Abstract: A steganographic method embeds hidden information like digital watermarks and digital fingerprints into an image by applying one or more zero-mean patches to a digital signal that conveys the image. Each zero-mean patch comprises elements having an average value substantially equal to zero. A printer tracking system is implemented by selecting a plurality of zero-mean patches according to a string of bits representing a printer serial number, and modifying printer control signals to embed the plurality of patches in each of a number of virtual cells within the image to be printed. The offset of the virtual cells with respect to the boundaries of the image and the location of the patches within each virtual cell are established in pseudo-random fashion. The printer tracking system further includes a technique for subsequently detecting the printer serial number by scanning the printed image and running a detection algorithm on the scanned data to recover the string of bits embedded in the zero-mean patches.

Abstract: Embodiments of the present invention provide a cryptographic-based license management device comprising a license authority configured to generate a license in response to a product option request; an interface module having a plurality of product options that may be selectively enabled in response to a valid license issued by the license authority; a non-volatile memory associated with the interface module, the non-volatile memory module containing a programmable verification component for determining the authenticity of the license; and a license verification module associated with the interface module, the license verification module configured to verify the authenticity of a license using the programmable verification component contained within the non-volatile memory and enable selected product options provided the license is verified by the license verification module.

Abstract: An optical disc recorder/reproducer, a personal computer, a television receiver, an IRD and so forth are connected mutually via a 1394 serial bus. When data transmitted from the personal computer to the optical disc recorder/reproducer via the 1394 serial bus are to be recorded, an isochronous packet is sent to the recorder/reproducer inclusive of the data to indicate whether the personal computer is a device capable of cognizing copy control information. And depending on whether the source of the transmitted data is a copy control information cognizant device or not, the optical disc recorder/reproducer updates the copy control information with reference to a selected table, and then the updated copy control information is recorded on the optical disc. This system can distinguish between a prerecorded disc and a user-recorded disc, hence achieving exact management of copy control information.

Abstract: A computer program product and method for installing downloaded software on a client system over a network is described. The product and method include generating an access key by receiving an installation key produced using a random number generated from a seed that is the value of a client specific physical feature of the machine existing when a software installation program was run on the client system.

Abstract: A system (100) for watermarking digital data includes a watermark etching subsystem (105) and a watermark extraction subsystem (110). The watermark etching subsystem (105) obtains a matrix of digital data values, selects windows including a plurality of data values from the matrix, specifies a parameter that indicates an acceptable amount of variation in the data values, and etches watermark bits in each window of data values using the specified parameter. The watermark extraction subsystem (110) obtains a matrix of digital data values containing an etched watermark, selects windows comprising a plurality of data values from the matrix, and extracts watermark bits from each window of data values using the specified parameter.

Abstract: Methods and systems are disclosed in which contact can be safely distributed and protected in a manner that is viable in terms of bandwidth economy and ensures that clients can be identified by the content received. Copies of encrypted content can be provided such that unique watermarks can be added to the copies. Content can also be both watermarked uniquely for multiple clients and multicasted to the clients. As such, content can be distributed using the bandwidth efficiency of multicasting while providing reliable content protection and watermarking.

Abstract: A secure system and method is provided for remotely waking a computer from a power down state. In one embodiment, a network interface card receives incoming data packets via a network connector. A control module is coupled to the network connector and is configured to search the incoming packets for a wake-up pattern. The control module also verifies that the packet's destination address matches the destination address of the network interface card. If the destination addresses match and a wake-up pattern is found, the control module decrypts an encrypted value from the incoming packet and compares the result to an expected value. A successful comparison causes the control module to assert a signal to wake up the host computer. Preferably, a standard public/private key pair encryption scheme is used, and the source of the data packet encrypts the expected value with a private key.

Abstract: A copy protection system for protecting content wherein a ticket and a watermark are created, utilizing a first time reference (TD) and a one-way function, to indicate the copy protection status of the content. A source device produces the ticket and watermark using a first time reference and a hashing function. The source device provides a data stream containing the content, the ticket, the watermark, and the first time reference (TD) to the receiver device. The receiver device determines if the first time reference (TD) is contained within a time window determined by a second time reference. When, the first time reference (TD) is contained within the time window, the receiver compares the ticket to the watermark using the first time reference (TD) and the one-way function, and based on the comparison, produces a signal indicating the copy protection status of the content.

Abstract: Preparing a document for transmission over a network in a manner that increases the security of URLs included in the document. A server accesses a document that contains a number of URLs. For one or more of those URLs, the server calculates a digital signature that is unique to the intended recipient client, or unique to the user of the client. The server then modifies each of those URLs by including the digital signature in the URL. The document with the modified URLs in then transmitted over the network to the client. Thus, even if a sensitive URL is discovered, that modified URL is unique to the client only or to the user of the client only. Therefore, the damage that may be caused by an unauthorized user is limited to just that client or user.

Abstract: A method and arrangement for detecting a watermark in an information signal. The method may include the steps of computing the correlation (dk) of the watermark (Wi) and the information signal (e.g. an image Q) for a plurality of positions (k) of the watermark with respect to the information signal, and detecting whether at least one of the respective correlation values exceeds a given threshold. The step of detecting may include determining the standard deviation (&sgr;d) of the respective correlation values (dk), and setting the threshold to a given multiple (T) of the standard deviation. The multiple (T) is derived form a desired false alarm rate (watermark detected when there is none, or no watermark detected when there is one).

Abstract: Disclosed is an optical disk barcode forming method wherein, as information to be barcoded, position information for piracy prevention, which is a form of ID, is coded as a barcode and is recorded by laser trimming on a reflective film in a PCA area of an optical disk. When playing back the thus manufactured optical disk on a reproduction apparatus, the barcode data can be played back using the same optical pickup.

Abstract: A technique that partially encrypts tokenized documents is disclosed. An electronic document image is generated from the document. A plurality of tokens are stored as a dictionary, wherein the tokens represent shapes contained in the document. A plurality of triples comprising a token identification (ID) and a corresponding position are generated from the document image, such that the token ID identifies a token from the dictionary that corresponds to a shape in the document image at the corresponding position. The token IDs are encrypted. The output representation for the secured document comprises encrypted token IDs, positions and a dictionary of tokens. Encoding techniques that reduce the size of the secured document are also disclosed. A trusted image output terminal, for use in document reconstruction, includes a single integrated circuit that performs the decrypting function and the page rendering function to significantly reduce the ability to capture the electronic document in the clear.

Abstract: A method of verifying the authenticity of goods includes generating one or more random codes and storing the one or more random codes in a database. The goods are then marked with one of the generated random codes such that each of the goods contain their own unique random code. Upon field checking and inventory of marked goods and comparing the codes on the marked goods to codes within the database, the authenticity of goods may be verified. Also, a system for verifying the authenticity of goods includes a database containing a plurality of unique random codes and an indication whether each of the unique random codes has been read, and a code reader or scanner for reading the code affixed to a good.

Abstract: A method of authenticating a video image created by a camera (V) or similar video device. The image is formed into a first 2-dimensional pixel array (A1) with each pixel (pm,n) represented by a data word of a predetermined length. Additional data words including event information are added to this 2-dimensional array (A1). The formatted array is converted into a second 2-dimensional array (A2) which may be made smaller than the first array by eliminating rows and columns from the formatted array. A first linear vector (A3) is created using the data words in the second array, and a second linear vector (A4) is created by repositioning the data words from the first linear vector in a random pattern. A checksum is created by summing the contents of all of the data words in the second linear vector beginning at a location established by a pre-established formula. A header (H) is formed using the resulting checksum, information identifying the device used to create the image, and the time the image is formed.

Abstract: A system and method for authenticating an image of an object, include at least one identifier associated with the object, a receiver for interrogating the at least one identifier to produce identification information, a camera system for recording an image from the object including the at least one identifier, and a composite generator for encoding the identification information from the receiver along with the image acquired by the camera system, to produce composite data.

Abstract: A verification data generating apparatus generates data that can be stored in a terminal device without sustaining unauthorized operations and has assured continuity in the order of being output. In the apparatus, a verification data holding element holds a verification data. A data generation element generates a data body at a predetermined timing. Whenever the data body is generated, a verification value generation element generates a new verification value based on the verification value held in the verification value holding element and the data body newly generated. The verification value held in the verification value holding element is then updated with the new verification value. A data storage element stores the data bodies generated by the data generating element in order.

Abstract: A method and apparatus for collecting and securely transmitting biometric data over a network contains a sensor, preferably a camera, for collecting biometric data and code generating hardware and software. The camera data is digitized and a unique code which is a function of the digitized camera data, a secret key and a transaction token is attached to the digital file. The code may identify the sensor which acquired the biometric information, a time at which the biometric information was acquired, or a time interval during which the data is considered to be valid, and a unique transaction code. The data and code are transmitted over a network to a server which authenticates that the data has not been altered by recomputing the code using its own knowledge of the secret key and transaction token needed to generate the code. If the data is authentic the server then computes a biometric template using the data.

Abstract: The present invention is a system for providing secure access and execution of application software stored on a first computer by a second computer using a communication device while a communication link is maintained between the first and second computers. More specifically, the present invention is a secure software rental system. The system enables a user in a remote location using a personal computer and a modem to connect to a central rental facility, transfer application software from the central rental facility to the remote computer, and execute the application software on the remote computer while electronically connected to the central rental facility. When the communication link between the central rental facility and the remote computer is interrupted or terminated, the application software no longer executes on the remote computer. The application software stored on the central rental facility is integrated with the header software to provide a security feature of the present invention.

Abstract: A technique for identifying digital object using a digital watermark. The technique includes the steps of encrypting a message derived from source data on the digital object, to obtain an encrypted message digest (S); deriving a watermark from the encrypted message digest (S); and incorporating the watermark into the source data. The encryption is preferably done with a public key encryption system. The message to be encrypted can be obtained via performing a hash function on the source data on the digital object to obtain a message digest (M). The message digest (M) is the message encrypted with the signature encryption key to obtain the encrypted message digest (S). The watermark is resistant to cropping, scaling, and truncation.

Abstract: Watermark data is encoded in a digitized signal by forming a noise threshold spectrum which represents a maximum amount of imperceptible noise, spread-spectrum chipping the noise threshold spectrum with a relatively endless stream of pseudo-random bits to form a basis signal, dividing the basis signal into segments, and filtering the segments to smooth segment boundaries. The data encoded in the watermark signal is precoded to make the watermark data inversion robust and is convolutional encoded to further increase the likelihood that the watermark data will subsequently be retrievable notwithstanding lossy processing of the watermarked signal.

Abstract: A device and method for processing image data, a transmitting medium, and a recording medium are disclosed. More particularly, in image data processing by which accompanying information is embedded as a watermark into coded image data, a position in a block as a unit of coding the coded image data is detected, a blocked watermark pattern is provided, an area in which an operation relative to a first level value is performed and an area in which an operation relative to a second level value is performed are offered, and a watermark is appended to the coded image data in accordance with the blocked watermark pattern. It is thus possible to easily append a watermark that can be certainly detected.

Abstract: Watermark data is encoded in a digitized signal by forming a noise threshold spectrum which represents a maximum amount of imperceptible noise, spread-spectrum chipping the noise threshold spectrum with a relatively endless stream of pseudo-random bits to form a basis signal, dividing the basis signal into segments, and filtering the segments to smooth segment boundaries. The data encoded in the watermark signal is precoded to make the watermark data inversion robust and is convolutional encoded to further increase the likelihood that the watermark data will subsequently be retrievable notwithstanding lossy processing of the watermarked signal. A watermark alignment module determines which of a large number of offsets of the watermarked data is most likely to correspond to a recognizable watermark. The watermark alignment module uses a single basis signal to evaluate a number of offsets over a relatively narrow range of offsets.

Abstract: A signal is encoded, for example, perceptually and, during or after the perceptual coding process, a digital watermark is inserted into a quantized digital information signal resulting from the perceptual coding process in such a manner that its insertion is imperceptible to one later listening to, displaying or otherwise utilizing the information signal. Moreover, the digital watermark may be inserted in accordance with a key indicative of the location of the mark in the digitally encoded signal. The key may be protected with a trusted entity and distributed in such a manner as to be not detectable by a pirate. Consequently, the key may be utilized at watermarking apparatus that can be located anywhere in the distribution channel of a copyright protected work. The key may be embedded in a secure microprocessor of validating apparatus at a point of distribution or even at a point of sale.

Abstract: The certification of electronic documents for subsequent verification and authentication is disclosed. Pursuant to a request to certify a document, a digital signature is extracted from the document. The digital signature corresponds to the content of the document and is unique to the document. Thus, signatures extracted from documents that are even slightly different from the certified document, or from a document that has been changed, will be different. A certification provider maintains the digital certification signature, an identification code such as a serial number, and other information such as the time and date of certification. The serial number is returned to the certification requester. When verification is sought, the serial number and the document alleged to have been certified are given to the certification provider. The serial number is used to index the previously extracted digital certification signature.

Abstract: Counterfeit resistant articles are created by reading a first pattern from an article and encoding the first pattern into a first data set. The first data set is transformed into a second data set, and converted into a second pattern. An article is marked with the second pattern to make it counterfeit resistant. Identification of counterfeit articles occurs by reading a plurality of patterns and converting the plurality of patterns into a corresponding plurality of data sets. These corresponding data sets are then compared for counterfeit identification purposes.

Abstract: Watermark data is encoded in a digitized signal by forming a noise threshold spectrum which represents a maximum amount of imperceptible noise, spread-spectrum chipping the noise threshold spectrum with a relatively endless stream of pseudo-random bits to form a basis signal, dividing the basis signal into segments, and filtering the segments to smooth segment boundaries. The data encoded in the watermark signal is precoded to make the watermark data inversion robust and is convolutional encoded to further increase the likelihood that the watermark data will subsequently be retrievable notwithstanding lossy processing of the watermarked signal. To produce the endless pseudo-random bit stream, subsequent bits of the sequence are generated in a pseudo-random manner from previous bits of the sequence. The pseudo-random bits are appended to the stream of pseudo-random bits and, additionally, replace a number of bits of the state.

Abstract: A method and apparatus for authenticating routing data in a network. In one embodiment, the described method includes the step of generating routing data that described a topology of the network. The routing data has a length equal to a routing data length. A variable output length (VOL) tag length is selected for the output of a VOL one-way function. The VOL one-way function is performed on the routing data, the routing data length and the adjustable VOL tag length to generate a VOL tag having a length equal to the VOL tag length. In one embodiment, the VOL tag is digitally signed using a private key of the box that generates the VOL tag. The routing data, the routing data length, the adjustable VOL tag length, the VOL tag and the signature are transferred in a packet from a first box, which is the box that generates the VOL tag, to a second box. The second box that receives the packet generates a comparison tag using the VOL one-way function based on data received from the packet.

Abstract: Authentication of image from digital cameras with GPS-derived time and location data is disclosed. With the wide-spread availability of today's desktop tools and imaging devices, unethical manipulation of digital image data is common, such that digital images are not ordinarily reliable and can be subject to trickery and forgery. In the past, imagery such as photographs and digital images were reliable enough to serve as documentary evidence in most cases, since a skilled craftsman was needed to modify the images and commit fraud. However, skilled craftsmen are no longer needed, and digital images can be modified by even a casual user. Moreover, time data and location data are not ordinarily included in digital images. According to the invention, a digital camera system documents the time, date and location where a digital image was taken, using GPS-derived data from a secure connection.

Abstract: A method and apparatus for identifying an applicant as a member of a group without explicitly listing all possible applicants. A test is defined which specifies the criteria for group membership. The test definition and an optional group identifier code are supplied to a criterion generator. The criterion generator generates an authenticated message based, at least in part, upon said test definition. The authenticated message is delivered to one or more criterion evaluators that verify the authenticated message. In one embodiment, once the authenticated message has been verified, the applicant for access to a resource presents a credential to the criterion evaluator. If the credential satisfies the test definition, the applicant is granted access to the specified resource and denied access if the credential does not satisfy the test definition.

Abstract: In an authentication system for companies, a server appends suitable verification data to an electronic document to be circulated through terminal units for persons in charge. Each terminal is allocated a unique function in advance and applies it to the verification data in turn when receiving the document. Upon receipt of the document that has been circulated through the persons in charge, the server examines the function-applied value appended to the document to determine whether the document has been circulated correctly through the persons in charge, or via the correct route.

Abstract: A method and apparatus for determining the distance between transitions from a first logical state to a second logical state stored on a medium (i.e., a document). This determination is used to precisely characterize the information pattern in order to authenticate the information and the medium on which the information is stored. The invention uses a reader having a leading and trailing read apparatus which allow information to be read simultaneously from two or more locations spaced a known distance apart. The distance between the centerlines of each read apparatus is preferably an odd integer multiple of one half the distance between logical clock transitions. The distance between a first transition at the leading read apparatus and a next transition at the trailing read apparatus is used as a reference (i.e., the “Reference Value”). The Reference Value is compared with the distance between the first transition and the next transition on the medium (i.e., the “Jitter Value”).

Abstract: Provided is a method and a system for automatically controlling display of video or image data in dependence on content classification information which is integrated within the data by means of invisible digital watermarking techniques. A controller decodes the watermarked content codes and then prevents displaying of certain material, by overlaying the display with blanking data, if the codes match certain stored codes which the controller has been set to respond to. The use of invisible digital watermark codes by a controller which operates in response to the watermark codes provides reliable control since the codes are more difficult for unauthorized persons to detect and remove than other embedded codes would be.

Abstract: A method for generating authentication identification symbols, such as numbers, letters, etc., generates sequences of unpredictable symbols which are employed by vendors of various types of goods to authenticate the goods. Using special mathematical functions, an agent generates a first unpredictable subset of symbols to be supplied to a vendor for marking the vendor's goods. The subset is unpredictable in that knowledge of one or more symbols in the subset cannot be employed to predict other symbols in the subset. Preferably, the vendor then selects another subset of symbols from the first subset, and the symbols in this sub-subset are employed for marking the vendor's goods. The unpredictability of the symbol sequences prevents a counterfeiter from being able to predict other symbols in the sequence. In addition, the vendor's use of a sub-subset of symbols prevents the agent from knowing which of the original subset of symbols the vendor is employing to mark the goods.

Abstract: A token 12 creates utilization history information and sends the information to an information processing unit 11 and simultaneously creates an verification value and stores the value in a utilization-value holding unit 21. The information processing unit 11 records the utilization history information in a history holding unit 16. On receiving a verification-value output request from the information processing unit 11, the token 12 provides the verification value with a signature and outputs the combination of the verification value and the signature. The information processing unit sends to a recovery unit 13 the verification value with the signature as well as the utilization history information. The recovery unit 13 verifies the signature and also the utilization history on the basis of the verification value further.

Abstract: A computer network security system provides generation of a certificate revocation list (CRL) upon each revocation. The entire certificate revocation list may be published on demand, or only the portion that has changed. The computer network security system provides on-demand publishing of data identifying revoked certificates, such as revocation and expiration data, in response to receipt of revocation request data. The computer network security system stores the on-demand published data for analysis by one or more network nodes, such as a client, to determine whether a certificate is valid. The network nodes include certificate revocation list cache memory that may be selectively activated/deactivated, to effect storage/non-storage of the data identifying the revoked certificates.

Abstract: A system is described whereby a document may be authenticated by an issuer thereof and verified by a recipient. Data from the document, at least a portion of which is specific to the document and identifies the document, is input to an authenticating device using an input device. A computing device, including a cryptographic processor and a memory, is coupled to said input device and receives a signal representing the data. The computing device performs a cryptographic operation based on the data to produce encrypted authentication data unique to the document. An output device is coupled to the computing device and affixes a representation of the authentication data on the document. A similar device, including a display device, is used to input the encrypted data, perform a cryptographic operation to decrypt the data, and compare the decrypted data with document identification data to verify the document. Encryption and decryption are performed using a private key/public key pair.

Abstract: A technique for hiding of data, including watermarks, in human-perceptible sounds, that is, audio host data, is disclosed. In one embodiment a method comprises three steps. In the first step, data to be embedded is inputted. In the case of a watermark, this data is a unique signature, and may be a pseudo-noise (PN) code. In the case of hidden data to be embedded in the host data, this data is the hidden data itself, or the hidden data as spread against the frequency spectrum by a pseudo-noise (PN) code. In the second step, the inputted data is embedded within the host data, in accordance with a perceptual mask of the host data. The perceptual mask determines the optimal locations within the host data to insert the inputted data. In the case of sounds, these optimal locations are determined by reference to the human auditory system. In the third step, the host data, with the embedded data, is further masked by a non-frequency mask. In the case of audio data, the non-frequency mask is a temporal mask.

Abstract: Methods, apparatuses and products are provided for verifying the authenticity of data within one or more data files. Each data file is provided with an identifier, such as a one-way hash function or cyclic redundancy checksum. A signature file, that includes the identifiers for one or more data files, is provided with a digital signature created with a signature algorithm. The data file(s) and signature file are then transferred, or otherwise provided to a user. The user verifies the digital signature in the signature file using a signature verifying algorithm. Once verified as being authentic, the signature file can be used to verify each of the data files. Verification of the data files can be accomplished by comparing the identifier for each data file with the corresponding identifier in the signature file. If the identifiers in the data and signature files match, then the data file can be marked as authentic.