Abstract: A computing system in which a software component executing on a platform can reliably and efficiently obtain state information about a component supported by the platform through the use of a shared memory page. State information may be supplied by the platform, but any state translation information needed to map the state information as supplied to a format as used may be provided through the shared page. In a virtualized environment, the state translation information can be used to map the value of a virtual timer counter or other component from a value provided by a virtual processor to a normalized reference time that will yield the same result, regardless of whether the software component is migrated to or from another virtual processor. Use of a shared page avoids the inefficiency of an intercept into a virtualized environment or a system calls in native mode operation.

Abstract: A system and method for providing secure one-way transmissions in a vehicle wireless communications system. The system and method rely on a clock signal to assure that the vehicle and server receive proper messages. The vehicle and the server will periodically synchronize their internal clocks to a global clock signal. The server will add its local time to the body of a message including a vehicle identification number and a function code. The server will then encrypt the message and transmit it to the vehicle. The vehicle will decrypt the message and compare the transmitted vehicle identification number with its identification number. If the identification numbers match, the vehicle will then see if the time in the message is within a predefined window of the vehicle time. If the transmitted time is within the predefined window of the vehicle time, the vehicle will accept the message and perform the function.

Abstract: A method for secure identity processing using biometrics is provided. A public key and a unique serial number are received from a BIOTOKEN. A random number is generated. The random number and the unique serial number are transmitted to the BIOTOKEN. A serial number received from the BIOTOKEN is compared with the unique serial number and if there is a match, an encrypted symmetric key, transmitted by the BIOTOKEN, is decrypted using the public key. An encrypted random number and encrypted biometric data associated with a user are decrypted using the decrypted symmetric key. The decrypted random number is compared with the transmitted random number, if there is a match, the decrypted biometric data is validated and the received serial number and the public key are transmitted to a certification authority if the biometric data is validated. An authentication certificate associated with the BIOTOKEN is issued by the certification authority.

Abstract: A method of effectively managing information shared by synchronizing between a plurality of Universal Plug and Play (UPnP) devices is provided. According to the method, all devices exchange version information of the devices at initial synchronization, and when shared information stored in some of the devices is changed, a device changing shared information transmits new version information to the other devices via an event message, so that all of the devices can maintain the latest shared information. Also, by having a counter indicating an update state of respective parts of shared information, when shared information is changed by a plurality of the UPnP devices, it is easy to recognize which part from among the respective parts of the shared information is the latest.

Abstract: Systems and methods are disclosed for authenticating electronic messages. A data structure is generated by a computer server which allows for the authentication of the contents and computer server identity of a received electronic message and provides a trusted stamp to authenticate when the message was sent. Data which can authenticate the message, the computer server identity, and the time the message was sent is included into a data structure which is called an Electronic PostMark (EPM).

Abstract: A tamper-proof cap adapted to be mounted on a large assembly for shielding a selected area of the large assembly is disclosed. The tamper-proof cap comprises a laminate stack-up structure wherein at least one open chamber is formed. The stack-up structure comprises at least two layers wherein tamper-proof layers are formed on top of the open chamber. A plurality of vias are disposed around the open chamber, forming with said tamper proof layers a tamper-proof structure around said open chamber. The vias are adapted for connecting the tamper-proof layers to the large assembly when the tamper-proof cap is mounted. In a preferred embodiment, the tamper-proof cap further comprises a shielding layer on top of the tamper-proof layer that are preferably done using conductive ink.

Abstract: A database system that issues a reference transaction by designating a time stamp. Data structures are provided for making an inquiry about the latest value at a designated time using a database in which values and information on times associated with the individual values are contained in a table. One of the data structures includes, for each of IDs associated with the values in the database, at least one time stamp that is sorted in chronological order (hereinafter referred to as a first time stamp); values belonging to the individual first time stamps; and a pointer that designates one of the first time stamps, the first time stamps indicating the times when the values become valid. The other of the data structures includes, for each of the IDs, the designated first time stamp and a value belonging to the designated first time stamp.

Abstract: A system is provided to monitor a user's interaction with a computer. The system may comprise a reference string generator to generate a random reference string, an image generator to generate an image including the random reference string, a communications module to communicate the image to a client computer for display to a user and to receive user input data and a comparator to compare the random reference string and the user input data to detect human interaction with the computer. The image including the random reference string may be generated such that each character in the random reference string is off-centered.

Abstract: The present invention relates generally to systems for creating and authenticating printed objects using authentication information. One implementation recites: An apparatus for determining authenticity of a digital representation of an object. The digital representation includes embedded first authentication information. The apparatus includes: a storage system in which stored second authentication information is associated with stored reference codes; and a processor which receives the digital representation and a reference code associated therewith.

Abstract: Embodiments of methods and apparatus for providing an access profile system associated with a broadband wireless access network are generally described herein. Other embodiments may be described and claimed.

Abstract: Methods and systems for random data access for security applications are disclosed and may comprise generating on a chip, a random process index. A data process may be randomly selected on the chip utilizing the generated random process index. A time interval may be randomly allocated on the chip. After the time interval, the randomly selected data process may initiate processing of data. The processing of the data may comprise accessing the data and/or acquiring the data. The data may be verified by the selected data process prior to the processing of the data. The data may be verified utilizing a digital signature verification algorithm, for example.

Abstract: A notary document processing system and related methods are described. The system receives files uploaded by users, processes them by applying a document ID, time stamp, etc. to pages of the document, and converts them to a read only format for storage. Once the documents are processed and stored in the system, they cannot be changed by any user including the owner of the document. The system makes stored documents available to the owner or other users upon the owner's request or permission. The system also processes files generated from short messages inputted by users and annotated versions of existing documents. The system provides a way of preserving original versions of documents to be used later for purposes of evidencing the dates and contents of documents, evidencing agreement between parties as to the contents of documents, etc. Electronic notary, electronic signature, tamper watermarking, etc. functions are also provided.

Abstract: A first user (110) requests a service provider (130) to create (200,400) a record of a transaction. The service provider (130) creates (230,430) a digital receipt (300,700,900), which includes a description (310,710,720,910,1020) of the transaction understandable by humans, tamper-proof evidence (320) of the transaction, and a verification prompt (330,740,940,1030). A second user (120) who desires to verify the transaction displays (265,465) the digital receipt (300,700,900) and activates (270,470) the verification prompt (330,740,940,1030). Upon activation, the tamper-proof evidence (320) is verified without requiring further human interaction to identify the tamper-proof evidence.

Abstract: Media signals such as audio and/or video signals are certified as being authentic. A private key and a corresponding public key are provided. For a current media segment of the media signal, a signature is created using the private key to sign data based on media content of the current media segment combined with a signature from a media segment present at another point within the media signal where the signature from the media segment present at another point within the media signal is created by signing with the private key data based on media content of the media segment present at the other point within the media signal. The signature is included in metadata of the current media segment of the media signal and the public key is included in a second metadata of the media signal.

Abstract: One aspect of the invention is a method for generating a certified electronic document that includes receiving identification information associated with a signatory user from a computer. From the same computer, identification information associated with a notary user is also received. At least one electronic document that requires certification is identified on a display. A first user command is received from the computer identifying the assent of the signatory user to the execution of the at least one electronic document. A second user command is received from the computer identifying the assent of the notary user to the certification of the at least one electronic document. Official indicia associated with the notary user is applied to the at least one electronic document to create at least one certified document.

Abstract: To provide a content distribution system which can prevent use of content which has been temporarily stored after the valid period. A content distribution system (1) including a license server (101) which issues a license, a content server (102) which transmits the content, a terminal device (103) which controls use of the content based on the issued license. The terminal device (103) does not allow the use of the received encrypted content when it is judged that the encrypted content received from the content server (102) is not the content received in real time.

Abstract: A logging system comprising counting logic adapted to generate a raw timestamp. The system further comprises encoding logic coupled to the counting logic and adapted to insert a group of bits of the raw timestamp into a predetermined timestamp template to produce an encoded timestamp. The template is selected based on a position of a most significant bit of the raw timestamp.

Abstract: To check a digital signature, using a microcircuit card, the microcircuit being designed to receive and to process requests to check digital signatures, the process comprises storing in a memory in the microcircuit a certificates table containing digest forms of authorized public keys, and a phase of checking a digital signature consisting of: receiving by the microcircuit the digital signature to be checked and a public key corresponding to a private key that was used to generate the digital signature to be checked; calculating a digest form of the received public key, searching for the calculated digest form of the public key in the certificates table, and decrypting the digital signature using the received public key if the calculated digest form of the public key is located in the certificates table.

Abstract: For controlling the broadcasting of a digital document, the method brings at least three actors into play. First actor is an originator user computer system wherein a file is generated for containing the digital document, digital conditioning attributes corresponding to at least one predetermined event that is liable to affect the data in future use and information that secures data integrity are associated with the data. Second actor is a future user computer system which causes an occurrence of the predetermined event. Third actor is a remote computer system arranged for detecting the event occurrence by storing digital conditioning attributes and information that secures data integrity without knowledge of the digital document.

Abstract: Data stored in a data storage system is hashed to generate a hash value. The hash value and a request for a time stamp are then sent to a time stamping authority. A time stamp token and/or a time stamp certificate is received from the time stamping authority. The time stamp token includes a time stamp and the hash value, and may be encrypted using a private key of the time stamping authority. The time stamp token and/or time stamp certificate is then stored with, for example, a reference to the data being stored in the data storage system. The time stamp token and/or time stamp certificate may then be used to validate the data being stored and the time stamp.

Abstract: Efficient access processing is performed when the service level of a server apparatus is low. There is provided a proxy apparatus including: a request sending unit for sending a first server request message based on a first client request message received from an information terminal to a destination server apparatus; a server status information storage unit for storing timeout information of the destination if a timeout of a first server request message is detected; a request monitoring unit for deciding to time out a second client request message received from an information terminal if timeout information of the destination of the second client request message is stored; and a proxy timeout response unit for sending a timeout response message corresponding to the second client request message that is decided to be timed out to the requesting information terminal.

Abstract: Improved techniques for validating timestamps used in a client-server environment are disclosed. A client can associate client-provided timestamps with events that occur at the client. The client can then send event information as well as the timestamps to a server. Preferably, the event information and timestamps are sent in a batch pertaining to a plurality of events that have occurred at the client. The server, which has greater time accuracy, can then validate the client-provided timestamps. The server can also modify the client-provided timestamps so as to improve accuracy of the timestamps. Once modified, the timestamps can pertain to a range (e.g., window) of time during which the associated events can be known to have reliably occurred. In one embodiment, the client-server environment is a distributed file security system in which the events and event information pertain to audit files.

Abstract: A content recording/reproducing system, which records and reproduces a sub-content relating to a main content, includes a distribution device, first and second recording media, a recording device and a reproducing device. The first recording medium that is non-rewritable prestores key data based on which a public key is derivable, and the main content. The distribution device outputs verification information that includes the sub-content and is generated by applying a digital signature to relative information relating to the sub-content based on a secret key corresponding to the public key. The recording device acquires and records the verification information on the second recording medium that is rewritable.

Abstract: A method and system is provided for monitoring the availability of a peer in a P2P system that is used to provide remote storage or remote processing power. In one illustrative example, a recipient peer requests access to a service provisioned by another peer in a peer-to-peer network. The request may be a request to access a file or a file fragment that is being stored on the other peer. In order to make use of the accessed service, after receiving access to the service provisioned by the peer, the recipient peer needs to report to a central server that the service has been rendered. For instance, in some cases the file fragment accessed by the recipient peer may be encrypted, in which case the central server will send the recipient peer a decryption key after receiving the report that the service has been rendered.

Abstract: Public encrypted disclosure provides a creation date verification system by making confidential information available in a secure encrypted form that can be decrypted at a later time to verify the existence of the content at the date of the encrypted disclosure. Options provide for various levels of security, verification, and distribution of encrypted content and for automated encryption, submission, and public disclosure of encrypted content.

Abstract: A first user (110) requests a service provider (130) to create (200,400) a record of a transaction. The service provider (130) creates (230,430) a digital receipt (300,700,900), which includes a description (310,710,720,910,1020) of the transaction understandable by humans, tamper-proof evidence (320) of the transaction, and a verification prompt (330,740,940,1030). A second user (120) who desires to verify the transaction displays (265,465) the digital receipt (300,700,900) and activates (270,470) the verification prompt (330,740,940,1030). Upon activation, the tamper-proof evidence (320) is verified without requiring further human interaction to identify the tamper-proof evidence.

Abstract: A server is configured for preventing flood attacks by a client having sent a request, by dynamically generating a challenge to be performed by the client before the server will perform any work for the client. The challenge includes a dynamically generated computational request and a dynamically generated secure cookie. The server generates a first hash result based on hashing a first random number, having a prescribed length, with a second random number having a dynamically selected length. A secure cookie is generated based on hashing the first hash result with a prescribed secure key known only by the server, and a unique identifier for the request such as the client network address with a time stamp. The challenge requires the client to determine the second random number based on the first random number and the hash result. The server validates the challenge results using the secure cookie.

Abstract: A tamper-resistant certification device receives a certified digital time stamp from a trusted third party, resets a time function and produces a time stamp receipt in an on-line mode; The tamper-resistant certification device receives a digital file from a mobile computing device, and produces a certified digitally signed digital file including a copy of the digital file, time stamp receipt and temporal offset in an off-line mode to evidence the content of the digital file within a defined tolerance of a day and/or time. A processor may be portioned into tamper and non-tamper resistant portions.

Abstract: Embodiments of methods to communicate a timestamp to a storage system are generally described herein. Other embodiments may be described and claimed.

Abstract: A method for securing communications between a server and an application downloaded over a network onto a client of the server is disclosed. A first request is received from the client, and in response a session credential security token is generated and sent to the client. A second request is received from the client to download the application and includes the value of the session credential security token. The server verifies that the value of the session credential security token is valid and, if so, generates a second security token that is tied to the session credential security token. The second token is embedded in application code and then the application code is sent to the client. A subsequent request for data from the application running on the client includes the value of the session credential security token and the value of the embedded security token.

Abstract: An information stream (media stream) can be “bookmarked” with event markers to note points in time in the information stream of occurrences of interesting events. Repeat occurrences of an event are noted with the same event marker. The events of interest need not be a priori determined. In fact, unexpected events can be readily noted.

Abstract: An information processing apparatus has an authentication/key exchange unit, a round trip time measuring unit, a common key transmitter, a contents key transmitter and a contents transmitter. The round trip time measuring unit sends a round trip time measuring request generated to the communication apparatus through the first communication connection to measure the round trip time, and check whether the measured round trip time is within a predetermined time and whether a transmitting source of the round trip request response is the communication apparatus sharing the first key. The common key transmitter encrypts a second key used for contents transmission by using the first key and transmits the encrypted second key through the first communication connection when the round trip time measuring unit succeeds in the checking.

Abstract: A cryptographic session key is utilized to maintain security of a digital identity. The session key is valid only for a limited period of time. Additional security is provided via a bimodal credential allowing different levels of access to the digital identify. An identity token contains pertinent information associated with the digital identity. The identity token is encrypted utilizing public-key cryptography. An identifier utilized to verify the validity of the digital identity is encrypted with the cryptographic session key. The encrypted identity token and the encrypted identifier are provided to a service for example. The service decrypts the encrypted identity token utilizing public key cryptography, and decrypts, with the cryptographic session key obtained from the identity token, the encrypted identifier. If the identifier is determined to be valid, the transaction proceeds normally. If the identifier is determined to be invalid, the transaction is halted.

Abstract: Nodes in a network include a pseudo-timestamp in messages or packets, derived from local pseudo-time clocks. When a packet is received, a first time is determined representing when the packet was sent and a second time is determined representing when the packet was received. If the difference between the second time and the first time is greater than a predetermined amount, the packet is considered to be stale and is rejected, thereby deterring replay. Because each node maintains its own clock and time, to keep the clocks relatively synchronized, if a time associated with a timestamp of a received packet is later than a certain amount with respect to the time at the receiver, the receiver's clock is set ahead by an amount that expected to synchronize the receiver's and the sender's clocks. However, a receiver never sets its clock back, to deter attacks.

Abstract: One chip encryption processor is disclosed, in which a password process unit for processing a data encryption and an interface for managing a password needed for an encryption are integrated into one chip. The encryption processor includes an encryption interface for connecting an externally connected apparatus and an internal data process apparatus, a password process unit for encrypting the inputted data, a memory unit for temporarily storing the data. The above elements are integrated into one chip, so that a desired data security, non-error operation and stable user verification are obtained.

Abstract: Disclosed herein are methods and systems for encoding digital watermarks into content signals. Also disclosed are systems and methods for detecting and/or verifying digital watermarks in content signals. According to one embodiment, a system for encoding of digital watermark information includes: a window identifier for identifying a sample window in the signal; an interval calculator for determining a quantization interval of the sample window; and a sampler for normalizing the sample window to provide normalized samples. According to another embodiment, a system for pre-analyzing a digital signal for encoding at least one digital watermark using a digital filter is disclosed.

Abstract: A tamper-resistant certification device receives a certified digital time stamp from a trusted third party, resets a time function and produces a time stamp receipt in an on-line mode; The tamper-resistant certification device receives a digital file from a mobile computing device, and produces a certified digitally signed digital file including a copy of the digital file, time stamp receipt and temporal offset in an off-line mode to evidence the content of the digital file within a defined tolerance of a day and/or time. A processor may be portioned into tamper and non-tamper resistant portions.

Abstract: The present invention is directed toward secure access systems. Specifically, a method and system is provided that enhances the security of unidirectional communication protocols used in access control systems, such as the Wiegand protocol. The enhancements may include obfuscation of data, a two-way packet-mode communications, and blind synchronization of pseudo-random number generators.

Abstract: Methods and systems are provided for a cancellation server maintaining a database of identifiers of cryptographic puzzles. A cryptographic puzzle is created from a unique identifier and a timestamp, and is attached to an electronic mail message, along with the puzzle's solution. The recipient verifies that the solution is correct and that the timestamp is current, and further queries the cancellation server with the puzzle identifier. If the identifier does not exist in the database, then the recipient knows the received message is legitimate. If the identifier already appears in the database, the received message can be automatically removed from the recipient's computer.

Abstract: In a method of processing data, an RFID signal (6) sent by a reader (3,5) via a field generated by the reader (3,5) is received at a passive RFID transponder (2). The transponder (2) comprises a dedicated receiver (28) for receiving a time signal (8), which is wirelessly sent By an external sender (4) and comprises information about the present time. The transponder (2) including the dedicated receiver (28) is powered utilizing the field such that the dedicated receiver (28) detects the time signal (8) and decodes the present time. Utilizing the transponder (2), the first data (7) contained in the RFID signal (6) is decoded and processed. Second data (9) which are time stamped by said transponder (2) utilizing said present time are generated, and a response signal (10) comprising the second data (9) is transmitted from the transponder.

Abstract: Systems, methods and apparatus for a distributed security that provides authentication and authorization management. The system can include an epoch manager that is used to generate authentication and authorization data that remain valid only for an epoch. The epoch manager can generate an epoch key pair that can be used to encrypt and decrypt the authentication and authorization data during the epoch that the key is valid. The epoch manager can also associate the contents of the data with the epoch in which it was created, so that at decrypting the epoch that the data was generated in can be identified.

Abstract: An image forming system which is capable of enhancing security in an i-copy function. A server apparatus stores document data once having been printed in association with a sheet identifier recorded on a print sheet on which the document data has been printed. An image reader section reads the sheet identifier from the print sheet when a copy command is issued by the user authenticated based on an entered user identifier by a CPU of a MFP. A printer section reads out and prints the document data from the server apparatus. When the sheet identifier has not been read from the print sheet based on the copy command over a predetermined time period, the document data is inhibited from being printed by the printer section.

Abstract: A secure time stamping device uses multiple virtual clocks, each of which may be individually accessed and calibrated. A digital key is associated with each of the clocks. All of the virtual clocks use a common timer (130), with the actual clock output being generated by applying calibration information (124) for that clock to the timer (130) output. A user wishing to have a message time stamped presents that message along with information as to which virtual clock to be used at a device input (92). The appropriate calibration information (124) is then selected and the timer (130) output is compensated accordingly. The incoming message plus the resultant time are concatenated and automatically signed using the key (126) applicable to that particular virtual clock.

Abstract: Disclosed herein are methods and systems for encoding digital watermarks into content signals. Also disclosed are systems and methods for detecting and/or verifying digital watermarks in content signals. According to one embodiment, a system for encoding of digital watermark information includes: a window identifier for identifying a sample window in the signal; an interval calculator for determining a quantization interval of the sample window; and a sampler for normalizing the sample window to provide normalized samples. According to another embodiment, a system for pre-analyzing a digital signal for encoding at least one digital watermark using a digital filter is disclosed.

Abstract: A recent secure authentication service enforcing revocation in distributed systems is provided. Authenticity entities impose freshness constraints, derived from initial policy assumptions and authentic statements made by trusted intermediaries, in authenticated statements made by intermediaries. If freshness constraints are not presented, authentication is questionable. The freshness constraints can be adjusted. The delay for revocation can be arbitrarily bounded. The freshness constraints within certificates results in a secure and highly available revocation service such that less trust is required of the service.

Abstract: A method and system for surreptitiously detecting and analyzing sites suspected of transferring steganographic communications, is accomplished by analyzing a targeted site for steganographic communications via a server that directs a plurality of clients to analyze the targeted site. The clients are dispatched according to the objectives of the server and the data retrieved by previous clients, which have been directed to scan the site. The client's data is aggregated and analyzed to determine if a steganographic communication is present.

Abstract: The present invention relates to digitally signing of electronic documents which are to be kept secure for a very long time, thereby taking into account future cryptographic developments which could render current cryptographic key-lengths insufficient. In accordance with the invention a double signature is issued for each document. A first digital signature (DTS) ensures the long time security, whilst a second digital signature (DUS) ensures the involvement of an individual user. Thereby, the second digital signature is less computationally intensive in its generation than the first digital signature.

Abstract: A cryptographic session key is utilized to maintain security of a digital identity. The session key is valid only for a limited period of time. Additional security is provided via a bimodal credential allowing different levels of access to the digital identify. An identity token contains pertinent information associated with the digital identity. The identity token is encrypted utilizing public-key cryptography. An identifier utilized to verify the validity of the digital identity is encrypted with the cryptographic session key. The encrypted identity token and the encrypted identifier are provided to a service for example. The service decrypts the encrypted identity token utilizing public key cryptography, and decrypts, with the cryptographic session key obtained from the identity token, the encrypted identifier. If the identifier is determined to be valid, the transaction proceeds normally. If the identifier is determined to be invalid, the transaction is halted.

Abstract: Communication between an administrator device and an administered device in a network is arranged in the form of a chain of digitally signed communication items including messages sent from an originator device to a recipient device. Each message has an associated respective digitally signed receipt, and the originator device is configured not to send a new item toward the recipient device in the absence of a respective digitally signed receipt for a previously sent item. With at least one, and preferably by both of the administrator device and the administered device, there is stored a history record of communication items exchanged therebetween. The history record is agreed upon and signed by both the administrator device and the administered device.

Abstract: A data structure with endpoint address and security information. The data structure includes an address field that includes one or more endpoint addresses for an entity. The data structure further includes a security field that includes one or more keys for facilitating secure communications with the entity. The data structure may also be such that the contents of the address field and the security field are serialized in the data structure. The data structure may be extensible such that new address fields and security fields may be added.