(t),t)=0 to a public key, a message transmission unit for transmitting a message c to a verifier, a verification pattern reception unit for receiving information on one verification pattern selected by the verifier from k (k?3) verification patterns for one message c, and a response transmission unit for transmitting, to the verifier, response information, among k types of response information, corresponding to the information on the verification pattern received by the verification pattern reception unit. The response information is information that enables calculation of the secret key ui in a case all of the k verification patterns for the message c performed by using the k types of response information have been successful.

Abstract: A method of generating a self-authenticating printed document and authenticating the printed document. The back side of the printed document contains 2d barcode which encode extracted features of the document content. The features are hashed into a hash code, converted to a barcode stamp element, and transformed into a hierarchical barcode stamp by repeating the stamp element. The hierarchical barcode stamp is printed as a gray background pattern on the front side of the same sheet of printed document. To authenticate the printed document, the barcodes on the back side are read to extract the document features. The features are hashed into a hash code and compared to the hash code extracted from the hierarchical barcode stamp on the front side of the document to detect any alterations of the back side barcodes. Further, the document features extracted from the front and back sides of the document are compared.

Abstract: A key is securely injected into a POS PIN pad processor in its usual operating environment. In response to entry of a personal identification number (PIN) into a PIN pad, the processor puts the PIN into a PIN block; puts additional random data into the PIN block; and encrypts the entire PIN block using asymmetric cryptography with a public key derived from the injected key residing in the PIN pad processor. The corresponding private key may be held securely and secretly by an acquirer processor for decrypting the PIN block to retrieve the PIN. The encrypted random data defends the PIN against dictionary attacks. Time stamp data and constant data encrypted with the PIN block enables a defense of the PIN against replay attacks and tampering. The method may also include accepting the PIN from a mobile phone in communication with the processor.

Abstract: An electronic file approval management system includes information terminal devices for a creator creating an electronic file and for an approver approving the file. The device for approver includes an electronic information transmitter-receiver storing and retrieving information with the device for creator, an input unit being input an approval result, a first print data converter converting the file into first print data, a first approval information extractor extracting first approval information, and a key creation unit creating an approval key.

Abstract: Signatures are generated for modules in a computer system. The signatures can be assembled into an integrity log. The signatures are compared with signatures in a database in an integrity validator. Once signatures are either validated or invalidated, a trust score can be generated. The trust score can then be used to determine whether the computer system should be granted access to a resource using a policy.

Abstract: In at least one embodiment, there is provided a mobile wireless device comprising: a microprocessor and memory, the memory comprising a set of control settings used to control a plurality of device operations; wherein the microprocessor is configured to: receive a first digital signature key for verifying digital signatures on software applications to be installed on the device; determine if any digital signature keys for verifying digital signatures on software applications to be installed on the device exist on the device, and if not, store the received first digital signature key in the memory; receive a software application for installation on the device; verify a digital signature on the received software application using the first digital signature key; and install the software application on the device if the digital signature on the received software application is successfully verified.

Abstract: A method for processing security communication protocol compliant signed receipts at a mobile communication device linked to a host system is provided. The host system receives an email message linked to a digital signature, and a signed receipt. The host system redirects the signed receipt to the mobile communication device. The host system determines if the email message is available at the mobile communication device, and if not, the host system retrieves the email message and redirects the email message to the mobile communication device. The mobile communication device can then verify the signed receipt based on the email message. Optionally, rather than the email message, the host system retrieves and/or recalculates data elements associated with the email message and required to verify the signed receipt, and redirects these data elements to the mobile communication device.

Abstract: A method and system for conducting a transaction involving digital content is provided. The system includes, a first user of a first mobile device connected to a network; a second user of a second mobile device connected to the network; a MNO that is functionally coupled to the first mobile device and the second mobile device and to a digital content provider and a rights issuing authority. The MNO receives a request for digital content from the first user, searches for the requested digital content and if the second user has the requested digital content, then the MNO obtains any rights to re-distribute/access the requested digital content; and the second user, the digital content provider and the MNO are compensated for distributing the requested digital content from the second mobile device to the first mobile device.

Abstract: Example embodiments herein include a license manager process that receives a license query from a server device. The license query requests usage data associated with a permanent license on a client device. In response to receiving the license query, the license manager procures the usage data associated with the permanent license on the client device. The license manager then transmits the usage data associated with the permanent license to the server device. Furthermore, the license manager receives a revocation request from the server device. In this manner, the revocation request is received in response to transmitting the usage data associated with the permanent license to the server device. In turn, the license manager revokes the permanent license that was indicated in the revocation request to disable use of the respective application on the client device.

Abstract: A system and method for the creation and automated selection and inclusion an automated signature text with an electronic message, wherein the automated selection of the automated signature text is dependent on attributes of the message, the designated recipients, or attributes of the designated recipients as compared to the sender's attributes, such as the encoding type and/or transport method selected for the electronic message or the location of the recipient without the need for multiple user profiles or manual editing by the sender. At least one of a plurality of automated signature texts is associated with at least one encoding type of a plurality of encoding types, at least one message transport type, or with at least one predeterined recipient attribute or the outcome of a comparison of the recipient attribute with the sender's attributes. The appropriate automated signature text is inserted prior to encoding of the message for transport.

Abstract: A technique to verify firmware. One embodiment of the invention uses a processor's micro-code to verify a system's firmware, such that the firmware can be included in a trusted chain of code along with the operating system.

Abstract: A memory device and method for embedding host-identification information into content are disclosed. In one embodiment, a memory device is provided comprising a memory operative to store content and a controller in communication with the memory. The controller is operative to receive a credential comprising host-identification information from a host in communication with the memory device, authenticate the host using the credential, receive a request from the host to play content stored in the memory, embed the host-identification information into the content, and send the content with the embedded host-identification information to the host.

Abstract: A method for secure printing is presented. A document management system (DMS) is provided within a server computer for storing, displaying and printing a plurality of documents. At least a portion of the documents require authentication information for displaying and printing. A web-based capture protection system is provided that prevents proprietary content displayed on a display device from being screen-captured. The web-based capture protection system is combined with the DMS to augment the DMS with capture protection of displayed documents, including intercepting retrieval requests from a client computer to display documents from the DMS.