Abstract: A system for providing security for a personal password during an authentication process. The system combines the use of representative characters to disguise the characters of the password and the use of a separate verification code sent to the user for use in the authentication process. A server generates and sends both a set of representative characters and a verification code to a client device. The user then inputs a mixed string having the password and verification code interspersed in order using the representative characters in place of the characters of the password and verification code. The server then receives the input and determines whether the string of representative characters includes the password and verification code characters in the proper order.

Abstract: According to some exemplary embodiments, a computer-implemented timestamp method includes maintaining, at a cryptographic service provider (CSP), one or more timestamp policies specifying when digital timestamps should be issued. A timestamp request is received at the CSP from a timestamp authority that manages timestamping and is accompanied by a corresponding timestamp data structure. With a computer processor, a difference is determined between a first time specified in the timestamp data structure and a second time indicated by an internal clock of the CSP. The timestamp request is rejected if the first timestamp data structure fails to comply with a predetermined timestamp policy, where the predetermined timestamp policy requires that the difference between the first time and the second time be below a predetermined threshold.

Abstract: Systems and methods for transmitting information between virtual environments comprising: copying a first virtual environment, wherein the first virtual environment comprises a plurality of original applications, a first clock, and a first trusted security zone to create a second virtual environment, wherein the second virtual environment comprises a copy of at least some applications of the plurality of original applications, a second clock, and a second trusted security zone. The first trusted security zone may receive a request from a copied application to engage in a transmission with an original application. The first trusted security zone may then determine if a nonce associated with the copied application is a verified nonce, wherein determining if the nonce is a verified nonce comprises comparing, by the first trusted security zone, the nonce associated with the copied application to a nonce associated with the at least one original application.

Abstract: Technologies are generally described for peer-to-peer or peer-to-server-to-peer communication systems based on mobile devices, servers, and personal computers, which utilize proximity communication and optical codes such as two-dimensional barcodes, in order to securely initiate and authorize digital data, file, and multimedia transfers, as well as digital financial transactions.

Abstract: The last link in an initialization hash chain, calculated by a transmitter based on its anchor value, is distributed as an initialization function value to a receiver in an initialization phase. Subsequently, a multicast message is received and stored by a receiver and an authentication key release message, containing a cryptographic authentication key, is received from the transmitter by the receiver. A cryptographic function value h, calculated by the receiver for the cryptographic authentication key using a prescribed cryptographic function, is compared with the initialization function value to check the validity of the cryptographic authentication key in the authentication key release message. The multicast message is authenticated by the receiver using the cryptographic authentication key which has been recognized as valid.

Abstract: A cloud file event server transmits file events necessary to synchronize a file system of a file share client. A tree queue director circuit receives file events and stores each one into a tree data structure which represents the hierarchical paths of files within the file share client. An event normalization circuit sorts the file events stored at each node into sequential order and moots file events which do not have to be performed because a later file event makes them inconsequential. A thread scheduling circuit assigns a resource to perform file events at a first node in a hierarchical path before assigning one or more resources to a second node which is a child of the first node until interrupted by the tree queue director circuit or until all file events in the tree data structure have been performed.

Abstract: A system includes a first application executable on a first electronic device. The system further includes a second application executable on a second electronic device in communication with the first electronic device. The second electronic device is configured to store a first electronic file. Subsequent to a user modifying the first electronic file, the second application is operable to automatically transfer the modified first electronic file, or a copy thereof, to the first electronic device. The system further includes a third application executable on a third electronic device in communication with the first electronic device. The third electronic device is configured to store a second electronic file. Subsequent to the user modifying the second electronic file, the third application is operable to automatically transfer the modified second electronic file, or a copy thereof, to the first electronic device.

Abstract: A long-term signature terminal acquires storage-target data and electronic signature data corresponding to the acquired storage-target data. The acquired electronic signature data is transmitted to a server, and electronic signature data having a time stamp applied thereto is received from the server. The received electronic signature data with the applied time stamp is combined with the acquired storage-target data to generate signed data. Verification information for verifying the validity of the electronic signature data having the time stamp is received from the server and applied to the signed data to generate first long-term signature data. Confirmation data for confirming unfalsification of the generated long-term signature data is generated and transmitted to the server, and the confirmation data having a time stamp applied thereto is received from the server.

Abstract: A long-term signature system acquires electronic signature data for each of a series of pieces of original data, transmits the acquired electronic signature data to a predetermined server, and acquires a time stamp issued for the electronic signature data from the predetermined server. Verification information is acquired for verifying the electronic signature data and the time stamp from a predetermined server. Long-term signature target data for confirming unfalsification of the original data, the electronic signature data, the time stamp, and the verification information is acquired for each of the pieces of original data. The acquired long-term signature target data is transmitted to a predetermined server, and long-term signature data having an archive time stamp issued for the long-term signature target data applied thereto is acquired.

Abstract: According to one embodiment, the data transmitting device includes a storing unit, an authenticator generating unit, and a communication unit. The storing unit stores accuracy information based on an accuracy of synchronization between a first clock and a second clock. The first clock indicates a current time of the data transmitting device. The second clock indicates a current time of other device to be a destination of a data packet. The authenticator generating unit calculates a first time by adding a predetermined time to the current time of the data transmitting device, calculates a second time by adjusting the first time using the accuracy information, and generates an authenticator using the second time, the data packet, and a predetermined secret key. The communication unit transmits, to the other device, the data packet with the authenticator at a third time obtained by adding the second time to a predetermined time.

Abstract: A system and methods for time and/or location authentication are presented. A hash value is received from a client device and a hash value receiving time of the received hash value is stored. A data block is received after receiving the hash value is received, the received data block comprising alleged transmission signal data. A computed hash value of the received data block is computed, and an estimated transmission signal client receiving time by the client is calculated based on the alleged transmission signal data. A timely possession of the received data block by the client device is authenticated based on a comparison of the computed hash value to the received hash value and a comparison of the hash value receiving time to the estimated transmission signal client receiving time.

Abstract: A system for and method of per access-point streaming media customization and privacy protected feedback in a wireless network. The system is operative to: encrypt real time streamed media content from a streaming media source; multicast the streamed encrypted media content for availability to a user device for playback, the user device sending out unicast responses at the time of joining or dropping the multicast; aggregate the unicast responses in the form of a connect multicast state or a disconnect multicast state of the user device based on the joining or dropping of the multicast; and provide information back to the streaming media source based on the aggregated unicast responses.

Abstract: A system, device and method for incapacitating a keylogger. An inactivity of an input device may be detected. A flow of information from an input device to a computing device may be manipulated. A keylogger may be caused to store redundant information by causing the input device to produce redundant input. Other embodiments are described and claimed.

Abstract: In various embodiments, a computerized method includes receiving electronic content to be archived. The electronic content comprises a digital signature. The method may include archiving the digital signature, by determining a validity status of the digital signature and storing the validity status in the electronic content. The method may also include archiving the electronic content after the validity status has been stored in the electronic content.

Abstract: Systems, methods and apparatus for a distributed security that provides authentication and authorization management. The system can include an epoch manager that is used to generate authentication and authorization data that remain valid only for an epoch. The epoch manager can generate an epoch key pair that can be used to encrypt and decrypt the authentication and authorization data during the epoch that the key is valid. The epoch manager can also associate the contents of the data with the epoch in which it was created, so that at decrypting the epoch that the data was generated in can be identified.

Abstract: An electronic device generates identifying values which are used in authenticating the electronic device. The device comprises an interface, a private key generator for generating a private key, a non-volatile memory for storing at least the private key, an index source, a hash engine, and a logical interconnection between the private key generator, the non-volatile memory, the index source, the hash engine and the interface. The hash engine generates identifying values provided to the interface via the logical interconnection. The identifying values are provided to a verifying device for use in authenticating the electronic device. Alternatively or in addition, devices may be paired to share a root key to cryptographically communicate between each other and/or to authenticate each other.

Abstract: This disclosure relates generally to methods and systems for determining when a file has changed. According to one aspect of the present disclosure, a method of determining if contents of a file have changed can include determining if a digital signature created as a function of contents of the file has changed, and when the digital signature has changed, overlaying the contents of the file with a first mark that indicates the contents have changed and blocks a view of the contents of the file.

Abstract: A method for operating a door operator, includes inserting a first functional module into a slot of the door operator. The first functional module includes first information data function to be enabled. The first information data is transmitted to the door operator and, determining which additional functions are to be enabled. A first unique first identification is generated in the door operator. This generated first identification is transmitted back to the first functional module and saved in the first functional module. The determined functions to be enabled are activated, respectively enabled in the door operator.

Abstract: Various embodiments of a system and method for a single request-single response protocol with mutual replay attack protection are described. Embodiments include a system that receives multiple single request messages, each of which include a respective nonce, timestamp, and digital signature. The system may create a record of previously received nonces that, at any given time, may include multiple message nonces received within a valid period of time prior to that given time. To validate a given single request message, the system verifies the digital signature of the message, determines that the timestamp of the message indicates a time within the valid period of time prior to the current time, and determines that the nonce of the message is not present within the record of previously received nonces. The system sends a single response message that includes the same nonce as the validated message.

Abstract: An apparatus and method for generating a multiplex of media streams, the method includes the steps of: (i) receiving a set of media streams that comprises first type media stream components and second type media stream components; (ii) applying a modification process that is not adapted to modify second type media stream components, such as to provide at least one modified first type media stream component; and (iii) multiplexing at least the second type media stream components and the modified first type media stream components.

Abstract: In a system and method of watermarking content for tracking media consumption, the method may include creating, by a computer processor, at least one copy of a mezzanine asset for distribution to at least one user, the mezzanine asset being watermarked with a watermark identifier, and the at least one copy including a copy of the watermark identifier.

Abstract: The disclosed embodiments are directed to improving the efficiency of guaranteeing data consistency to clients, such as for one or more objects stored on a plurality of volumes configured as a Striped Volume Set. In particular, the disclosed embodiments optimize requests from clients which span multiple Data Volumes and which require strong serialization. The disclosed embodiments provide a “viral ticket book” model that provides lower latency while improving compatibility with client protocols.

Abstract: A method for reading at least one attribute stored in an ID token assigned to a user involving: authenticating the user to the ID token, authenticating a first computer system to the ID token, and, assuming successful authentication of the user and the first computer system to the ID token, read access by the first computer system to the at least one attribute stored in the ID token for transmission of the at least one attribute to a second computer system, and generating of a time indication for the at least one attribute by the first computer system.

Abstract: A method of establishing the integrity of an audit record set is described. The method comprises receiving a set of audit records and generating a first set of random values wherein each audit record in the set corresponds to at least one value of the first set. The method further comprises generating a second set of values based on an audit record and a corresponding value of the first set for each audit record in the set and generating a summary value based on the second set of values. The method further comprises certifying the summary value to generate an integrity certificate enabling verification of the integrity of the audit record set and storing the audit record set and at least one of the first set of values and the generated digital signature.

Abstract: A server receives a package of data including: a document designated for notarization, identification information including a photograph, photograph of a user, and a signature of the user. The server compares the photograph of the user to the photograph included with the identification information. Next, the server verifies an identity of the user based on the identification information and the photograph by comparing the photograph of the signer to the photograph included with the identification information. The server then applies the signature and an indication of notarization to the document designated for notarization to create a notarized version of the document. The server stores the notarized version of the document, the photograph, and the identification document in a secure data package, and provides the notarized version of the document to the user.

Abstract: Methods, systems and computer program products are provided for controlling the disclosure time of information by a publisher to one or more recipients. A trusted body generates an asymmetrical key pair for a specified date and time of disclosure with an encryption key and a decryption key. The trusted body provides a digital certificate signed with a private key of the trusted body providing the publisher with the encryption key prior to the specified date and time. The publisher uses the encryption key to encrypt data and a recipient obtains the encrypted data at any time prior to the specified date and time. The trusted body then makes the decryption key available to the recipient at or after the specified date and time.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for generating a nonce. In one aspect, a method includes generating, by a data processing apparatus, a source value, and hashing, by the data processing apparatus, the source value to generate the nonce.

Abstract: An image forming apparatus which can prohibit any users but a user who has made a deposit from operating the image forming apparatus for a chargeable process. A communication controller of the image forming apparatus obtains pieces of proper information of cell-phones. An ID management section issues IDs for the respective pieces of proper information, and the communication controller sends the IDs to the corresponding cell-phones. At an input section, a user of one of the cell-phones inputs the ID sent thereto. Thereafter, the communication controller receives an access from a cell-phone and receives proper information of the cell-phone. In this moment, it is judged whether the cell-phone which has made an access is identical with the cell-phone of which ID was inputted at the input section. Only when the communication controller identifies the cell-phone, the communication controller permits the image forming apparatus to communicate with the cell-phone.

Abstract: An automated notarization device includes a scanner, printer, hardware security module and camera. The hardware security module includes a secure processor and secure storage for data records and cryptographic keys, along with a secure real time clock. A person desiring to have a document notarized presents the document to the device, presents identification to the device, and has his/her picture and or video taken. Each of these items is stored in a data record, which is then displayed to the person for approval. Upon approval, the data record is provided to the hardware security module, which adds a timestamp to the data record and then digitally signs the data record. The resulting signed data record ties together the original document, and identification of the person, and a timestamp. Changes to any of these data elements can be detected by verifying the digital signature.

Abstract: A method, apparatus, and computer program product are provided in order to capture and share audio and/or video content in a multi-user environment. In the context of a method, audio and/or video content is captured and selected to be uploaded to be shared with other users. The method may assign and verify global timestamps for captured content and cause the content and verified timestamps to be uploaded to a multi-user content server. The method uses the verified timestamps to synchronize multi-user content to a common timeline in an efficient manner, allowing for rendering of content that is to be shared with other end users. A corresponding apparatus and a computer program product are also provided.

Abstract: Media signals such as audio and/or video signals are certified as being authentic. A private key and a corresponding public key are provided. For a current media segment of the media signal, a signature is created using the private key to sign data based on media content of the current media segment combined with a signature from a media segment present at another point within the media signal where the signature from the media segment present at another point within the media signal is created by signing with the private key data based on media content of the media segment present at the other point within the media signal. The signature is included in metadata of the current media segment of the media signal and the public key is included in a second metadata of the media signal.

Abstract: Long-term signature data is formed at a server side while a private key and the like are held at a client side. The long-term signature data is configured by arranging ES, STS, verification information, ATS (1st), and ATS (2nd) in a predetermined long-term signature format. Among these elements, those for which processing using the private key and original data are necessary are ES and ATS. Due to processing where the original data and the private key is necessary being performed by a client terminal 3 and processing where the long-term signature data is analyzed and generated being performed by a long-term signature server 2, the long-term signature data is generated in the long-term signature server 2 while the original data and the private key are held in an inner portion of the client terminal 3.

Abstract: A method for securing communications between an access point and a station includes generating a first hashed service set identifier (SSID) by applying a first hash function to a first SSID known by the station, transmitting a first message to the access point, wherein the first message includes the first hashed SSID, and receiving a second message from the access point, wherein the second message includes a second hashed SSID generated by the access point by applying a second hash function to a second SSID associated with the access point. The method also includes generating a third hashed SSID by applying the second hash function to the first SSID, determining if the third hashed SSID matches the second hashed SSID, and transmitting a third message to the access point if the third hashed SSID matches the second hashed SSID.

Abstract: The present invention provides a log management system which is devised so that improper behavior by managers with regard to the log information can easily be discovered. Virtual OS are respectively installed for respective users in a file server that can also be constructed as an NAS device. These virtual OS function as virtual NAS. The virtual OS and manager OS can exchange information relating to log information via an information exchange part constructed as a kernel. The log information produced in the virtual OS is transmitted to a first log management device via a first communications network, and is also transmitted to a second log management device via a second communications network. The respective networks are separated. As a result of the same log information being managed by multiplex management using separate management devices, it can be detected whether or not there has been any improper behavior with respect to the log information.

Abstract: A digital rights management method includes: storing information on a rights object in a memory area, wherein the rights object has been transferred from a first device to a second device, and wherein the rights object includes permissions linked to a digital media object; receiving a rights object at the first device; and accessing the memory area to check whether information on the received rights object is stored in the memory area and to set up the received rights object on the first device in case the information on the received rights object is not stored in the memory area, and to reject the received rights object in case the information on the received rights object is stored in the memory area.

Abstract: In implementations, a computer-implemented method for location assurance is disclosed. The method can include receiving, by an application executing on a mobile computing device, an electronic token from a server, wherein the electronic token comprises a timestamp signed using a cryptographic signing algorithm; providing, by the application, the electronic token to a passive computational tag, wherein the electronic token is countersigned by the passive computational tag; receiving, by the application, the electronic token that was countersigned by the passive computational tag; and providing, by the application, the electronic token that was countersigned to the server.

Abstract: Embodiments relate to a method for generating a set of authentication certificates by a set of certificate authority devices. The method includes receiving, by the set of certificate authority devices, a set of certificate requests from a user device. The method includes generating, by the set of certificate authority devices, a set of crosschecked certificates, each crosschecked certificate of the set of crosschecked certificates being configured to cryptographically verify the remaining crosschecked certificate of the set of crosschecked certificates. The method includes transmitting, by the set of certificate authority devices, the set of crosschecked certificates to the user device, the set of crosschecked certificates configured to be utilized by the user device in establishing a secured communication channel over a network between the user device and a client device.

Abstract: The present invention is related to a wireless transmit/receive unit (WTRU) for providing advanced security functions. The WTRU includes trusted platform module (TPM) for performing trusted computing operations; and a secure time component (STC) for providing a secure measurement of a current time. The STC and the TPM are integrated to provide accurate trusted time information to internal and external to the WTRU. The STC may be located on an expanded a subscriber identity module (SIM), on the WTRU platform, or two STCs may be used, one in each location. Similarly, the TPM may be located on an expanded SIM, on the WTRU platform, or two TPMs may be used, one in each location. Preferably, the STC will include a real time clock (RTC); a tamper detection and power failure unit; and a time report and sync controller.

Abstract: System and method for displaying digital content on a display device comprising at least one digital content item, configured to be displayed on the display device, a service cloud, comprising a server, memory, and processor, configured to store the digital content item as one or more encrypted slices, and a crypto controller, running on the service cloud server, configured to download a cypher key stored in the service cloud memory. The cypher key is configured to be encoded with a unique identification corresponding to the display device and lock the digital content item to that display device. The service cloud processor is configured to retrieve the encrypted slices, assemble the slices into one or more encrypted particles, and send the encrypted particles and the cypher key to the display device for assembly by the cypher key into the digital content item using an activation code provided by the crypto controller.

Abstract: Detection of email phishing attacks is initiated when an email is received in a computer system. The email is parsed for features indicative of an email phishing attack, such as a link to an external website. The link to the website is followed to connect to and access the website. Fictitious information, such as fake user credentials or fake credit card information, is provided to the website. The response of the website to the fictitious information is evaluated to determine if the website is a phishing site. The website is deemed to be a phishing site when the website accepts the fictitious information as valid. The email is blocked to prevent its addressee from opening the email when the email is deemed part of a phishing attack, such as when it links to a phishing site.

Abstract: A method in a multimedia device (130) including obtaining protected content having a limited exercisable right associated therewith, obtaining an extension of the limited exercisable right when a condition is satisfied, for example, when the device enters a DRM system different than the DRM system from which the protected content originated, wherein the extension of the limited exercisable right is obtained from an entity other than the multimedia device, for example, from an anomaly detector.

Abstract: A long-term signature server includes a signing target data acquisition function for acquiring signing target data, a signature data transmission function for transmitting to a long-term signature terminal signature data for the electronic-signing of the acquired signing target data, a signature value reception function for receiving an electronic signature value of the signing target data generated using the signature data transmitted from the long-term signature terminal, a time stamp acquisition function for acquiring a time stamp corresponding to the received electronic signature value, and a signature data generation function for generating basic signature data using at least the acquired signing target data, the received electronic signature value, and the acquired time stamp.

Abstract: According to an embodiment, a system is provided comprising a memory and a processor. The memory may be operable to store a master image associated with a user account. The master image may comprise an image of a physical, non-living object. The processor may be coupled to the memory and may be operable to receive a request to perform a transaction associated with the user account. The processor may be further operable to receive an image that is scanned in real-time in conjunction with the request to perform the transaction. The processor may be further operable to compare the scanned image with the master image associated with the user account and to perform the transaction if the scanned image is substantially similar to the master image.

Abstract: A timestamping system including a plurality of time servers and a timestamping device, the timestamping device including a dividing processing unit dividing an electronic document into a plurality of divided data items by a secret sharing scheme, a distributing processing unit transmitting the divided data items to different servers, respectively, and collecting, from each of the servers, each of the divided data items corresponding to the electronic document being requested for timestamping by a user, a restoring processing unit restoring the electronic document by a secret sharing scheme based on each of the collected divided data items, and an existed time calculating unit calculating and outputting an existed time regarding the electronic document based on timestamps applied to the data items when the electronic document can be normally restored.

Abstract: Methods and systems for robust watermark insertion and extraction for digital set-top boxes are disclosed and may include descrambling, detecting watermarking messages in a received video signal utilizing a watermark message parser, and immediately watermarking the descrambled video signal utilizing an embedded CPU. The embedded CPU may utilize code that may be signed by an authorized key, encrypted externally to the chip, decrypted, and stored in memory in a region off-limits to other processors. The video signal may be watermarked in a decompressed domain. The enabling of the watermarking may be verified utilizing a watchdog timer. The descriptors corresponding to the watermarking may be stored in memory that may be inaccessible by the main CPU. The watermark may comprise unique identifier data specific to the chip and a time stamp, and may be encrypted utilizing an on-chip combinatorial function.

Abstract: A computer readable medium stores a program causing a computer to execute a key generating processing. The computer generates a signatory private key which is used in an electronic signature, a signatory public key, a signatory public key certificate, a certification public key which is used when recording the signatory private key in a PKI card and a certification private key, transmits the certification private key to the PKI card via a secure communication path, and transmits an encoded signatory key obtained by encoding the signatory public key certificate and the signatory private key using the certification public key to the PKI card via the secure communication path or a non-secure communication path.

Abstract: A data processing system for distributing and authenticating documents from a plurality of parties to a recipient data processing apparatus is disclosed. The system comprises a plurality of document distribution devices each configured to generate an original hash value from the content of a file containing a document to be distributed. A recipient data processing apparatus is configured to generate an original super hash value from the plurality of the original hash values, and to distribute the original super hash value to each of the document distribution devices. The system provides assurance that distributed documents have not been tampered with during communication, by an unscrupulous distributing party, or by an unscrupulous recipient by only submitting a hash value of the document to be distributed. The hash value provides for assurance at the eventual recipient of the document that no changes to the document have been made.

Abstract: A method of performing a transaction between a first device and a second device, the first device having an established trusted communication relation with a first trusted device and the second device having an established trusted communication relation with a second trusted device, the first and the second trusted device each having an established trusted communication relation with a fourth trusted device, comprises the steps of the first device sending, to the first trusted device, first input data, and the second device sending, to the second trusted device, second input data, the first trusted device confirming the originality of the first device and sending the first input data to the fourth trusted device, and the second trusted device confirming the originality of the second device and sending the second input data to the fourth trusted device, the fourth trusted device, upon receipt of the first and the second input data, sending to the first trusted device a first receipt message comprising the f

Abstract: An electronic device generates identifying values which are used in authenticating the electronic device. The device comprises an interface, a private key generator for generating a private key, a non-volatile memory for storing at least the private key, an index source, a hash engine, and a logical interconnection between the private key generator, the non-volatile memory, the index source, the hash engine and the interface. The hash engine generates identifying values provided to the interface via the logical interconnection. The identifying values are provided to a verifying device for use in authenticating the electronic device. Alternatively or in addition, devices may be paired to share a root key to cryptographically communicate between each other and/or to authenticate each other.

Abstract: An apparatus and a method for validating requests to thwart cross-site attacks is described. A user identifier token, a request identifier token, and a timestamp, are generated at a web application of a server. A Message Authentication Code (MAC) value is formed based on the user identifier token, the request identifier token, and the timestamp using a secret key of the web application. Names of the form elements are enciphered. Fake form elements can also be added to the dynamic form. The entire page also can be enciphered. The dynamic form is sent with the MAC value and the time stamp to a client. A completed form comprising a returned MAC value and a returned timestamp is received from the client. The completed form is validated at the server based on the returned MAC value and the returned timestamp.