Abstract: A document management system includes a document. One or more of a plurality of map-files of the document correspond(s) with a step of a multi-step workflow associated with the document. A random nonce is generated for each of the steps of the multi-step workflow except for an initial step of the multi-step workflow. Each of the random nonces i) is incorporated as a map-file entry into a respective one of the plurality of map-files corresponding with a step of the multi-step workflow that directly precedes the step of the multi-step workflow for which the random nonce is generated and ii) is used to perform a nonce-based initiating operation a respective one of the plurality of map-files corresponding with the step of the multi-step workflow for which the random nonce is generated.

Abstract: The present invention provides a system and a method for generating digital signatures. The system comprises a first formula which generates the signature as selected series from at least two, but preferably more digitized biometric features of a user. The signature comprises a different selected series per unit of time of for instance 10 seconds. The invention comprises a second formula which assigns a numerical value to a data file. The second formula can also use the numerical value to define another time interval, on the basis of which another signature can be generated. The invention further provides a number of examples for application of the generated signature during the sending of data files.

Abstract: A random number generating device includes: a random number generator configured to have a plurality of random number generating elements that generate a random number in response to supply of a spin-injection current; and a temperature controller.

Abstract: A method and system facilitating the development and distribution of software is provided. The system includes a database provided on a computing device, the computing device configured to enable users to provide an update to an element of the database, wherein the element is associated with an object. The system further includes time stamp tracking software configured to enable revisions to elements of the database by establishing time stamps for each stored element changed at a specified time and an assembler configured to enable a user to assemble elements for execution based on time stamping.

Abstract: A system is provided to monitor a user's interaction with a computer. The system may comprise a random reference data generator to generate a random reference string, an image generator to create an image including the random reference string, a modification module to iteratively modify the image until a distortion criterion is satisfied, and a communications module to communicate the image to a client computer for display to a user. The random reference string comprises a plurality of alphanumeric characters.

Abstract: The conventional data transmitting/receiving system has problems: that a correct measurement cannot be performed because a measurement result is an addition of a verification processing time and a transmission time; that an authentication processing which is necessary for a transmission time measurement processing needs to be separately required; and that an unnecessary key exchange processing is executed.

Abstract: A computer-implemented method for using reputation data to detect packed malware may include: 1) identifying a file downloaded from a portal, 2) determining that the file has been packed, 3) obtaining community-based reputation data for the file, 4) determining, by analyzing the reputation data, that instances of the file have been encountered infrequently (or have never been encountered) within the community, and then 5) performing a security operation on the file (by, for example, quarantining or deleting the file).

Abstract: A method of securing transmission of streaming media by encrypting each packet in the stream with a packet key using a fast encryption algorithm. The packet key is a hash of the packet tag value and a closed key which is unique for each stream. The closed key is itself encrypted by the sender and passed to the recipient using a public key encryption system. The encrypted closed key (open key) may conveniently be inserted into the stream header. All of the packets in the stream are encrypted, but only the data pay load of each packet is encrypted. It is computationally infeasible, without knowing the recipient's private key to calculate the closed key based upon knowledge of publicly accessible information such as the recipient's public key, the open key, the encrypted stream data or the packet tag values.

Abstract: To create signature data which certifies the time when information existed and add it to the information more efficiently than before. A time certification system for certifying the time when information existed, comprising: an identity certification data acquisition section for acquiring identity certification data generated based on the information to certify the identity of the information; a time certification data generation section for observing a target object changing with time elapse from the outside and generating time certification data based on observation data obtained as a result of the observation, in response to an instruction received from a user; a signature data generation section for generating signature data indicating that the information existed at the time when the target object was observed, based on combination of the identity certification data and the time certification data; and an information recording section for recording the signature data in association with the information.

Abstract: Long-term signature data is formed at a server side while a private key and the like are held at a client side. The long-term signature data is configured by arranging ES, STS, verification information, ATS (1st), and ATS (2nd) in a predetermined long-term signature format. Among these elements, those for which processing using the private key and original data are necessary are ES and ATS. Due to processing where the original data and the private key is necessary being performed by a client terminal 3 and processing where the long-term signature data is analyzed and generated being performed by a long-term signature server 2, the long-term signature data is generated in the long-term signature server 2 while the original data and the private key are held in an inner portion of the client terminal 3.

Abstract: Embodiments describe a system and/or method for multiple party digital signatures. According to a first aspect a method comprises establishing a first validity range for a first key, establishing a first validity range for at least a second key, and determining if the validity range of the first key overlaps the first validity range of the at least a second key. A certificate is signed with the first validity range of the first key and the first validity range of the at least a second key if the validity ranges overlap. According to another embodiment, signage of the certificate is refused if the first validity range of the first key does not overlap with the first validity range of the at least a second key.

Abstract: An evidence collection system for reliably collecting and preserving web-based evidence. An end-user's computing device browser accesses an evidence collection web site and identifies a web resource to be collected. An evidence collection station communicates with the target web server(s) and collects the body of evidence requested. Multiple representations of the information are collected to support the defensibility of the capture. Digital signature and digital time stamp methodologies are used to enhance the forensic soundness of the captured evidence. Capture results are conveyed to the end-user along with a report that describes the evidence captured in a manner which may be utilized as evidence comprehensible to a lay judge and jury.

Abstract: This invention relates to creating a verifiable timestamp for a data object, such as a digital photograph. The verifiable timestamp includes a first and second timestamp and a data object. The verifiable timestamp enveloped with several different tiers of digital signatures that together authenticate that the data object was created at a time after the first timestamp, but before the second timestamp.

Abstract: Electronic documents corresponding to executed paper documents are certified. A certifying agent receives an electronic document and a corresponding paper document that had been executed pursuant to some transaction. The certifying agent compares the information contained in the paper to that in the electronic mortgage document. If the paper adequately corresponds to the electronic document and is otherwise sufficient, then the certifying agent certifies the electronic document so that other parties can reliably engage in transactions involving the electronic document without having to possess or otherwise inspect the executed paper document. Certification involves application of some form of indicia of certification to the electronic document, such as updating the value of a field corresponding to certification in the electronic document and/or applying a digital or electronic signature corresponding to the certifying agent to the electronic document.

Abstract: An apparatus for managing access to a computing resource, comprises a clock configured to associate a datum arrival time with an authentication datum. The clock is further configured to calculate a datum elapsed time between a first datum arrival time associated with a first authentication datum and a second datum arrival time associated with a second authentication datum. The apparatus also comprises an authentication module configured to receive at least the first authentication datum and the second authentication datum; compare the datum elapsed time with a threshold elapsed time; and selectively provide access to a computing resource based at least in part upon successfully matching the received first authentication datum with a stored first authentication datum, successfully matching the received second authentication datum with a stored second authentication datum, and determining that the datum elapsed time exceeds the datum threshold time.

Abstract: An information processing device creates a hash value from an event log every time the event occurs. The information processing device generates a digital signature by encrypting the hash value with its own private key. The device transmits the signature-bound event log obtained by binding the digital signature with the event log to a log management apparatus. The log management apparatus decrypts the hash value from the event log of the received signature-bound log information using a device public key. The apparatus also generates a new hash value from the event log verifies the coincidence of the decrypted hash value and the new hash value, and authenticates signature-bound event logs for which this coincidence has been verified. The apparatus stores signature-bound event logs that have been authenticated. Every time an event occurs, the device transmits an event log bound with a digital signature that is created using its private key.

Abstract: A method for digitally signing of electronic documents which are to be kept secure for a very long time, thereby taking into account future cryptographic developments which could render currently cryptographic key-lengths insufficient. A double signature is issued for each document. A first digital signature ensures the long term security, while a second digital signature ensures the involvement of an individual user. Thereby, the second digital signature is less computationally intensive in its generation than the first digital signature.

Abstract: In a private network setting in which various computers can be attached, the confidential or sensitive data within the various devices on the private network is vulnerable. The ability to copy such confidential or sensitive data to a storage device communicatively coupled to a client computer on the network is governed and controlled. Only devices that include an authentic stamp or digital certificate can be accessed by client computers. If a device does not have a valid stamp or the stamp has been black listed, then the access to the device can be prevented or greatly limited.

Abstract: A system (200) detects transmission of potentially malicious packets. The system (200) receives, or otherwise observes, packets and generates hash values based on variable-sized blocks of the packets. The system (200) then compares the generated hash values to hash values associated with prior packets. The system (200) determines that one of the received packets is a potentially malicious packet when one or more of the generated hash values associated with the received packet match one or more of the hash values associated with the prior packets.

Abstract: A method, apparatus and a data storage device are provided for implementing data confidentiality and integrity of data stored in overlapping, shingled data tracks on a recordable surface of a storage device. A unique write counter is stored for each zone written to the recordable surface of the storage device. An encryption key is used together with the write counter information and a logical block address to encrypt each sector being written, and to decrypt all sectors being read. An individual sector is decrypted, obtaining the write counter information and reading the data sector. A message authentication code is stored for each zone. All sectors of the zone are read to perform integrity check on a sector.

Abstract: Disclosed are systems and methods for establishing a personal identification number (PIN). The systems and methods provide techniques to begin a remote session with a customer, prompt the customer to select a PIN to associate with a financial account card during the remote session, and receive the PIN from the customer during the remote session.

Abstract: A halting key derivation function is provided. A setup process scrambles a user-supplied password and a random string in a loop. When the loop is halted by user input, the setup process may generate verification information and a cryptographic key. The key may be used to encrypt data. During a subsequent password verification and key recovery process, the verification information is retrieved, a user-supplied trial password obtained, and both are used together to recover the key using a loop computation. During the loop, the verification process repeatedly tests the results produced by the looping scrambling function against the verification information. In case of match, the trial password is correct and a cryptographic key matching the key produced by the setup process may be generated and used for data decryption. As long as there is no match, the loop may continue indefinitely until interrupted exogenously, such as by user input.

Abstract: The invention relates to methods and apparatuses for acquiring a physical measurement, and for creating a cryptographic certification of that measurement, such that its value and time can be verified by a party that was not necessarily present at the measurement. The certified measurement may also include corroborative information for associating the actual physical measurement process with the certified measurement. Such corroborative information may reflect the internal or external state of the measurement certification device, as well as witness identifiers of any persons that may have been present at the measurement acquisition and certification. The certification may include a signal receiver to receive timing signals from a satellite or other external source. The external timing signals may be used to generate the time included in the certified measurement, or could be used to determine the location of the measurement certification device for inclusion in the certified measurement.

Abstract: A method for securely handling processing of information includes, in a chip, selecting one of a plurality of data processes based on a random index. After a randomly allocated time interval has elapsed, the selected one of the plurality of data processes may be initiated. The selected one of the plurality of data processes may include accessing data and/or acquiring the data. Burstiness of the data may be approximately equal to burstiness of data acquired by at least one of a plurality of clients on the chip. Data may be verified by the selected one of the plurality of data processes prior to the processing of the data.

Abstract: Systems and methods are described for improved authentication of subscribers wishing to connect to a wireless network using the EAP-AKA protocol. Embodiments exploit the requirement that the client store and transmit the Pseudonym and Fast Re-authentication Identities upon request. By using the Fast Re-authentication Identity to store session state key information, the need for the AAA server to store and replicate the EAP-AKA key information for every session is eliminated.

Abstract: An authentication method is provided in which a first portable device generates and transmits a first random number and a first timestamp to a first USIM in the first portable device; the first USIM calculates a first sign for the first portable device; the first portable device requests authentication for authenticated communication from a second portable device through transmission of the first random number, the first timestamp, and the first sign to the second portable device; the second portable device generates a second random number and a second timestamp and transmits the information to a second USIM in the second portable device; the second USIM generates a second sign for the second portable device and a second personal key which the second portable device transmits to the first portable device; the first portable device then transmits the information to the first USIM which generates a first personal key for authenticated communication.

Abstract: A system and method are disclosed for providing proxy signature to user documents comprised of an identification and authentication system, input means to enable providing identification information by the user to the identification and authentication system, authentication input means to enable providing authentication information by the user to the system, an electronic signature system, and a documents server for receiving documents from the user for electronic signature The system may comprise a storage device, an identification sub-system adapted to receive identification information from said user via said information input means and store the identification information in the storage device, an authentication sub-system adapted to authenticate the identity of the user based on information stored in said storage device and information provided by the user during authentication process via said authentication information input means The electronic signature system is adapted to apply a signature to docum

Abstract: A time authentication system provided can detect an alteration of the case, in which either of the speakers of a conversation makes the alteration, and can verify, in the case of no alteration, that a conversation voice has occurred at a time within a range. When a speaker #1 terminal (2) and a speaker #2 terminal (3), i.e., all the speakers of the conversation request a time authentication station server (1) for the issue of a unique background sound which is difficult for those other than the time authentication station server (1) to estimate beforehand, the time authentication station server (1) issues the background sound and an electronic verification, which is electronically signed by adding a time stamp to the hash of the background sound, to the speaker #1 terminal (2) and the speaker #2 terminal (3).

Abstract: An information processing apparatus for controlling use of a content recorded on a disc. The information processing apparatus includes: in reference to a certificate revocation list including invalidation information of a content owner providing the content, a data verification section verifying whether content-owner identification recorded in a content-owner certificate recorded on the disc as a certificate corresponding to the content owner is included in the certificate revocation list, and if included, the data verification section comparing a content-certificate time stamp which is stored in the content certificate recorded on the disc as a certificate corresponding to the content and a CRL time stamp which is invalidation date-and-time information corresponding to the content owner stored in the certificate revocation list; and a content-use control section prohibiting or restricting use of the content if the content-certificate time stamp has date-and-time data not earlier than the CRL time stamp.

Abstract: A system is provided that includes a processor and a system memory coupled to the processor, the system memory stores at least one application for execution by the processor. The system also includes logic coupled to the processor, the logic providing a secure time reference. The processor selectively accesses the secure time reference to generate a virtual time reference for the at least one application.

Abstract: There is presented a system and method for unlocking a content associated with media. In one aspect, the method comprises identifying the media, generating an authentication key using at least one key data from a set of key data contained in the media, determining an address in the media of at least one content unit corresponding respectively to each of the at least one key data used to generate the authentication key; requesting the at least one content unit by providing the address; receiving user data in response to the requesting; comparing the user data with the at least one key data used to generate the authentication key; and unlocking the content associated with the media if the user data matches the authentication key.

Abstract: A method for electronically storing and retrieving at a later date a true copy of a document stored on a remote storage device comprises: sending a document in electronic format from a document owner's computing device to a store entity for storing the document; generating a digest of the document while the document is at the store entity by applying a hash function to the document; signing the digest electronically with a key while said document is at the store entity; generating a receipt that includes the digest and the key; sending the receipt to the document owner; and verifying, at the document owner's computing device, that the received receipt corresponds to the document sent from the owner's computing device.

Abstract: A management server acts as a repository for a plurality of user certificates corresponding to a plurality of users. When a user wishes to access a remote computer such as a secure-enabled host requiring a secure credential, his/her computer sends a request message to the management server. The management server may perform its own validity checking. In response to a request and conditioned on the management server authorizing access to a computing resource that requires an authorization credential, the management server delivers the requested credential and executable code, the authorization credential comprising information that enables access to the computing resource and the delivered executable code manages the lifecycle of the delivered authorization credential by allowing only temporary storage without caching of the delivered authorization credential.

Abstract: For digital rights management (DRM), a method for performing authentication between a device and a portable storage, which is performed by the device, includes transmitting a first key to the portable storage, receiving a third key and a first encrypted random number obtained by encrypting a first random number using the first key from the portable storage and decrypting the first encrypted random number using a second key related with the first key, generating a second encrypted random number by encrypting a second random number using the third key and transmitting the second encrypted random number to the portable storage, and generating a session key using the first random number and the second random number. The technique guarantees secure authentication between the device and the portable storage for DRM.

Abstract: The invention relates to a method for watermarking at least one timestamp in a set of support data, comprising the following steps for each timestamp: association with the timestamp of the value at a given time of a reference timestamp signal, that is a determinist signal varying over time in a given temporal reference and being written as s(t), wherein t is incremented according to an incrementing step equal to one predetermined time unit; and watermarking of the value in the set of support data.

Abstract: Embodiments are directed to the providing a cloud keying and signing service and to securing software package distribution on the cloud. In an embodiment, a computer system instantiates a signing service configured to sign software packages. The computer system receives a signing request from a computer user requesting that a selected software package be signed. The signing request includes a computed hash of the selected software package. The computer system generates a private and public key pair on behalf of the computer user and stores the private key of the generated key pair in a secure data store.

Abstract: Systems and methods of restricting access to mobile platform location information may involve receiving, via a link, location information for a mobile platform at a processor of the mobile platform, and preventing unauthorized access to the location information by an operating system associated with the mobile platform.

Abstract: A method for analyzing an unverified executable file within an antivirus engine in order to identify the executable file as being obfuscated by an unknown obfuscator program is described. An unverified executable file comprising obfuscated library strings is received. A list of pre-verified library strings is accessed. A determination is made as to whether the unverified executable file comprises one or more of the pre-verified library strings. The unverified executable file is identified as being obfuscated by an unknown obfuscator program if the file does not comprise one or more of the pre-verified library strings.

Abstract: In a method of processing data, an RFID signal (6) sent by a reader (3,5) via a field generated by the reader (3,5) is received at a passive RFID transponder (2). The transponder (2) comprises a dedicated receiver (28) for receiving a time signal (8), which is wirelessly sent By an external sender (4) and comprises information about the present time. The transponder (2) including the dedicated receiver (28) is powered utilizing the field such that the dedicated receiver (28) detects the time signal (8) and decodes the present time. Utilizing the transponder (2), the first data (7) contained in the RFID signal (6) is decoded and processed. Second data (9) which are time stamped by said transponder (2) utilizing said present time are generated, and a response signal (10) comprising the second data (9) is transmitted from the transponder.

Abstract: A method of associating metadata with digital content items is provided. The method includes determining portions of a digital content item containing content meriting associating of preexisting or dynamically-determined metadata information, associating such preexisting or dynamically-determined metadata with selected portions of the digital content item via application of tags to the selected portions, and controlling, during a dynamically unfolding time interval definable via timestamps, subsequent consumption of the digital content item based on the intermittent presence of tags.

Abstract: A general purpose BGA security cap includes a substrate, an integrated circuit die, and an array of bond balls. The substrate includes an anti-tamper security mesh of conductors. The bond balls include outer bond balls and inner bond balls that are fixed to the underside of the substrate. The integrated circuit drives and monitors the anti-tamper security mesh and communicates data using a serial physical interface through a subset of the inner bond balls. In one example, a user has circuitry to be protected. The user purchases the BGA security cap and fits it over the circuitry to be protected such that the integrated circuit of the security cap communicates tamper detect condition information via the serial interface to the underlying protected circuitry and causes sensitive information to be erased or a program to be halted in the event of a tamper condition.

Abstract: The various aspects of the present invention are based on four main principles: the provision, protection and validation of audit trails relating to data generated by and communicated between nodes of a network; authentication of communicating parties; enforcement of proof of receipt of data communications; and the detection of compromised user identifiers. The object of these principles being that, should a dispute arise over the substance of an authenticated e-mail or other data item, it would be possible to prove, with mathematical precision, the following features of the communication: the content of the message sent; the e-mail location to which the message was addressed; the fact that the message was despatched; the time and date of despatch; the fact that the message was received; the time and date it was received; and the fact that the content of the message had not been changed since it was sent.

Abstract: A remote electronic notarization system for remote electronic verification, authentication and screening of potential signatories for remote electronic notary transactions via a remote pc encrypted platform that communicates over a digital broadband or WIFI cellular/PDA device or portable pc device is presented in this disclosure. The system implements electronic components including electronic signature devices, digital certificates, electronic documents, electronic biometric devices, electronic audio/visual software/hardware, electronic payment systems and devices for human interface and verification. The electronic components are electronically synchronized to allow remote notary publics to execute remote electronic notary transactions via a satellite kiosk network or an on-line virtual kiosk application.

Abstract: A method and apparatus for authenticity and origin of Digital data such as recorded voice samples, video clips or still picture images etc. is provided. The method makes uses of the Trusted Computing principles to provide a secure, tamper detectable solution comprising of both software and hardware such that it can be verified without debate on its authenticity. The method comprises extracting reproduction avoidance key information and log information for captured data from stored information when verification of the captured data is requested, calculating reproduction avoidance key information using the extracted log information, comparing the extracted reproduction avoidance key information with the calculated reproduction avoidance key information and determining that the captured data has not been tampered, if the reproduction avoidance key informations are matched.

Abstract: A system and method for signing data transferred over a computer network is described. In one aspect, the HTTP header of an HTTP response message is extended to include a content identifier, a content expiration time, and a digital signature. The digital signature may be generated from the content identifier, the content expiration time, and the message body of the HTTP response message.

Abstract: A tamper-resistant certification device receives a certified digital time stamp from a trusted third party, resets a time function and produces a time stamp receipt in an on-line mode; The tamper-resistant certification device receives a digital file from a mobile computing device, and produces a certified digitally signed digital file including a copy of the digital file, time stamp receipt and temporal offset in an off-line mode to evidence the content of the digital file within a defined tolerance of a day and/or time. A processor may be portioned into tamper and non-tamper resistant portions.

Abstract: A system (200) detects transmission of potentially malicious packets. The system (200) receives, or otherwise observes, packets and generates hash values based on variable-sized blocks of the packets. The system (200) then compares the generated hash values to hash values associated with prior packets. The system (200) determines that one of the received packets is a potentially malicious packet when one or more of the generated hash values associated with the received packet match one or more of the hash values associated with the prior packets.

Abstract: A computer-implemented system and method for protecting a memory are provided. The system includes a memory section with privileged and non-privileged sections, a host gateway (HG) to generate a capability credential, a device controller (DC) to append the credential to data transmitted to the memory, and at least one IO device enabled to do direct memory access (DMA) transactions with the memory.

Abstract: An information processing apparatus for processing documents of multiple kinds generated by applications of multiple kinds includes a data processing unit configured to process the documents of multiple kinds; a determining unit configured to execute a validity period management program in response to a request to the data processing unit to process one document among the documents of multiple kinds to determine whether the request is within a validity period associated with a content item in the document; and a switching unit configured to switch the content item that is referred to and that is to be processed by the data processing unit between when the determining unit determines that the content is not within the validity period and when the determining unit determines that the content is within the validity period.

Abstract: An apparatus and a method for an authentication protocol. In one embodiment, a client requests for an authentication challenge from a server. The server generates the authentication challenge and sends it to the client. The authentication challenge includes the authentication context identifier, a random string, a timestamp, and a signature value. The client computes a salt value based on a username and the authentication context identifier from the authentication challenge. The signature value is computed based on the authentication context identifier, the random string, and the timestamp. The client computes a hashed password value based on the computed salt value, and a message authentication code based on the hashed password value and the random string. The client sends a response to the server. The response includes the username, the message authentication code, the random string, the timestamp, and the signature value.