Abstract: The present invention provides for an authenticity marker to be embedded within web page and/or email content which allows a user to validate that the content originates from the true source of the content and is not merely a copy. The method includes a user requesting content in the form of a web page and/or email from a server using a web browser or email client. The server receives the request, retrieves the content and forwards it to an authentication server. The authentication server inserts into the retrieved content a unique fractal icon and/or information only known between the owner of the content and the user.

Abstract: A system and method for signing data transferred over a computer network is described. In one aspect, the HTTP header of an HTTP response message is extended to include a content identifier, a content expiration time, and a digital signature. The digital signature may be generated from the content identifier, the content expiration time, and the message body of the HTTP response message.

Abstract: A client-server communication protocol permits the server to authenticate the client without requiring the client to authenticate the server. After establishing the half-authenticated connection, the client transmits a request and the server performs or responds accordingly. A network management system and environment where this protocol can be used is also described and claimed.

Abstract: In a network device, a method for verified communication includes generating a network communication message using a selection of predetermined message elements having digital signatures generated with a private key. The network device generates a signature for the message by applying a homomorphic operation to the digital signatures of the selected predetermined message elements and to a one-time signature corresponding to a random number. The network device transmits the message in association with the signature for the message and the random number to at least one other network device.

Abstract: A mobile node and its home system generate synchronized time-based codes at periodic time intervals. Each time-based code is valid for a predetermined time period. To facilitate anonymous operation when roaming, the mobile node identifies itself with a coded identifier instead of a public identifier. The coded identifier used at a given time includes the time-based code that is valid for that given time. To authenticate the mobile node, a serving system receives authentication information from the mobile node and forwards the authentication information to a home system. The authentication information includes the current time-based code and a timestamp. The home system identifies the mobile node from the current time-based code and the timestamp. The home system then uses the authentication information to authenticate the mobile node.

Abstract: When performing secure processing using confidential information that needs to be confidential, the secure processing device according to the present invention prevents the confidential information from being exposed by an unauthorized analysis such as a memory dump.

Abstract: A method for securely publishing an access control list begins with a DS managing unit generating an authentic and time-stamped access control list from the access control list, wherein the access control list provides a list of authorized accesses to the DSN. The method continues with the DS managing unit sending the authentic and time-stamped access control list to a publisher unit. The method continues with the publishing unit sending the authentic and time-stamped access control list to a plurality of DS units.

Abstract: Execution of the ECMQV key agreement algorithm requires determination of an implicit signature, which determination involves arithmetic operations. Some of the arithmetic operations employ a long-term cryptographic key. It is the execution of these arithmetic operations that can make the execution of the ECMQV key agreement algorithm vulnerable to a power analysis attack. In particular, an attacker using a power analysis attack may determine the long-term cryptographic key. By modifying the sequence of operations involved in the determination of the implicit signature and the inputs to those operations, power analysis attacks may no longer be applied to determine the long-term cryptographic key.

Abstract: An image reading apparatus which reads an original document and generates a digitized scanned document, and which includes a document storage section that stores the scanned document, a document bundling section that identifies one or more scanned documents stored by the document storage section, and bundles the identified documents into one document, and a time stamp affixing section that creates a digital signature of the document bundled by the document bundling section, and affixes a time stamp.

Abstract: A system and method for storing data in a virtual file system using write once read many (WORM) protection includes a WORM server in communication with one or more storage devices and a controller in communication with the WORM server. A first time stamping process for creating a first time stamp for a data object based on instructions applied by the controller for storage on the WORM server. A second time stamping process for creating a second time stamp for the data object for storage on the WORM server. The second time stamping process creates the second time stamp for the data object and first time stamp to ensure the integrity of the data object stored on the system.

Abstract: Electronic documents corresponding to executed paper documents are certified. A certifying agent receives an electronic document and a corresponding paper document that had been executed pursuant to some transaction. The certifying agent compares the information contained in the paper to that in the electronic mortgage document. If the paper adequately corresponds to the electronic document and is otherwise sufficient, then the certifying agent certifies the electronic document so that other parties can reliably engage in transactions involving the electronic document without having to possess or otherwise inspect the executed paper document. Certification involves application of some form of indicia of certification to the electronic document, such as updating the value of a field corresponding to certification in the electronic document and/or applying a digital or electronic signature corresponding to the certifying agent to the electronic document.

Abstract: In various embodiments, a computerized method includes receiving electronic content to be archived. The electronic content comprises a digital signature. The method also includes archiving the digital signature, wherein archiving of the digital signature comprises determining a validity status of the digital signature and storing the validity status in the electronic content. The method includes archiving the electronic content after the validity status has been stored in the electronic content. The method includes storing the archived electronic content and the attestation signature into a machine-readable medium.

Abstract: Disclosed are systems and methods for establishing a personal identification number (PIN). The systems and methods provide techniques to begin a remote session with a customer, prompt the customer to select a PIN to associate with a financial account card during the remote session, and receive the PIN from the customer during the remote session.

Abstract: A location collection system is described herein that provides a uniform facility for reporting location data to a cloud-based service from a variety of devices, and that provides a uniform facility for accessing aggregated location data collected by the cloud-based service. The system collects location information related to a user and reports the location information to a central service to provide a variety of useful services to the user. By providing a big, secure location vault in the cloud, the system enables big data analytics to be used to allow current and future questions to be asked of this data and to correlate this with other data to enable new scenarios not yet enabled. Thus, the location collection system provides a model to report, gather, and analyze location data across devices and users.

Abstract: A coded system for radio-frequency communication (RFC); the system comprising at least one base station (20) and a plurality of mobile devices (10); the base station and mobile devices are individually provided with running time information synchronized inter se; the mobile device is adapted for transmitting an identifying signal to the base station device; the base station is adapted for receiving the signal; wherein the signal further comprises a preamble including a miming-time-dependent code generated according to a predetermined algorithm (220); the base station is adapted for comparing the code with a reference code generated by the base station according to the algorithm (260), authorizing the RFC in response to coincidence of the running-time-dependent codes generated by the base station and the mobile (270).

Abstract: A system of Wi-Fi terminals and a channel operation method for the same are provided. The method includes selecting a user function of a sending terminal including a Wi-Fi module, determining whether the selected user function is a Wi-Fi related function, performing, when the selected user function is the Wi-Fi related function, by the sending terminal, a search for a terminal capable of handling the user function, selecting, by the sending terminal, a found terminal as a receiving terminal, automatically establishing, by the sending terminal, a Wi-Fi channel to the receiving terminal by automatically sending a Probe Request message containing a Personal Identification Number (PIN) code, sending, by the sending terminal, data generated by the user function to the receiving terminal through the Wi-Fi channel, and outputting, by the receiving terminal, the received data.

Abstract: On-demand protection and authorization of playback of media assets includes receiving digital media at a server computer, storing intermediary data in a data store, and receiving a request from a client for the digital media. The method also includes generating a protected copy of the digital media from the digital media and the intermediary data. The method also includes storing a description of the protected copy in a database and sending the protected copy to the client. The method also includes receiving a request from the client to access the digital media and reading the description from the database based on information in the request. The method also includes sending a response to the client, the response indicating whether the client is authorized to access the digital media, and the response including cryptographic data to decrypt the protected digital media if the client is authorized to access the digital media.

Abstract: A method for secure data communications in fax transmissions and computer network communications comprising a. Allowing the sender to receive confirmation that the receiver received the message without having to rely on the receiver accessing a web site; b. Enabling the sender to prove a message was sent to the intended receiver at the specified time/date; c. Enabling the sender to prove the content of the sent message; d. Enabling the receiver to know that the message originates from the purported sender without need to rely on encryption and digital signatures; e. Preventing the theft of digital signatures based on hardware that contains encryption keys and a surrounding processing in isolation so that malicious software cannot cheat the users by accessing said hardware; f. Preventing forgeries of source addresses of the senders which is applied to the sender's phone number, the sender's email addresses, and/or the sender's IP addresses.

Abstract: A method for revoking access to a mobile device includes providing a plurality of authenticated applications accessible by the mobile device, and providing a plurality of revocation timeout intervals for revoking access by the mobile device to the plurality of authenticated applications. Access to a first authenticated application is revoked after a first timeout interval and access to a second authenticated application is revoked after a second timeout interval.

Abstract: A dynamic notary system having one or more processors, and one or more non-transitory computer readable medium coupled to the one or more processors with at least one of the computer readable medium being local to the one or more processors. The one or more non-transitory computer readable medium stores computer executable instructions, that when executed by the one or more processors cause the one or more processors to: (1) verify a notary with user identification information stored on the at least one computer readable medium local to the one or more processors, (2) retrieve a document to be notarized from the one or more non-transitory computer readable medium, (3) receive a signatory's electronic signature, (4) receive the notary's electronic signature, (5) apply a notary seal to the document, and (6) lock the document in an unchangeable format.

Abstract: To improve encryption technology for a data processing apparatus in order to reduce a possibility of having communication broken by a third party. The data processing apparatus encrypts subject data and renders it as encrypted data to record it on a predetermined recording medium, and decrypts the encrypted data recorded on the recording medium to change it back to the subject data. The encryption is performed in units of plain text cut data generated by cutting the subject data by a predetermined number of bits, where the number of bits of the plain text cut data is varied and dummy data of a size having the number of bits matching with a piece of the plain text cut data of the largest number of bits is mixed with pieces of the plain text cut data other than that of the largest number of bits out of the plain text cut data.

Abstract: When input data (f0) is read into a digital signature generating apparatus, a hash value (h0) is calculated. The hash value (h0) is stored to a storage area (M1), which has the highest priority rank among 5 storage areas. Subsequently, when input data (f1) is read in, a hash value (h1) is calculated. Since the storage area (M1) is already occupied by the hash value (h0), the hash value (h0) is read out from storage area (M1), emptying the storage area (M1). The read hash value (h0) and the hash value (h1) are concatenated, forming a concatenated hash value (h0|h1) and a hash value (h0,1) is calculated. The hash value (h0,1) is stored to a storage area (M2), which has the highest priority rank after the storage area (M1). When input data (f2) is read in, a hash value (h2) is calculated and stored to the storage area (M1).

Abstract: A system for isolating a data communication network has been developed. The system includes an internal computer system with an internal computer that is in data communication with the internal computer system, and an external computer system with an external computer that is in data communication with the external computer system. The internal and external computers are connected with an ethernet adapter that only allows transmission of data from the internal computer system and prohibits the receipt of data by the internal computer system.

Abstract: A prevention-based network auditing system includes a central compliance server providing a user interface allowing a user to schedule and configure a network audit. The configured audit is stored in an audit repository until its scheduled time. At such a time, the compliance server automatically invokes one or more audit servers to gather information about the network. The compliance server receives the gathered information and electronically applies a network policy to the information for determining compliance with the policy. A remediation task may be generated if the policy has been violated, and the task monitored until its completion.

Abstract: A document disposal certification apparatus is installed in a document generation apparatus for generating a document, a document disposal apparatus for disposing of the document, or a server that are used with being connected to the document generation apparatus and the document disposal apparatus. The document disposal certification apparatus includes a generation information acquisition section, a disposal information acquisition section and an information management section. The generation information acquisition section acquires information concerning document generation in the document generation apparatus, as document presence certification information. The disposal information acquisition section acquires information concerning document disposal in the document disposal apparatus, as document disposal certification information.

Abstract: An authentication system for authentication and verification of data provides verification that stored data has not been tampered with or otherwise altered. The authentication system may be configured to interoperate with a variety of other systems, such as various data storage and retrieval systems. In this manner, the authentication and verification services can be used to enhance various systems with data verification capabilities. The authentication system may sign and verify signatures for data. In addition, the authentication system may be configured to verify the time of a data event, the timeliness of the data event, or both.

Abstract: A data acquiring unit acquires electronic data. A tamper-resistant chip includes a storing unit that stores a confidential key specific to a device, and a collecting unit that collects device information that is internal information of the device. An attaching unit attaches collected device information to acquired electronic data. An encrypting unit encrypts the electronic data with the device information attached, using the confidential key stored in the storing unit.

Abstract: Information processing apparatus (100) ensures confidentiality of encryption and reduces overhead associated with processing not directly related to the encryption. The information processing apparatus (100) includes: application program (A158) that includes an instruction for encryption which uses a key; tampering detection unit (135x) that detects tampering of the program; CPU (141) that operates according to instructions and outputs a direction for encryption upon detecting the instruction for encryption; data encryption/decryption function unit (160) that controls switching to the protective mode according to the direction; and protected data operation unit (155) that stores a key in correspondence with the program, outputs the key in the protective mode, and controls switching to the normal mode, and the data encryption/decryption function unit (160) executes the encryption in the normal mode using the received key.

Abstract: A computer-implemented, transaction-making, municipal bond trading system having a capability to conduct a private electronic auction of bid wanteds between a central brokers' broker and multiple prospective remote bidders and to maintain a reference database of accurate individual bond lot descriptions and identifications, including CUSIP (trademark) numbers.

Abstract: The invention relates to methods and apparatuses for acquiring a physical measurement, and for creating a cryptographic certification of that measurement, such that its value and time can be verified by a party that was not necessarily present at the measurement. The certified measurement may also include corroborative information for associating the actual physical measurement process with the certified measurement. Such corroborative information may reflect the internal or external state of the measurement certification device, as well as witness identifiers of any persons that may have been present at the measurement acquisition and certification. The certification may include a signal receiver to receive timing signals from a satellite or other external source. The external timing signals may be used to generate the time included in the certified measurement, or could be used to determine the location of the measurement certification device for inclusion in the certified measurement.

Abstract: A method and system is provide for performing a certificate validity check between a vehicle receiving a message and an entity transmitting the message in a vehicle-to-entity communication system. The message includes a digital certificate. A determination is made whether the digital certificate is expired. A determination is made whether the digital certificate is listed in a local certificate revocation list stored in a memory of the vehicle in response to a determination that the digital certificate is not expired, otherwise, disregarding the message. An elapsed time is determined since a last freshness check in response the digital certificate not listed in the local certificate revocation list. The elapsed time is compared to a threshold requirement. The digital message is accepted for additional processing in response to the freshness check meeting the threshold requirement, otherwise, the message is disregarded.

Abstract: Embodiments of the present disclosure provide systems and methods for secure Short Message Service (SMS) communications. According to an embodiment, a method of providing secure Short Message Service (SMS) communications comprises requesting that SMS data to be sent from a client device to a remote location be encrypted. The method also comprises encrypting the SMS data by processing the SMS data with a Message Authentication Code (MAC) and a timestamp and/or counter along with second factor authentication information. The method further comprises sending the encrypted SMS data to the remote location by a secure SMS application via a regular SMS channel of the client device.

Abstract: Systems and methods for authenticating a user of a service are disclosed. A Personal Identification Number (PIN) is generated using a plurality of variables, and a user is authenticated by comparing the PIN generated at the user's mobile device with a PIN generated on an authentication server. The authentication enables the user to access a service or resource hosted on a host server. When requesting access to the resource, the user generates a device PIN and transmits the device PIN along with their unique key into the host server. The host server forwards the device PIN and the key to the authentication server. The authentication server generates a server PIN and compares the server PIN to the device PIN. If the two PINS match, the authentication server transmits a successful authentication response to the host server.

Abstract: According to one embodiment, the data transmitting device includes a storing unit, an authenticator generating unit, and a communication unit. The storing unit stores accuracy information based on an accuracy of synchronization between a first clock and a second clock. The first clock indicates a current time of the data transmitting device. The second clock indicates a current time of other device to be a destination of a data packet. The authenticator generating unit calculates a first time by adding a predetermined time to the current time of the data transmitting device, calculates a second time by adjusting the first time using the accuracy information, and generates an authenticator using the second time, the data packet, and a predetermined secret key. The communication unit transmits, to the other device, the data packet with the authenticator at a third time obtained by adding the second time to a predetermined time.

Abstract: An electronic transaction evidence archive apparatus and method archives electronic transaction evidence, such as public key based electronic transaction evidence on behalf of a first party. The apparatus and method determines redundant electronic transaction evidence and removes the redundant electronic transaction evidence prior to archival. In one embodiment, the electronic transaction evidence archive apparatus and method indexes received electronic transaction evidence and archives the indexed data elements thereof. When a subsequent archival request is made, the apparatus and method evaluates the index data to determine redundant electronic transaction evidence and discards redundant information to save memory resources. The first party provides the electronic transaction evidence in, for example, an archive evidence bundle, which includes data elements related to a single transaction.

Abstract: In accordance with an embodiment of the invention, a method of writing and reading redundant data is provided. Data is written by storing a copy of the data along with a timestamp and a signature at each of a set of storage devices. The data is read by retrieving the copy of the data, the timestamp and the signature from each of a plurality of the set of data storage devices. One of the copies of the data is selected to be provided to a requestor of the data. Each of the storage devices of the set is requested to certify the selected copy of the data. Provided that a proof of certification of the selected copy of the data is valid, the storage devices of the set are instructed to store the selected copy of the data along with a new timestamp.

Abstract: A facsimile system and method provides authentication of transmitted image information, which authentication may be in the form of a signature page. An authentication device computes authentication information at a sending device, a receiving device, both, or at a remote location during transmission. The signature page may also be transmitted with the document. The sending and receiving devices may each generate signature pages or acknowledgement of receipt in response to receiving a signature page. The authentication information may be encrypted with a public/private key pair. The authentication information may be in the form of a checksum, and may be prepared based on separate regions of the document. A previously generated signature page is compared to a newly generated signature page to verify the document content or authenticity. Document authentication signatures may include machine-readable symbols to represent the authentication information.

Abstract: A system, method, and computer program product are provided for populating a list of known wanted data. In use, an update to data is identified. In addition, a list of known wanted data is populated with the data, in response to the update.

Abstract: In an embodiment, a first device detects a first interaction between the first device and a second device. The first device assigns a first rating of the first interaction. The first device calculates an internal trust for the second device based on the first rating and a first time since the occurrence of the first interaction. The first device receives trust data from a third device. The first device calculates a community trust for the second device based on the trust data and an internal trust that the first device has for the third device. The first device calculates a total trust that the first device has for the second device based on the community trust and the internal trust that the first device has for the second device. If the total trust is less than a minimum threshold, the first device disallows a second interaction.

Abstract: A gateway server interoperates with client and remote server systems to provide stateless security management for a distributed Web application. A Web client application on the client system initiates a WebSocket connection directed to a remote Web service by performing an authentication challenge directed to a user of the Web-browser client where a secure token is not present in a local store instance corresponding to the client application. The authentication challenge obtains the user credentials and then exchanges the user credentials with the gateway server for a secure token. The secure token is then sent in a protocol specific connect message to the gateway server.

Abstract: Provided are an apparatus and method for preventing falsification of black box data. The apparatus for preventing falsification of black box data includes a driving information storage module and a falsification prevention module. The driving information storage module stores a driving information data which is collected by a black box. The falsification prevention module encrypts the driving information data to generate a falsification determination data through a predetermined encryption mechanism, and stores the falsification determination data.

Abstract: A bidirectional entity authentication method based on the credible third party includes the steps that: entity A receives message 1 sent from entity B including the authentication parameters of said entity B, and sends message 2 to the credible third party TP, said message 2 including the authentication parameters of entity B and the authentication parameters of entity A; entity A receives message 3 sent from said credible third party TP, said message 3 including the checking result after checking that whether said entity A and entity B are legal based on said message 2 by said credible third party TP; entity A gets the authentication result of entity B after authenticating said message 3, and sends message 4 to said entity B to make entity B authenticating based on said message 4 and getting the authentication result of entity A.

Abstract: A computer system to authenticate documents periodically appending a hash representing a document to a data structure, the data structure configured to store one or more hashes and creating a commitment for the data structure at pre-established intervals by creating a digest of the one or more hashes of the of the data structure, wherein the size of the commitment is constant regardless of the number of hashes in the data structure.

Abstract: A method and computer readable medium for conducting a transaction, comprising receiving a verification value and a portion of a dynamic data element, determining candidate dynamic data elements using the portion of the dynamic data element, calculating candidate verification values using candidate dynamic data elements, and determining if the received verification value matches any of the candidate verification values, wherein the transaction is thereafter authenticated if a candidate verification value matches a candidate verification value.

Abstract: Disclosed are methods and circuits for detecting and recording timestamps for multiple events (222/322, 224/324) using a single input pin (252, 352) on a real time clock (RTC) (250, 350). Signals associated with each of the events are modulated to create a multiple level composite signal (240). The RTC includes a multiple signal level detection circuit to distinguish from among the various signal levels so that each event can be separately flagged and timestamped. For example, the opening of two or more covers (112, 114) on the housing (110) of an electronic device (100) can be monitored, distinguished, and separately flagged using a single RTC input port.

Abstract: A non-transitory computer readable medium storing a program causing a computer to execute a process including: accepting an instruction for verifying an electronic signature added to information; verifying the electronic signature on the basis of an electronic certification corresponding to the electronic signature in accordance with the accepted instruction; calculating, when it is determined that the information has not been tampered with, a hash value of a combination of the information, the electronic signature, and validity-period information indicating a validity period of the electronic certification; adding a time stamp to the calculated hash value; outputting the information, the electronic signature, the hash value, and the validity-period information to a storage device; and outputting, when it is determined that the information has not been tampered with, a verification result including information indicating that the information has not been tampered with.

Abstract: A security module on a client detects a signed file at the client and reports signing information identifying a certificate used to sign the file and a file identifier identifying the file to a security server. The security server uses the signing information to determine whether the certificate is compromised. If the certificate is compromised, the security server compares a discovery date of the file with a compromise date of the certificate. The security server generates trust data assigning a trust level to the file responsive to the comparison. The trust data assign a low trust level to the file if the comparison indicates that the file discovery date is after the compromise date and assign a high trust level to the file if the comparison indicates that the file discovery date is not after the compromise date. The security server provides the trust data to the client.

Abstract: A method and apparatus to establish a trustworthy local time based on trusted computing methods are described. The concepts are scaling because they may be graded by the frequency and accuracy with which a reliable external time source is available for correction and/or reset, and how trustworthy this external source is in a commercial scenario. The techniques also take into account that the number of different paths and number of hops between the device and the trusted external time source may vary. A local clock related value which is protected by a TPM securely bound to an external clock. A system of Accuracy Statements (AS) is added to introduce time references to the audit data provided by other maybe cheaper sources than the time source providing the initial time.

Abstract: A system and method is disclosed for placing an electronic apparatus into a protected state in response to environmental data. The method discloses: receiving a set of environmental data applicable to an electronic apparatus; generating an environmental status applicable to the electronic apparatus based-on the environmental data; and placing the electronic apparatus into a protected state based-on the environmental status. The system discloses an environment characterization module which receives a set of environmental data applicable to an electronic apparatus, and generates an environmental status applicable to the electronic apparatus based-on the environmental data; and an apparatus protection module which places the electronic apparatus into a protected state based-on the environmental status.

Abstract: A method and system for supply of data, including generating a first digital certificate referred (empowerment certificate) signed with a first signing entity's electronic signature. The empowerment certificate includes attributes of the described entity, information identifying the first signing entity, indication of data relating to the described entity, indication of a source of the data, and identification of a relying entity to which the data can be supplied. The relying entity forwards the empowerment certificate to a source supplying the data indicated in the empowerment certificate. The data may be supplied to the relying entity by a second digital certificate (custom certificate), signed with a second signing entity's electronic signature. Custom certificates may appear in custom certificate revocation lists. A system and method for transfer of ownership of electronic property from a first entity to a second entity, and a method and system for electronic voting are also provided.