Abstract: A method and a system are provided according to the present invention for authenticating and restoring digital files and/or documents, according to which, on the basis of each digital document to be authenticated, a bitmap file 3 is generated, a digital stamp 4 is added on a predefined area 3a of said bitmap file and a digital signature is added to the stamped bitmap file.

Abstract: When a document creation unit 1 is started, it calculates a hash value of each software piece therein and stores the hash value in a hash value holder 71 and a measurement log document holder 44. The document creation unit 1 accesses a time distribution unit plural times to receive time information therefrom, and records the time information in a log document and a measurement log document. The document creation unit 1 transmits the log document, the measurement log document, and digital signature-embedded hash value information (measurement auxiliary document) in a tamper-resistant device 63 to a document reception device. The document reception device verifies matching of the hash values or digital signature in the document group, confirms software operating environments in the document creation unit 1 from the hash values, and determines whether the time information is correctly managed within the unit 1.

Abstract: The invention is directed to techniques, in a caching device, for providing content, comprising the steps of obtaining content from an origin server, observing an access identifier provided by the origin server in response to a first content request, the access identifier providing an authentication indication for accessing the content obtained from the origin server, receiving a second content request, and one of (i) preventing the origin server from handling the second content request and providing the obtained content when the second content request includes the access identifier, and (ii) forwarding the second content request to the origin server for processing when the second content request does not include the access identifier.

Abstract: A system (50, 150) for assisting a user (14) to determine whether a hyperlink (152) to a target uniform resource locator (URL) is spoofed. A computerized system having a display unit is provided and logic (158) therein listens for activation of the hyperlink (152) in a message (154). The logic (158) extracts an originator identifier (102) and encrypted data from the hyperlink (152), and decrypts the encrypted data into decrypted data based on the originator identifier (102). The logic (158) determines whether the hyperlink (152) includes the originator identifier (102) and the encrypted data decrypts successfully. Responsive to this it then presents a confirmation of authentication conveying the name of the owner and the domain name of the target URL on the display unit, and it redirects the user (14) to the target URL. Otherwise, it presents a warning dialog to the user (14) on the display unit.

Abstract: An improved solution for accessing a web application is provided.

Abstract: A system (50, 150) for assisting a user (14) to determine whether an email (18) comes from a purported originator (16). A computerized system having a display unit is provided. Logic (54) in the computerized system determines whether the email (18) includes an authenticity mark (52) including an originator identifier (102) and encrypted data (104). Logic (54) in the computerized system then decrypts the encrypted data (104) into decrypted data (108-14), based on the originator identifier (102). Logic (54) in the computerized system then presents to the user (14), on the display, whether the email (18) includes the authenticity mark (52), whether the encrypted data (104) decrypts successfully, and information based on the authenticity mark (52) and the decrypted data (108-14).

Abstract: In general, the invention features methods by which more than one client program connected to a network stores the same data item on a storage device of a data repository connected to the network. In one aspect, the method comprises encrypting the data item using a key derived from the content of the data item, determining a digital fingerprint of the data item, and storing the data item on the storage device at a location or locations associated with the digital fingerprint. In a second aspect, the method comprises determining a digital fingerprint of the data item, testing for whether the data item is already stored in the repository by comparing the digital fingerprint of the data item to the digital fingerprints of data items already in storage in the repository, and challenging a client that is attempting to deposit a data item already stored in the repository, to ascertain that the client has the full data item.

Abstract: Methods, apparatus and systems for generating a trusted digital time stamp as well as a public time source. It includes, an apparatus for receiving and recording public time information and a method for verifying a digital time stamp. A method for generating a trusted digital time stamp includes: obtaining a first time information and a corresponding random code from a public time source; and generating a digital time stamp using a first time information and random code. A method for verifying a digital time stamp includes: recording time information and corresponding random codes transmitted by a public time source; retrieving time information and a random code contained in the time stamp; and comparing a retrieved random code from the time stamp with one of the recorded random codes that corresponds to a time information in the time stamp, if they are consistent, the time stamp is determined to be trusted, otherwise the time stamp is determined to be not trusted.

Abstract: Techniques to adjust clock approximations are described, which may be used to synchronize content output at a client. In an implementation, timestamps derived from a universal time source are allocated to respective program clock reference (PCR) timestamps in content received by a network operator during an interval of time to form ordered pairs of timestamps. An approximation is computed of a plurality of the ordered pairs of timestamps for the interval and the approximation is adjusted using an ordered pair of timestamps taken from a previous approximation.

Abstract: Time stamped streams respectively generated by an AV stream generating means and data stream generating means are combined by a time-stamped contents generating means. Consequently, a time-stamped contents stream is generated which synchronizes the processing of an AV stream and multimedia data.

Abstract: A tamper-resistant certification device receives a certified digital time stamp from a trusted third party, resets a time function and produces a time stamp receipt in an on-line mode; The tamper-resistant certification device receives a digital file from a mobile computing device, and produces a certified digitally signed digital file including a copy of the digital file, time stamp receipt and temporal offset in an off-line mode to evidence the content of the digital file within a defined tolerance of a day and/or time. A processor may be portioned into tamper and non-tamper resistant portions.

Abstract: A system and method is provided for confirmation of the identity of a contact on the network. A notification that a nearby user is present on a network is signed with a private key associated with the nearby user. The private key is also associated with a public key. A local user that has the nearby user's public key can verify the signature on the notification and confirm that the nearby user is the source of the notification. The verification of identity of the nearby user allows rich content previously stored for the nearby user to be displayed along with the nearby user's presence information.

Abstract: This invention relates to an authentication method for an electronic document (100), in particular a file designed to be on-board an aircraft, comprising: the generation (110) of a digital signature of said electronic document using a private key (107) corresponding to a public key certified by a certifying authority; a time stamp request (126) of said electronic document made to a time stamping authority (125) to obtain a time-stamp (127); a request (136) to obtain the statute of the certificate of said public key (137), following on from said time stamp request; the addition (140) to said electronic document of the digital signature, the time-stamp and the statute of said certificate to create an authenticated electronic document (150).

Abstract: A method, and a corresponding apparatus, provide for remote, secure replacement of private keys in a private key infrastructure. The method is implemented as a secure key replacement protocol (SKRP), which includes the steps of receiving a rekey request, where the rekey request identifies a private key for replacement, authenticating the rekey request, replacing the identified private key with a SKRP key, signing the challenge with the SKRP key, and returning the signed challenge. The rekey request includes the SKRP key and the challenge.

Abstract: An image decrypting apparatus derives spectral reflectance of the face of an original on the basis of obtained original image data, built-in light source data and basis function data, and obtains weighted coefficients of each pixel as object color component data. The apparatus stores a file including the basis function data used at the time of obtaining the spectral reflectance as a key file, and stores a file including the object color component data as an encrypted file. From each of the key file and the encrypted file, the original image data cannot be reproduced. By using the key file and the encrypted file in a correct combination, the original image data can be reproduced. In such a manner, the original image data can be protected.

Abstract: A method and system for updating time information of a digital rights management (DRM) includes a time server transmitting a time information message to a consumer electronics (CE) device, the CE device transmitting the time information message to a digital rights management DRM device when the CE device receives the time information message from the time server, and the DRM device updating a present time of the DRM device based on the time information message when the DRM device successfully performs authentication with respect to the time information message which has been transmitted from the CE device.

Abstract: Upon connecting to a trusted device, an untrusted device: (a) acquires a trusted current time; (b) stores an elapsed time; (c) determines an estimated current time; and, (d) stores a time difference between the estimated current time and an untrusted current time. The untrusted device (e) repeats (b)-(d) until turned off. Upon being turned on and able to connect to the trusted device, the untrusted device (f) repeats (a)-(e). Otherwise, it: (g) determines a temporary current time; and, (h) compares the estimated current time of (c) with the temporary current time. The untrusted device, (i) where the estimated current time of (c) is less than the temporary current time, sets an offline current time as the temporary current time, or, (j) where the estimated current time of (c) is greater than the temporary current time, sets the offline current time as the estimated current time of (c).

Abstract: Systems and methods for distributing trusted time, including trusted dates with digital data files, which are accessed, created, modified, received, or transmitted by devices that include a trusted time source in a tamperproof environment. The system includes one or more subsystems for providing trusted time for a moment in time. The trusted time source may be a real time clock, which is not resettable, is independent of any system clock of the devices, and where one or more devices may contribute to the distribution of trusted time among each other.

Abstract: A publication system effective and secure to the publication agency and a user is provided for the publication agency, and a signature verifying function using the published signature log entries is provided for the user. The publication agency publishes a signature log entry received from the users on the Web, and acquires a time-stamp at the time of the publication, and transmits the time-stamp together with a publication notice back to the user. The publication agency also has the signature log, and either discloses part of the log at regular intervals in a newspaper or the like, or produces publication-purpose data based on the signature log entry received from each user, and publishes the data in the newspaper. The publication agency, after the newspaper publication, transmits the signature log of the publication agency to the user.

Abstract: This invention concerns a system comprising processors (2, 3) arranged so as to receive and process data arriving at the system and containing time-indicating means (11, 17, 21) operatively connected to said processors and arranged so as to furnish time data to the processors for time-marking of the data. The time-indicating means (11, 17, 21) include a hardware clock arranged so as to generate a clock signal, and further arranged so as to receive second time data from at least one additional time reference and modify the clock signal from the hardware clock using the second time data in order to generate the first time data. The time-indicating means (11, 17, 21) are arranged so as to add to the clock signal, during the generation of the first time data, a compensation signal (??i) based on said second time data. The invention also concerns a method for time-marking data.

Abstract: Content material is protected with a variety of watermarking processes. Different subsets of the protected content material are submitted to different watermarking processes. At the rendering device, a watermark detector is configured to detect one or more different watermarks. Only if the particular watermark(s) that the rendering device is configured to detect is removed from the protected content material will the rendering device permit the rendering of the protected material. If the particular watermark(s) that the rendering device is configured to detect is unpredictable, or if the particular segment that is protected by a particular watermark is undetectable, a wholesale removal of specific watermarks from the watermarked material will neither be efficient nor economically viable.

Abstract: A method for operating a wireless communication system including a mobile relay station group, a base station group, and an authentication server, includes: configuring, by the authentication server, group information into the mobile relay station group and the base station group; requesting, by the base station group, group authentication data for the mobile relay station group from the authentication server; and performing authentication between a member of the mobile relay station group and a member of the base station group and generating an authentication key individually by the member of the mobile relay station group and the member of the base station group. Also disclosed is a system for carrying out the method.

Abstract: A method and system are directed towards enabling authentication in a distributed environment. The method employs a hashed salted password associated with a user in part to pre-authenticate the user. If the user is pre-authenticated, a ticket is transmitted to a client. The ticket includes a cryptographic digest of a concatenation of the local and remote addresses that is exclusive or'ed with a timestamp to generate a modified authenticator. The modified authenticator is directed at binding the timestamp to the client to minimize reuse of an authenticator. A packet that includes the authenticator is sent to a server. The server is configured to determine another remote and local IP address associated with the packet. Employing the remote and local addresses, the server extracts the timestamp from the modified authenticator. If the timestamp is within a pre-determined time window, the user may be authenticated.

Abstract: A system performs an electronic surveillance in a packet-switched network. The system includes a first card (300), a second card (400), and an electronic surveillance device (120). The first card (300) stores first data identifying a first operational mode and second data identifying a time period. The second card (400) stores activation information. The electronic surveillance device (120) reads the first card (300) and conditions itself for operating in the first operational mode for the specified time period. The electronic surveillance device (120) also reads the second card (400) and performs a packet capture operation in accordance with the first operational mode for the specified time period in response to reading the second card (400).

Abstract: A method of establishing the integrity of an audit record set is described. The method comprises receiving a set of audit records and generating a first set of random values wherein each audit record in the set corresponds to at least one value of the first set. The method further comprises generating a second set of values based on an audit record and a corresponding value of the first set for each audit record in the set and generating a summary value based on the second set of values. The method further comprises certifying the summary value to generate an integrity certificate enabling verification of the integrity of the audit record set and storing the audit record set and at least one of the first set of values and the generated digital signature.

Abstract: A notary document processing system and related methods are described. The notary document processing system receives files uploaded by users, processes them by applying a document ID, time stamp or other information to each page of the document, and converts them to read only format for storage. Once the document is processed and stored in the system, they cannot be edited or otherwise changed by any user including the owner of the document. The system makes stored documents available to the owner or other users upon the owner's request (document shared by owners) or permission (document requested by others). The users may also request others to verify the contents of documents. The system and method provide a way of preserving original versions of documents to be used later for purposes of evidencing the dates and contents of documents, evidencing agreement between parties as to the contents of documents, etc.

Abstract: A communication network includes an SS7 Security Gatekeeper that authenticates and validates network control messages within, transiting, entering and leaving an overlying control fabric such as an SS7 network. The SS7 Security Gatekeeper incorporates several levels of checks to ensure that messages are properly authenticated, valid, and consistent with call progress and system status. In addition to message format, message content is checked to ensure that the originating node has the proper authority to send the message and to invoke the related functions. Predefined sets of templates may be used to check the messages, each set of templates being associated with respective originating point codes and/or calling party addresses. The templates may also be associated with various system states such that messages corresponding to a particular template cause a state transition along a particular edge to a next state node at which another set of templates are defined. Thus, system and call state is maintained.

Abstract: In the electronic watermark detection device, an electronic watermark detection unit receives input of a DCT coefficient and a picture start from a preprocessing unit to detect an electronic watermark inserted into image data and indicative of copyright information or the like, a detection result adjustment unit receives input of a picture start from the preprocessing unit and input of a detector result and a detector interruption from the electronic watermark detection unit to count the number of pictures, as well as generating and outputting a detection interruption according to the detection result, and an interruption processing unit receives input of a detection result and a detection interruption from the detection result adjustment unit to generate an interruption signal according to a system, as well as outputting the detection result.

Abstract: A method for storing data in an electronic device, using tags to mark events carried out in the electronic device during a certain time period. The method involves defining a tag which is assignable to data related to events which are carried out and stored using the electronic device; defining a time period for using the tag; and configuring the electronic device to assign the tag to data related to all events stored using the electronic device during said time period. The tag may be used for all events of only one type, such as pictures captured using a digital camera. Alternatively, the tags may be used for a plurality of types of events, such as for captured pictures or videos, received virtual business cards, calls dialed or received, messages sent or received, and so on. Data associated with an event related to a certain occasion may then be searched and accessed using a tag register.

Abstract: An information processing system includes a unit that selects a time stamp authority to which a request for generation of a time stamp, the time stamp authority to be selected is different from a time stamp authority selected in a last selection process which has been performed; a unit that acquires the time stamp from the selected time stamp authority; a unit that generates link information specifying an order in which time stamps; a controller that causes verification information including the time stamp, identification information of the time stamp authority, the link information, that are associated with each other; a unit that receives a time stamp verification request with regard to digital data; and a unit that compares an invalidated time stamp applied to digital data to be verified with a time stamp to thereby specify a time range in which the invalidated time stamp is applied.

Abstract: A method for securing an electronic document (22) comprising attaching a biometric characteristic (20) and the electronic document (22) to form a biometric characteristic-document combination and encrypting the biometric characteristic-document combination to form an encrypted data package (24).

Abstract: Data stored in a data storage system is hashed to generate a hash value. The hash value and a request for a time stamp are then sent to a time stamping authority. A time stamp token and/or a time stamp certificate is received from the time stamping authority. The time stamp token includes a time stamp and the hash value, and may be encrypted using a private key of the time stamping authority. The time stamp token and/or time stamp certificate is then stored with, for example, a reference to the data being stored in the data storage system. The time stamp token and/or time stamp certificate may then be used to validate the data being stored and the time stamp.

Abstract: A packet stream multiplexer may include one or more control loops (e.g., digital phase locked loops) for tracking the source clock frequency associated with a packet stream. A first control loop may slowly drive an error between a received timestamp and an estimated timestamp to zero. A second control loop may more quickly drive a first derivative of the error to zero. The second control loop may include a set of digital filters ordered according to tracking speed. The output of the slowest filter is initially selected for updating the source clock frequency estimate. As time progresses, the faster filters are selected in succession. The estimated source clock frequency is used to restamp packets of the packet stream as they are sent out onto an output channel.

Abstract: A method and system for securely timestamping digital data is disclosed. A secure encryption key is provided within a timestamping module. The timestamping module comprises a processor for performing security functions with the secure encryption key. The processor is operable in a first mode wherein the secure encryption key is used for encryption operations and for test operations and in a second mode in which the secure encryption key is only used for timestamping operations. Once the processor performs a function with the secure encryption key in the second mode it is precluded from performing further functions in the first mode with the secure encryption key. After the processor has been placed in the second mode of operation a unique code for being embedded within timestamped digital data is generated. Data indicative of a real time a request for a timestamping operation has been received is then provided to the processor from a real time clock.

Abstract: A system (126-129) detects transmission of potentially malicious packets. The system (126-129) receives packets and generates hash values corresponding to each of the packets. The system (126-129) may then compare the generated hash values to hash values corresponding to prior packets. The system (126-129) determines that one of the packets is a potentially malicious packet when the generated hash value corresponding to the one packet matches one of the hash values corresponding to one of the prior packets and the one prior packet was received within a predetermined amount of time of the one packet. The system (126-129) may also facilitate the tracing of the path taken by a potentially malicious packet. In this case, the system (126-129) may receive a message that identifies a potentially malicious packet, generate hash values from the potentially malicious packet, and determine whether one or more of the generated hash values match hash values corresponding to previously-received packets.

Abstract: A method, a system, and computer-readable media having instruction for controlling client devices and server are provided for managing digital data According to one aspect, a method comprises associating digital data with predefined sets of digital data, computing a leaf hash values over some or all of the digital data and/or over identifications of some or all of the digital data that are associated with the predefined sets, and computing a root hash value, whereby the underlying hash algorithm has as an input at least said leaf hash values. The method further comprises determining the consistency of given digital data with said root hash value by identifying the set of digital data that is associated with given digital data, re-obtaining said root hash value, re-obtaining the hash values over which said root hash value was computed, computing a hash value over said re-obtained hash values, and comparing said re-obtained root hash values with said in the previous step computed hash value.

Abstract: An authentication system providing a safety authentication process of electronic values with the use of mobile terminals which do not have a tamper-resistant function. The electronic value including encrypted value authentication information (F(VPW)), wherein an authentication information (VPW) corresponding to an electronic value specified by a user is acquired by the hash calculation, is stored in user's mobile terminal.

Abstract: A system (100) and method (800) for electronic graffiti includes a plurality of graffiti nodes serving as a plurality of wireless access points 102, a server 103 coupled to the plurality of wireless access points, a mobile wireless device (101 or 700) having at least a local area transceiver (706) and a processor (702) operatively coupled to the local area transceiver. The processor can be programmed to associate (804) a user friendly name with a media access control (MAC) address, associate (806) the user friendly name and media access control address with a group affiliation and a location, and transmit (808) the user friendly name, MAC address, the group affiliation and the location to the server. The server can be further coupled to a central server. Note, the server stores a record for each graffiti node containing the MAC address, the user friendly name, and the group affiliation.

Abstract: A time stamping protocol has two stages referred to as the ticketing stage and the certification stage. During the ticketing stage, the document or other identifying data is sent to the TSA. The TSA generates a “ticket” based on the document or other identifying data and a time indication derived from a trusted clock. The ticket, which serves as an unsigned time stamp receipt, is transmitted back to the document originator. During the certification stage, the holder of the ticket requests a certified time stamp receipt by presenting the ticket to the TSA. The TSA verifies the ticket and generates a signed time stamp receipt, called the ticket stub, which is then transmitted back to the document originator. The ticket stub serves as a “universal time-stamp” that the holder of the ticket stub can use to prove the date of the document.

Abstract: Methods and apparatus, including computer program products, implementing and using techniques for establishing trust in an electronic document. An electronic document is received. State dependent content in the electronic document is identified. The state dependent content is content that is renderable to have a several appearances. The electronic document is presented to a user, which includes disclosing the presence of any identified state dependent content in the electronic document.

Abstract: A real-time communications system of networked communications devices, method and program product for operating such a system. A screensaver resides on at least one of the communications devices, that selectively displays status information on a corresponding identified user. Presence and availability information about the particular system user is stored on a central storage and provided to the screensaver for display. Information on the screensaver apprises viewers of current user presence and availability status.

Abstract: According to the invention, techniques for authenticating that a digitally signed document is genuine. Specific embodiments according to the present invention can determine whether a digital signature was generated by a digital signature generator, or if the digital signature was generated by a third party posing as the digital signature generator. Specific embodiments can provide independent verification of digital signer identity based upon prior signed messages, time/date stamps, and the like. Techniques according to the present invention can be embodied in methods, apparatus, computer software and systems.

Abstract: Detection of watermarks in digital content by a system having a recording device and a playback device may be accomplished in such as a way as to improve the interoperability of the recording and playback devices. In one embodiment, a recording device having a first watermark detection component of a first sensitivity for detecting the watermark in digital content, interoperates with a playback device having a second watermark detection component of a second sensitivity for detecting the watermark in a digital content recording made by the recording device; such that the first sensitivity is more sensitive than the second sensitivity.

Abstract: This invention discloses a method and system for detecting and reacting to unexpected communications patterns. The system consists of a plurality of end stations and a plurality of network interfaces, such that, the network interface is capable of determining the authenticity of the program used by the end station to generate and send data packets. The system further consists of a plurality of secure management servers, which continuously exchange management messages with the network interfaces. Consequently, the secure management servers have the information for detecting unexpected communications patterns. The method allows the control of end stations, and when an unexpected communication pattern is detected, selectively only packets from authenticated programs can be allowed to be transmitted.

Abstract: According to one embodiment, a method is disclosed. The method includes storing a first list of hardware registers, receiving video data at an application program, receiving a second list of hardware registers from a device driver, determining whether the first list of hardware registers matches the second list of hardware registers, and if so, streaming the video data to a video decoder.

Abstract: A system for time validation comprises a terminal (1) with means (7,7?) for tuning in to a number of different carrier frequencies (a-e), an authorisation device (6), e.g. a smart card, capable of communicating with the terminal (1) and means (2,5) to transmit time stamps, using a modulated signal having a carrier frequency, to the terminal (1). The authorisation device (6) comprises means (8) for selecting a carrier frequency to tune in to for retrieving a time stamp. A terminal (1) and authorisation device (6) are provided for use in the system. A computer program is suitable for loading into a programmable device, e.g. a smart card, to use it as an authorisation device (6) for use in such a system.

Abstract: A method, system, apparatus, and computer program product are presented for a distributed port firewall system. The distributed port firewall system provides mapping of port usage to application needs, application action object (AAO) used to identify the use of ports. Application action object may be opened based on endpoint and user. Port firewall “properties” are added in order to configure firewall which are only configurable by certain trusted users or applications. Different policies applied to usage and the opening of ports based on both a collection of endpoints, managed regions, or on a per endpoint basis. Beyond just allowing an application to open a port, the allowed packet types are also configured to work in conjunction with a distributed packet snooper session.

Abstract: Before accepting a setting request from a predetermined manager in a plurality of date-and-time managers capable of issuing a date-and-time setting request, a setting request from any manager can be accepted. After accepting a setting request from a predetermined manager, only the setting request from the predetermined manager can be accepted. A date and time can be set in response to an accepted date-and-time setting request.

Abstract: Disclosed is a time stamp obtaining apparatus that includes a memory unit to store one or a plurality of electronic data (image data), and a control unit to obtain one time stamp that relates to entirety of the electronic data in accordance with a hash value calculated from the entirety of the stored electronic data, and to store the obtained time stamp in connection with the electronic data in the memory unit.

Abstract: A time stamping system for electronic documents has a document preparation device and a time stamp issuing server. The document preparation device includes an electronic document reading device that reads an electronic document. A digest value computer computes a digest value based on the read document. A transmitter transmits the computed digest value to the time stamp server with a request for a time stamp. A receiver receives the requested time stamp from the time stamp server and an electronic writer writes the received time stamp into the electronic document.