Abstract: A system is provided for securely downloading content to a mobile telecommunications device. The system includes a mobile application to enable the mobile telecommunications device to send a request for content identified on a telecommunication provider system. The system includes a content application maintained by the content provider to retrieve content and promote delivery of the content to the mobile telecommunications device. The system also includes a challenge component and a response component, the response component communicates with the mobile application and encodes a challenge data. The challenge component communicates with the content application. The challenge component sends the challenge data to the mobile application and decodes the challenge data received from the mobile application to validate the response for delivery of the content to the mobile application.

Abstract: A token value is generated for a user to submit to an authentication service of an electronic system. The token value represents that the user is in possession of an electronic item known to the authentication service, where the electronic item is capable of two-way communications with the authentication service and has thereon an authenticator application transmitted from the authentication service to the electronic item. The authenticator application obtains a current time value from a clock of the electronic item or an authentication value from the authentication service, retrieves predetermined indicia of the electronic item from a location thereon, and combines the obtained value and the retrieved indicia of the electronic item to generate the token value. The authentication service essentially performs the same steps based on information already available at such authentication service to generate a verification token value, and compares the submitted token value to the verification token value.

Abstract: A method is provided for creating a secure dataset using a software application running on a data processing system, wherein the method comprises the following steps: receiving digital image data (1) that represents one or more images, receiving at least one item of additional information (2) relating to the image data (1), creating a data object (3) that comprises the image data (1) and the at least one item of additional information (2), receiving a qualified timestamp (4) that is assigned to the data object (3), and storing the data object (3) in a data-base together with the assigned timestamp (4).

Abstract: A method to enforce collaboration rules, in one example embodiment, comprises receiving a request to report a collaboration event to a collaboration workflow, receiving a reported time of the collaboration event, determining an origin of the reported time, updating the reported time with a central time service time when the origin of the reported time is not a central time service, and based on the updated reported time, selectively reporting the collaboration event into the collaboration workflow.

Abstract: Security information such as fixed or dynamically received camera location information, laser signature information, timestamp information, and network information, may be used to secure the transport and storage of surveillance video. Where the surveillance video is to be transported on a communication network, the round trip time from a video data storage server to the surveillance camera and back to the video data storage server may be monitored and periodically added to the secured video data. By checking to see whether the round trip time has changed, it may be possible to determine whether the video has been tampered with. The secured video data may also be transported over two or more paths on the network to two or more video data storage servers so that redundant copies may be stored at different primary locations. By comparing copies of the data, alteration of one of the copies may be detected.

Abstract: In one example embodiment, a method is illustrated that includes parsing seed data from digital content, the seed data identifying a signing entity, transmitting identifier data to the signing entity identified by the seed data, transmitting content information relating to the digital content to the signing entity, and receiving digitally signed content information relating to the digital content, the digitally signed content information signed by the signing entity. In another example embodiment, a method is illustrated as including parsing seed data from digital content, the seed data identifying a signing entity, transmitting identifier data to the signing entity identified by the seed data, receiving a credential from the signing entity, the credential used to sign the digital content, and signing the digital content using the credential.

Abstract: Approaches are disclosed for switching transport protocol connection keys. A method of automatically changing a message authentication key at each of two endpoints of a connection in a telecommunications network comprises testing a date-time value received in each of a plurality of data segments on the connection; and selecting a next message authentication key, from among a plurality of stored message authentication keys, for use in authenticating subsequently received data segments, when the date-time value matches a specified characteristic.

Abstract: A method and apparatus of encouraging distribution, registration, and purchase of free copyable software and other digital information which is accessed on a User's System via a Programmer's Program. Software tools which can be incorporated into a Programmer's Program allow the User to access Advanced Features of the Programmer's Program only in the presence of a valid Password which is unique to a particular Target ID generated on an ID-Target such as the User's System. Advanced features will thus relock if the Password is copied to another ID-target. If a valid Password is not present, the User is invited to obtain one, and provided with the means of doing so, and of installing that Password in a place accessible to the User's System on subsequent occasions. The present invention also provides Programmers with means to invoke business operations as well as computational operations with their programs, and thus to automatically obtain payment from Users who elect to obtain passwords.

Abstract: The present invention relates to a device for detecting a manipulation of an information signal, having an extractor for extracting an information signal component characteristic for the information signal from the information signal, an encrypter for encrypting the information signal component to obtain an encrypted signal, and a comparator for comparing the encrypted signal to a reference signal, wherein the reference signal is an encrypted representation of a non-manipulated reference signal component of a reference information signal to detect the manipulation.

Abstract: Apparatus, system, and method having a first counter to record a number of invalid authentication requests, a first timer to set a first time period based on a value of the first counter, and an authentication module associated with the first counter and the first timer to receive an initial authentication request that includes a username and when said username is invalid, the module is to invalidate any subsequent authentication requests under the username during the first time period regardless of whether the subsequent requests includes a valid username. The system further includes a communication medium. The method includes receiving an authentication request with new information in a first session, validating the new information, and caching the validated new information in the first session.

Abstract: A system and method allows some or all of an e-mail message, such as the sender or its contents, to be authenticated, for example, to identify a message as potential spam.

Abstract: A procedure for login in a case where a prescribed job is executed in an image processor is simplified. An image processor includes: input unit accepting an input of user authentication information from a user; user authentication unit performing user authentication by comparing the inputted user authentication information with the stored user authentication information to authorize execution of processing; and temporary ID generation unit generating an temporary ID if the user authentication is successful to store the temporary ID, being related to the user authentication information, wherein the input unit accepts an input of the temporary ID and the user authentication unit compares the inputted temporary ID with the stored temporary ID to thereby perform the user authentication and to authorize execution of the processing.

Abstract: An information recording/playback device stores beforehand, on a recording medium, secret information in which a writing/reading method thereof cannot be analyzed and which can be read only by a special reading method. The secret information is applied to a key for content encryption or decryption when performing recording or playback of contents on the recording medium, such as music data and image data. The secret information is, for example, a stamper ID. By using the stamper ID as secret information, and a master key and a media key which are distributed in a tree-structure key-distribution system, a content-cryptosystem key is generated. Accordingly, each content is allowed to be used in only an appropriate device in which the special reading method for the secret information can be executed and to which the key is distributed by the tree-structure key-distribution system.

Abstract: A method of measuring round trip time (RTT) includes: chain-hashing at least one random number to create a plurality of hash values; (b) transmitting one of the created hash values to a device and starting to measure RTT of the device; and (c) receiving from the device a response to the transmitted hash value and ending the RTT measurement, thereby performing a more effective proximity check than a conventional proximity check requiring encryptions and decryptions of several tens of times through several thousands of times.

Abstract: A data communication device that communicates with a storage device via a network includes an input unit for inputting user identification information, a log-in processing unit configured to enable a user to log in to access a storage area of the storage device associated with the user identification information, an accessing unit configured to access the storage area if the user logs in, a determining unit configured to determine whether data processing involving the accessed storage area is ongoing when an instruction is sent to cause the user to log out, and a controller unit configured to enable the user to log out and disable access to the storage area when the data processing is not ongoing, and, when the data processing is ongoing, enable access to the storage area even after the user has logged out until the data processing has been completed.

Abstract: A system for improved communication system for providing web analytics data between a first computing device and a second, remote computing device preferably encodes frequently requested data into code words, and also provides the remote client with a look-up table and decoding logic. In one embodiment, the present invention also includes a method for updating the local look-up table in the event the table does not have a data value for a given code.

Abstract: Systems for methods for remote user authentication by using a cellular phone and an authentication system that generates and uses transient pass codes. The Authentication system is used to store a user's existing passwords; alternatively, the authentication system creates on demand a transient random pass code that is good for a limited duration. The transient pass codes may also be used in the packets that enable each packet to be individually authenticated in the firewall. When the user has forgotten the password in a traditional system, alternatively, without the need to create or remember passwords, user can use transient pass codes. The user retrieves the password or the pass code via a cell telephone call to the authentication system, before logging on to the system.

Abstract: A non-transitory computer readable medium storing a program causing a computer to execute a process including: accepting an instruction for verifying an electronic signature added to information; verifying the electronic signature on the basis of an electronic certification corresponding to the electronic signature in accordance with the accepted instruction; calculating, when it is determined that the information has not been tampered with, a hash value of a combination of the information, the electronic signature, and validity-period information indicating a validity period of the electronic certification; adding a time stamp to the calculated hash value; outputting the information, the electronic signature, the hash value, and the validity-period information to a storage device; and outputting, when it is determined that the information has not been tampered with, a verification result including information indicating that the information has not been tampered with.

Abstract: A method and apparatus for creating and/or using trustworthy timestamps and certifiable clocks using logs linked by cryptographic hashes. In one embodiment, the method comprises maintaining a first, chained-hash log; associating a first clock with the chained-hash log, and entangling the first log; with a second by adding a time-stamped synchronization entry to the chained-hash log, where the synchronization entry has a second time indication associated with the second log and a hash of one or more entries in the first log.

Abstract: Embodiments of methods, apparatuses, systems and/or devices for processing a certificate are disclosed.

Abstract: A method, computer readable medium, and system for integrating security in network communications includes generating a private key and a public key by encrypting the private key with a first encryption. The generated private key and public key are provided in an initial response to an initial request over the secure connection. At least one additional received request is validated based on the public key and a requesting signature signed using the key received with the at least one additional request. An additional response with a responding signature signed using the private key is provided in response to the validated additional request.

Abstract: Systems and methods are disclosed for authenticating electronic messages. A data structure is generated by a computer server which allows for the authentication of the contents and computer server identity of a received electronic message and provides a trusted stamp to authenticate when the message was sent. Data which can authenticate the message, the computer server identity, and the time the message was sent is included into a data structure which is called an Electronic PostMark (EPM).

Abstract: A data processing system for distributing and authenticating documents from a plurality of parties to a recipient data processing apparatus is disclosed. The system comprises a plurality of document distribution devices each configured to generate an original hash value from the content of a file containing a document to be distributed. A recipient data processing apparatus is configured to generate an original super hash value from the plurality of the original hash values, and to distribute the original super hash value to each of the document distribution devices. The system provides assurance that distributed documents have not been tampered with during communication, by an unscrupulous distributing party, or by an unscrupulous recipient by only submitting a hash value of the document to be distributed. The hash value provides for assurance at the eventual recipient of the document that no changes to the document have been made.

Abstract: Apparatus and methods are provided for embedding or embedding digital data into an analog host or cover signal. A distributed signal feature of the cover signal in a particular domain (time, frequency or space) is calculated and compared with a set of predefined quantization values corresponding to an information symbol to be encoded. The amount of change required to modify the signal feature to the determined target quantization value is calculated and the cover signal is modified accordingly to so change the feature value over a predefined interval. Information symbols are extracted by the opposite process. In one embodiment, the predefined value is a short term autocorrelation value of the cover signal.

Abstract: A generator uses a robust programming framework to create an electronic signature in association with a data item, wherein the electronic signature includes time stamps and/or countersignatures. The generator can create a signature object that computes a signature value of the electronic signature based on the data item. The generator also creates a signature timestamp object to obtain a timestamp of the signature value, wherein the timestamp is associated with the electronic signature. The generator can also invoke a countersignature service on the signature object to obtain a countersignature based on the signature value of the signature object, wherein the countersignature is associated with the electronic signature.

Abstract: An improved solution for accessing a web application is provided. In an embodiment of the invention, a method for controlling access to a web application includes: receiving a request for a first web page application, wherein the first web application is connected to a second web page application via a link at the second web page application; determining if the request is likely from a book marked link to the first web page application or from the link at the second web page application; and providing one of the second web page application and the first web page application based on the determining.

Abstract: A manufacturing entity provides a blinded signature to a secure device and associates a time with the blinded signature. If a signing key is compromised, the manufacturing entity provides a time of the compromise and the time associated with the blinded signature to the replacement authority.

Abstract: A fast batch verification method and apparatus are provided. In the method of batch-verifying a plurality of exponentiations, (a) a predetermined bit value t is set to an integer equal to or greater than 1; (b) a maximum Hamming weight k is set to an integer equal to or greater than 0 and less than or equal than the predetermined bit value t; (c) n verification exponents si are randomly selected from a set of verification exponents S (n is an integer greater than 1, i is an integer such that 1?i?n), where the set of verification exponents S include elements whose bit values are less than or equal to the predetermined bit value t and to which a Hamming weight less than or equal to the maximum Hamming weight k is allocated; (d) a value of verification result is computed by a predetermined verification formula; and (e) the verification of the signatures is determined to be passed when the value of verification result satisfies a pre-determined pass condition.

Abstract: A method, device, and system are disclosed. In one embodiment the method includes causing a processor to enter into a first power state. Then an interrupt is received that signals the processor to leave the first power state. The method continues by causing the processor to remain in the first power state if the interrupt was received less than a minimum dwell time after the processor entered the first power state.

Abstract: A method performed in an intrusion detection/prevention system, a system or a device for determining whether a transmission control protocol (TCP) segment in a TCP connection in a communication network is acceptable. The TCP connection can include TCP segments beginning with a three way handshake. A TCP segment can include a field for a timestamp. A timestamp policy of plural timestamp policies is identified, the timestamp policy corresponding to a target associated with the segments in a TCP connection. A baseline timestamp is identified based on a three way handshake in the TCP connection. Segments in the TCP connection are monitored. The segments in the TCP connection are filtered as indicated in the timestamp policy corresponding to the target, the timestamp policy indicating whether the segments are to be filtered out or forwarded to the target by comparing the timestamp of the segments to the baseline timestamp.

Abstract: A method of and device for granting access to content on a storage medium, including obtaining cryptographic data from a property, such as a wobble, of the storage medium, reading helper data from the storage medium, and granting the access based on an application of a delta-contracting function to the cryptographic data and the helper data. The delta-contracting function allows the choice of an appropriate value of the helper data, such that any value of the cryptographic data which sufficiently resembles the original primary input value leads to the same output value. Substantially different values of the cryptographic data lead to different values of the output.

Abstract: An information processing system in which information transfers between communication devices through a network is limited within a prescribed range by registering unique information obtainable within the prescribed range into each device and permitting information transfer between devices which share common unique information, where the unique information is formed by a pair of public and secret unique information, a bridge device is controlled such that, upon receiving a proxy check request from a reception device, whether a transmission device is another bridge device or not is judged when the public unique information registered by the reception device is registered in the bridge device and one public unique information registered in the bridge device is registered by the transmission device. Then, the secret unique information registered by the reception device is transmitted to the transmission device when the transmission device is not another bridge device.

Abstract: A manufacturing entity provides a blinded signature to a secure device and associates a time with the blinded signature. If a signing key is compromised, the manufacturing entity provides a time of the compromise and the time associated with the blinded signature to the replacement authority.

Abstract: The invention relates generally to a method and arrangement for real-time betting with an off-line terminal, and especially to the technological field of keeping reliable time in the off-line terminal when handling, within a communications system comprising a distributed domain and a central domain, electronic records that contain predictions of the outcome of a certain incident. Within the distributed domain a multitude of electronic records that contain predictions of the outcome of the incident are generated and furnished with a cryptographically protected proof of a certain moment of the distributed domain's local time associated with the generation of the electronic record.

Abstract: Disclosed is an Internet based e-will management method in which a will is managed by making digital signatures using a certificate issued by a certificate authority through a will management server connected to a testator/testatrix terminal and a will executor terminal via a network, the method comprising: (a) making digital signatures on an application form and a will using a certificate by a testator/testatrix through the testator/testatrix terminal and transmitting the digitally signed application form and will to the management server by the testator/testatrix terminal; (b) receiving the digitally signed application form and will and verifying and storing the digital signatures of the application form and will by the management server; (c) confirming the death of the testator/testatrix by the management server; and (d) transmitting, upon confirmation of the death of the testator/testatrix, the digitally signed will to the will executor terminal by the management server.

Abstract: A method and an electronic apparatus for rolling over from a first to second trusted certificate in the electronic apparatus. Information containing identification data for identifying the second trusted certificate is acquired in the electronic apparatus. Also, the second trusted certificate, which is preinstalled in the electronic apparatus, is activated based on said identification data.

Abstract: A system and method for data storage and removal includes providing databases and providing encryption keys. Each database is associated with a database time period and each encryption key is associated with an encryption time period. Data items are received and each data item is encrypted using the encryption key associated with the encryption time period that corresponds to a time associated with the data item. Each encrypted data item is stored in the database associated with the database time period that corresponds to the time associated with the data item. Each encryption key is deactivated at a predetermined time after the associated encryption time period ends. Each database is made irretrievable upon a determination that all of the encryption keys associated with the data items stored in that database have been deactivated.

Abstract: Electronic document classification is disclosed. A toolbar adds the ability to classify documents based on specific properties such as security classification, information type, document type, document retention, document caveats, and the like associated. The toolbar through dropdown selections allows users to select the appropriate classification and properties based upon the content of the document and have appropriate classifiers added to the document. Document classification properties are generated that are associated with the document in the document properties and by inserting visual markings that allow users to quickly identify the security, sensitivity, intended distribution or retention. By utilizing the classification toolbar a user can classify an document by one or more classification levels and be ensured that the classification will be visible to any person viewing the document.

Abstract: A computer implemented method for registering user accounts that includes sending a first request to an online service wherein the first request includes a telephone number, sending a second request to the online service wherein the second request includes an invitation code received via a telephone associated with the telephone number, and upon acceptance of the invitation code by the online service, receiving an invitation from the online service, to register a user account.

Abstract: Techniques for protecting the security of digital representations and of analog forms made from them, including a technique for authenticating an analog form produced from the digital representation, an active watermark that contains program code that may be executed when the watermark is read, and a watermark agent that reads watermarks and sends messages with information concerning the digital representations that contain the watermarks. A watermark agent may be a permanent resident of a node in a network or of a device or it may move from one network node to another. The watermark agent executes code which examines digital representations residing in the node or device for watermarked digital representations that are of interest to the watermark agent. The watermark agent then sends messages which report the results of its examination of the digital representations. If the watermarks are active, the agent and the active watermark may cooperate.

Abstract: A communication apparatus includes an authentication part for authenticating another communication apparatus with a first digital certificate, and a certificate transmission part for transmitting a second digital certificate when the authentication part succeeds in authenticating the other communication apparatus with the first digital certificate.

Abstract: A data communication apparatus which is capable of easily selecting a desired encryption scheme that is appropriate to the size of data that is to be transmitted. A key to be used for encryption is acquired. An encryption means corresponding to the acquired key is searched. The period of time required for encryption of data to be transmitted by the searched out encryption scheme is calculated. Encryption means candidates for encrypting data to be transmitted are determined based on the calculated period of time required for encryption. A user is notified of the determined encryption means candidates in a selectable manner together with the period of time required for encryption.

Abstract: A method and apparatus for creating and/or using trustworthy timestamps and certifiable clocks using logs linked by cryptographic hashes. In one embodiment, the method comprises maintaining a first, chained-hash log; associating a first clock with the chained-hash log, and entangling the first log; with a second by adding a time-stamped synchronization entry to the chained-hash log, where the synchronization entry has a second time indication associated with the second log and a hash of one or more entries in the first log.

Abstract: A high definition video transmitter and receiver are disclosed. The transmitter provides high definition video to a one-point receiver or to multipoint receivers. The transmission network is asynchronous and the receiver re-synchronizes the video. The transmission can be wired or wireless.

Abstract: A subscription-based computing device has hardware and a subscription enforcer implemented in the hardware. The enforcer has an accumulator that accumulates a usage value as the computing device is being used and an expiration value register that stores an expiration value. The enforcer allows the computing device to operate in a subscription mode without hindrance and with full use when the usage value is less than the stored expiration value, and allows the computing device to operate in an expiration mode with hindrance and without full use when the usage value reaches the stored expiration value to signal that the subscription for the computing device has expired.

Abstract: A method and system facilitating the development and distribution of software is provided. The system includes a database provided on a computing device, the computing device configured to enable users to provide an update to an element of the database, wherein the element is associated with an object. The system further includes time stamp tracking software configured to enable revisions to elements of the database by establishing time stamps for each stored element changed at a specified time and an assembler configured to enable a user to assemble elements for execution based on time stamping.

Abstract: Computers and other electronic devices typically include a timing operation such as a clock in an operating system. It is anticipated that hackers may tamper with this clock. This tampering might be especially advantage in the context of systems which provide for rental of audio and video content, such as movies. Tampering with the system clock on the playing device would allow an extension of the rental period to the detriment of the provider of the rental content. Hence the present method is directed to detecting clock modifications both in terms of time shifting and clock rate tampering. This detection is done using digital signal processing.

Abstract: Embodiments of the invention provide systems and methods for detection of tampering with an audit record for a database. According to one embodiment, a method for detection of tampering with an audit record for a database can comprise reading one or more audit records for a time period from an audit table. The one or more audit records can each include a time stamp and reading the one or more audit records can comprise reading audit records having a timestamp within the time period. An encrypted record, such as a message digest record, for the time period can be generated based on the one or more audit records and including the time stamps. The message digest record can be stored in a message digest table. In some cases, the message digest table can be maintained in a trusted data store.

Abstract: Methods and arrangements are provided for handling, within a communications system comprising a distributed domain and a central domain, electronic records that contain predictions of the outcome of a certain incident. Within the distributed domain there is generated, before the outcome of the incident is known, a multitude of electronic records that contain predictions of the outcome of the incident. The electronic records are conveyed from the distributed domain to the central domain. After the outcome of the incident is known, the central domain finds out which of the electronic records, if any, contain correct predictions of the outcome of the incident. Each of the electronic records is furnished, within the distributed domain, with a cryptographically protected proof of a certain moment of time associated with the generation of the electronic record.

Abstract: According to one embodiment of the invention, a method is provided for receiving a timestamp from a caller via a telephone connection; receiving a device identifier from the caller, in which the device identifier identifies a device; determining a cryptographic key based on the device identifier; determining an indication of a time based on the timestamp and the cryptographic key; providing the indication of the time to the caller; determining an account; and charging a fee to the account.