Abstract: Computer systems and methods are provided for authenticating a user seeking to conduct at least one interaction with a secured capability provided by a computer. The method includes receiving a first signal from the computer providing the secured capability. The first signal includes a reusable identifier corresponding to the secured capability. The method further includes receiving a second signal from an electronic device being used by the user. The second signal includes a copy of the reusable identifier and user verification information. The method further includes using a processor to evaluate, based at least on the first signal and the second signal, whether the user is authorized to conduct the at least one interaction with the secured capability.

Abstract: An electronic document management program, an electronic document management method and an electronic document management apparatus acquire a plurality of pieces of part identification information respectively identifiably expressing a plurality of parts of document information and a digital signature corresponding to the document information, acquire the preparation type, the preparer's name and the time and date of preparation of the document information as tracing information of the document information, manage the part identification information, the digital signature and the tracing information in association with each other and present information relating to the tracing information to the user in response to a request from the user. Additionally, they acquire new document information and tracing information according to a directive from the user.

Abstract: A piece of software code, as well as a series of semi-random character strings are embedded into a copy of a software application. The application executes the embedded code on activation and may also invoke the embedded code periodically thereafter. The embedded code generates a knowledge string from a seed string and then generates an activation code from the seed string and the knowledge string. The activation code is checked against an externally-supplied code to ensure that the codes match, indicating a non-pirated copy of the software application.

Abstract: Privacy-preserving metering with low overhead is described. In an embodiment consumption of a resource such as electricity, car insurance, cloud computing resources is monitored by a meter and bills are created in a manner which preserves privacy of a customer but at the same reduces bandwidth use between a meter and a provider of the resource. For example, fine grained meter readings which describe customer behavior are kept confidential without needing to send large cryptographic commitments to meter readings from a meter to a provider. In an example, meter readings are encrypted and sent from a meter to a provider who is unable to decrypt the readings. In examples a cryptographic signature is generated to commitments to the meter readings and only the signature is sent to a provider thus reducing bandwidth. For example, a customer device is able to regenerate the commitments using the signature.

Abstract: Embodiments of the present invention enable a message recipient or messaging system to indicate the trustworthiness of a message, especially messages that comprise content that has been digitally signed. In addition, embodiments may alter or control the message to change user behavior by preventing the user from doing things that the message would induce the user into doing. In some embodiments, various characteristics and indicia of the message are determined. For example, for e-mail messages having digitally signed content, certain embodiments may determine the entity or entities asserting a basis for trust, the status or role of the sender, the name of the sender, the affiliation of the sender, the messaging address the location, and the most recent status of the trust relationship. Based on the determined indicia, a plain language notification is composed and the message is displayed with the notification.

Abstract: Verifying the integrity of a received binary object by calculating a first displayable authenticator derived from an input binary object. The first authenticator is then attached to the input binary object, producing a first composite binary object, which is sent to a remote receiver. A second composite binary object is received back from the remote receiver, wherein the second composite binary object includes a received binary object, a received first displayable authenticator, and a second displayable authenticator. A third displayable authenticator is calculated, derived from the second composite binary object, then a display of the first displayable authenticator is compared to a display of the third displayable authenticator, and verification of the integrity of the received binary object is indicated by an exact match between displays of the first and third displayable authenticators.

Abstract: A mobile node and its home system generate synchronized time-based codes at periodic time intervals. Each time-based code is valid for a predetermined time period. To facilitate anonymous operation when roaming, the mobile node identifies itself with a coded identifier instead of a public identifier. The coded identifier used at a given time includes the time-based code that is valid for that given time. To authenticate the mobile node, a serving system receives authentication information from the mobile node and forwards the authentication information to a home system. The authentication information includes the current time-based code and a timestamp. The home system identifies the mobile node from the current time-based code and the timestamp. The home system then uses the authentication information to authenticate the mobile node.

Abstract: Methods, systems, and products distribute digital content based on digital rights license. A digital file may be fragmented into a plurality of unusable fragments. Each unusable fragment is separately unusable. Each unusable fragment may be tagged with a tag to generate tagged unusable fragments. The digital rights license is generated based on the tag, such that the tagged unusable fragments may be reassembled into the digital file.

Abstract: An external master portal system consisting of a standalone primary control interface referred to as a master portal which is network-connected to subordinate gateway controllers located at the peer connection points to the network, used to define and control the permitted transfer of data across a peer-to-peer network is disclosed. Further, control of the master portal can be provided to a third party whose data is only a part of broad range of data stored or used at any of the peer sites.

Abstract: Counterfeit articles are distinguished from genuine articles by a combination of a party-specific code and a product authentication code of the article. After authenticating a genuine article, a replacement authentication code is generated based on the original authentication code and party-specific code. Documents and currencies can be authenticated independently of any party-specific code by an addition to or alteration of their authentication code with each authentication event.

Abstract: Provided is a controller capable of preventing card makers from conducting unauthorized acts. The controller includes: a controller key storage unit configured to hold a controller key that has been embedded by a controller manufacturing device in advance; a decryption unit configured to receive encrypted media key information that has been generated by a key issuance center that is authorized and to decrypt the received encrypted media key by using the controller key, the encrypted key information generated through encryption of key information with use of the controller key; and an encryption unit configured to encrypt the decrypted media key again by using an individual key that is unique to the controller.

Abstract: Electronic documents corresponding to executed paper documents are certified. A certifying agent receives an electronic document and a corresponding paper document that had been executed pursuant to some transaction. The certifying agent compares the information contained in the paper to that in the electronic mortgage document. If the paper adequately corresponds to the electronic document and is otherwise sufficient, then the certifying agent certifies the electronic document so that other parties can reliably engage in transactions involving the electronic document without having to possess or otherwise inspect the executed paper document. Certification involves application of some form of indicia of certification to the electronic document, such as updating the value of a field corresponding to certification in the electronic document and/or applying a digital or electronic signature corresponding to the certifying agent to the electronic document.

Abstract: Disclosed is a method of loading data into a data processing device. The method comprises receiving a payload data item by the data processing device; performing a cryptographic authentication process to ensure the authenticity of the payload data item; storing the authenticated received payload data item in the data processing device; and integrity protecting the stored payload data item. The cryptographic authentication process comprises calculating an audit hash value of at least the received data item. Integrity protecting further comprises calculating a reference message authentication code value of at least the audit hash value using a secret key stored in the data processing device as an input.

Abstract: Disclosed are systems and methods for establishing a personal identification number (PIN). The systems and methods provide techniques to begin a remote session with a customer, prompt the customer to select a PIN to associate with a financial account card during the remote session, and receive the PIN from the customer during the remote session.

Abstract: Software is authorized in accordance with a reputation of the software. A trust in the author and/or publisher of the software is determined via digital signatures and/or CoAs, and a reputation of the software is utilized to determine the intent of the software. The reputation of the software can be determined via a local service, such as an enterprise IT department and/or via a reputation determination service. When software is downloaded or to be executed, the trust in the author/publisher is determined using digital signatures and/or CoAs associated with the software. If the author/publisher is determined to be trusted, a service is called to determine the reputation of the software. The software can be installed and/or executed dependent upon the reputation of the software and trustworthiness of the author/publisher.

Abstract: This patent application is generally related to watermarking and steganography. One claim recites a method of transmarking an audio or video signal previously embedded with a first digital watermark using a first digital watermark embedding method. The method includes: utilizing a programmed electronic processor, decoding the first digital watermark from the audio or video signal; converting the audio or video signal into a different form; and utilizing a programmed electronic processor, embedding decoded message information from the first digital watermark into a second digital watermark in the different form such that the second digital watermark is adapted to robustness or perceptibility parameters associated with the different form. Of course, other combinations and claims are provided as well.

Abstract: In embodiments of the present invention improved capabilities are described for providing a scanning of data associated with a network computer facility. In the process, a request may be received for network content from a content requesting computing facility. A source lookup associated with the request for network content may be performed, where the source lookup may be from a networked source lookup database. The requested network content may then be retrieved, where the type of the content may be determined as a further aid in scanning the content. A checksum of at least a portion of the retrieved network content may then be calculated, and a checksum lookup associated with the portion of the retrieved network content be performed, where the checksum lookup may be from a networked checksum lookup database. Finally, an action may be taken based on at least one of the source lookup and checksum lookup, where the action is associated with protecting the content requesting computing facility from malware.

Abstract: Generating a cryptographic key, for example using a received external key. A system to generate a cryptographic key may include a first data store which may store an authorization key. A system may include a second data store which may store a secure key and/or a public key. A system may include an access controller, which may allow access to a secure key, for example to an access request which may be accompanied by a digital signature. A system may include a key generator, which may generate a private key, for example using a received external key, a stored authorization key and/or a mapping function. A system may include an access request signal generator which may generate a digital signature and/or which may transmit an access request, for example including a generated digital signature, to an access controller to retrieve a secure key.

Abstract: A communication system for transmitting and receiving communication data together with signature data attached thereto for verifying the communication data. A transmission-side in-vehicle device of the system generates the signature data for each unit of communication data consisting of M×N (M>=N>=2) pieces of communication data, and repeatedly transmits M pieces of divided signature data in N rounds, attached to M×N corresponding pieces of communication data. A reception-side in-vehicle device of the system reconstitutes the unit of communication data from M×N pieces of received communication data, reconstitutes the signature data from M pieces of received divided signature data, and then verifies the reconstituted unit of communication data with the reconstituted signature data. This can prevent data missing of the signature data due to communication errors to thereby reliably verify the communication data.

Abstract: A communication system for transmitting and receiving communication data together with signature data attached thereto for verifying the communication data. A transmission-side in-vehicle device of the system generates the signature data for each unit of communication data consisting of M pieces of communication data, and transmits the M pieces of divided signature data, attached to M corresponding pieces of communication data. A reception-side in-vehicle device of the system reconstitutes each unit of communication data from M pieces of received communication data, reconstitutes the signature data from M pieces of received divided signature data, and verifies the reconstituted unit of communication data with the reconstituted signature data. This can prevent significant increase in data amount of additional data in each communication frame for verifying the communication data.

Abstract: A measurement engine performs active platform observation. A program includes an integrity manifest to indicate an integrity check value for a section of the program's source code. The measurement engine computes a comparison value on the program's image in memory and determines if the comparison value matches the expected integrity check value. If the values do not match, the program's image is determined to be modified, and appropriate remedial action can be triggered. The integrity manifest can include a secure signature to verify the validity of the integrity manifest.

Abstract: On-demand protection and authorization of playback of media assets includes receiving digital media at a server computer, storing intermediary data in a data store, and receiving a request from a client for the digital media. The method also includes generating a protected copy of the digital media from the digital media and the intermediary data. The method also includes storing a description of the protected copy in a database and sending the protected copy to the client. The method also includes receiving a request from the client to access the digital media and reading the description from the database based on information in the request. The method also includes sending a response to the client, the response indicating whether the client is authorized to access the digital media, and the response including cryptographic data to decrypt the protected digital media if the client is authorized to access the digital media.

Abstract: An approach is provided to receive a request at a first computer system from a second system. The first system generates an encryption key, modifies retrieved source code by inserting the generated encryption key into the source code, and compiles the modified source code into an executable. A hash value of the executable program is calculated and is stored along with the encryption key in a memory area. The executable and the hash value are sent to the second system over a network. The executable is executed and it generates an encrypted result using the hash value and the embedded encryption key. The encrypted result is sent back to the first system where it is authenticated using the stored encryption key and hash value.

Abstract: In some embodiments, an anti-malware system accounts for benign differences between non-malicious data objects, such as differences introduced by compilers and other polymorphisms. A target object is separated into a multitude of code blocks, and a hash is calculated for each code block. The obtained set of target hashes is then compared against a database of hashes corresponding to code blocks extracted from whitelisted objects. A target object may be labeled as whitelisted (trusted, non-malicious) if it has a substantial number of hashes in common with a whitelisted object. Objects which are slightly different from known whitelisted objects may still receive whitelisting status. By allowing a certain degree of mismatch between the sets of hashes of distinct objects, some embodiments of the present invention increase the efficiency of whitelisting without an unacceptable decrease in safety.

Abstract: The present disclosure involves a method of verifying user check-ins to a venue. The method includes initializing a digital check-in chain for a venue. The method includes expanding, electronically by a processor, the check-in chain with a plurality of check-in entries that each correspond to a visit to the venue by a respective user. Each check-in entry on the check-in chain is generated in response to one or more preceding check-in entries on the check-in chain. The method includes detecting fraudulent check-in entries in response to a split in the check-in chain. The method includes removing the fraudulent check-in entries from the check-in chain.

Abstract: A dynamic notary system having one or more processors, and one or more non-transitory computer readable medium coupled to the one or more processors with at least one of the computer readable medium being local to the one or more processors. The one or more non-transitory computer readable medium stores computer executable instructions, that when executed by the one or more processors cause the one or more processors to: (1) verify a notary with user identification information stored on the at least one computer readable medium local to the one or more processors, (2) retrieve a document to be notarized from the one or more non-transitory computer readable medium, (3) receive a signatory's electronic signature, (4) receive the notary's electronic signature, (5) apply a notary seal to the document, and (6) lock the document in an unchangeable format.

Abstract: One embodiment is an information processing device for obtaining an HMAC, including a padding circuit for generating first key data by adding a first constant with respect to secret key data, setting the secret key data as second key data when the secret key length is equal to the block length, generating third key data by adding the first constant with respect to a first digest value; a hash calculation circuit for obtaining the first digest value; and a control unit for managing a processing state for calculating the HMAC, wherein the hash calculation circuit outputs a first midway progress value when interrupting a calculation process of the first digest value, and resumes the calculation process of the first digest using the first midway progress value when a signal indicating resuming instruction of the calculation process of the first digest value is input to the control unit.

Abstract: A method and system for out-of-band authentication of messages transmitted, e.g. as packets, on a communication network, whereby a first stream of data is received by a sender control module from a sender; the first stream of data is transmitted over a first channel, e.g. a non-secure data channel, toward a receiver control module; the sender control module generates authentication data of the first stream of data; the authentication data are transmitted from the sender control module to the receiver control module on a second channel, e.g. a secure data channel, distinct from the first channel; and a stream of data received by the receiver control module is checked using the authentication data. Before sending the authentication data, the sender control module transmits a control message including synchronization data to the receiver control module over the second channel.

Abstract: A system and method for protecting master transport encryption keys stored on a computing device. Master transport encryption keys are used to secure data communications between computing devices. In one example embodiment, there is provided a method in which a copy of a master transport encryption key is generated and stored in a volatile store of a first computing device (e.g. a mobile device). This copy of the master transport encryption key can be used to facilitate the decryption of data received at the first computing device from a second computing device (e.g. a data server), even while the first computing device is locked. The method also comprises encrypting the master transport encryption key, with a content protection key for example, and storing the encrypted master transport encryption key in a non-volatile store of the first computing device.

Abstract: Counterfeit articles are distinguished from genuine articles by a combination of a party-specific code and a product authentication code of the article. After authenticating a genuine article, a replacement authentication code is generated based on the original authentication code and party-specific code. Documents and currencies can be authenticated independently of any party-specific code by an addition to or alteration of their authentication code with each authentication event.

Abstract: An apparatus comprising a network node configured to support a lightweight secure neighbor discovery (LSEND) protocol for securing neighbor discovery protocols (NDP) for energy-aware devices, wherein the network node is configured to wirelessly communicate with a host node, wherein the network node is configured to exchange LSEND protocol messages with the host node, and wherein the LSEND protocol uses reduced public key and signature sizes and more lightweight signature calculations in comparison to a secure neighbor discovery (SEND) protocol for securing NDP communications that are more suitable for low-power and lossy networks (LLNs).

Abstract: Systems for instant messaging private tags preferably comprise a parser for parsing an instant message for sensitive data and an encryption engine for encrypting the sensitive data. A modified uuencoder is also preferably included for converting the encrypted sensitive data into a data stream that complies with an XML format. Other systems and methods are also provided.

Abstract: Methods, systems, and apparatus are disclosed which enable flexible insertion of forensic watermarks into a digital content signal using a common customization function. The common customization function flexibly employs a range of different marking techniques that are applicable to a wide range of forensic marking schemes. These customization functions are also applicable to pre-processing and post-processing operations that may be necessary for enhancing the security and transparency of the embedded marks, as well as improving the computational efficiency of the marking process. The common customization function supports a well-defined set of operations specific to the task of forensic mark customization that can be carried out with a modest and preferably bounded effort on a wide range of devices. This is accomplished through the use of a generic transformation technique for use as a “customization” step for producing versions of content forensically marked with any of a multiplicity of mark messages.

Abstract: The invention proposes a method for transmitting a message to a plurality of user entities in a network by using a multicast service, comprising the steps of encrypting a multicast message by using ciphering, and sending the encrypted multicast message to the plurality of user entities simultaneously. The invention also proposes a corresponding multicast service control device and a corresponding user entity.

Abstract: Systems and methods for authenticating a user of a service are disclosed. A Personal Identification Number (PIN) is generated using a plurality of variables, and a user is authenticated by comparing the PIN generated at the user's mobile device with a PIN generated on an authentication server. The authentication enables the user to access a service or resource hosted on a host server. When requesting access to the resource, the user generates a device PIN and transmits the device PIN along with their unique key into the host server. The host server forwards the device PIN and the key to the authentication server. The authentication server generates a server PIN and compares the server PIN to the device PIN. If the two PINS match, the authentication server transmits a successful authentication response to the host server.

Abstract: An electronic transaction evidence archive apparatus and method archives electronic transaction evidence, such as public key based electronic transaction evidence on behalf of a first party. The apparatus and method determines redundant electronic transaction evidence and removes the redundant electronic transaction evidence prior to archival. In one embodiment, the electronic transaction evidence archive apparatus and method indexes received electronic transaction evidence and archives the indexed data elements thereof. When a subsequent archival request is made, the apparatus and method evaluates the index data to determine redundant electronic transaction evidence and discards redundant information to save memory resources. The first party provides the electronic transaction evidence in, for example, an archive evidence bundle, which includes data elements related to a single transaction.

Abstract: Methods and apparatus, including computer program products, implementing and using techniques for document authentication. An electronic document is presented to a user. The electronic document has data representing a signed state and a current state. A disallowed difference between the signed state and the current state is detected, based on one or more rules that are associated with the electronic document. A digital signature associated with the electronic document is invalidated in response to the detecting.

Abstract: A facsimile system and method provides authentication of transmitted image information, which authentication may be in the form of a signature page. An authentication device computes authentication information at a sending device, a receiving device, both, or at a remote location during transmission. The signature page may also be transmitted with the document. The sending and receiving devices may each generate signature pages or acknowledgement of receipt in response to receiving a signature page. The authentication information may be encrypted with a public/private key pair. The authentication information may be in the form of a checksum, and may be prepared based on separate regions of the document. A previously generated signature page is compared to a newly generated signature page to verify the document content or authenticity. Document authentication signatures may include machine-readable symbols to represent the authentication information.

Abstract: An online game commerce system, in one embodiment, provides an architecture for enabling the interactive trade, collection, advertisement, purchase, and sales of video game components through the representation and use of an online marketplace such as an auction, store, trading hub or similar expression within a video game. For example, an online race car game purchased at a retail store comes with five different starter cars, but game players are offered the opportunity through an online store or auction accessible through the game to purchase additional cars for $5 each or a new engine for existing cars for $1.00 each. After the initial release of the game, game publishers may offer new cars and race tracks downloadable online for a price of $5.00 each or a promotional offer of $20 for any combination of five.

Abstract: A method for detecting at least one traitor computer system among a plurality of receiver computer systems including: assigning a version of protected content to each of the plurality of receiver computer systems that are currently identified as innocent by a content protection system that monitors distribution of protected content to the plurality of receiver computer systems; recovering at least one unauthorized rebroadcast of the content; generating a score for each of the plurality of receiver computer systems with respect to the recovered unauthorized rebroadcast; calculating a threshold independent of an estimation of maximum traitor computer systems; checking a highest score against the threshold; incriminating a receiver computer system having the highest score above the threshold as a traitor computer system; and removing any unauthorized rebroadcasts overlapping with the traitor computer system. The process may be repeated from generating scores until all traitors are identified.

Abstract: A computer readable medium includes executable instructions to create a report; augment the report with metadata including a report identifier and parameter information; and export the report and metadata to a non-report electronic document.

Abstract: A system manages display and retrieval of image content on a network by identifying the image and linking the image to related information, such as licensing information or usage rights. The system manages the display of image content stored within a network by associating thumbnail images that link to versions of the image content stored on a network. One example is a thumbnail that acts as a bookmark linking to image signal content stored on a distributed network of computers, such as links to web pages accessible on the internet. Corresponding methods are also provided.

Abstract: A first message comprising a received indication of a management key block (MKB) and a received indication of an authorization table (AT) is received at a first network device from a second network device. The received indications of the MKB and AT are validated by comparing them to generated indications of the MKB and AT, respectively. A response is generated based on the validation of the received indications and transmitted from the first network device to the second network device. The generated indications and response are stored. A second message comprising a second received indication of the MKB and a second received indication of the AT is received at the first network device from the second network device. The first network device communicates with the second network device in accordance with the stored response on determining that the second received indications match corresponding stored indications.

Abstract: An information processing apparatus according to the present application includes a first application allowed to access the IC chip, including an IC chip in which predetermined data is recorded, an IC chip reading unit that reads the data recorded in the IC chip, and a signature data generation unit that generates signature data by performing encryption processing on the recorded data read by the IC chip reading unit and a second application not allowed to access the IC chip, including a server access unit that requests acquisition of content from an information providing server by receiving the signature data and the recorded data from the first application and transmitting the signature data and the recorded data to the information providing server that provides predetermined content.

Abstract: A hardware-based security module is used to protect an electronic device, especially a portable electronic device. The security module may determine either via timeout of a watchdog timer or via an explicit message to encrypt selected data on the electronic device. In addition, the electronic device may enter a limited function mode that only allows display of simplistic messages and supports network traffic with a recovery service. The recovery service may be able to use the network traffic to locate the electronic device. The security module may include a secure memory, a cryptographic function, a timer, and support for direct display of data on a monitor.

Abstract: The present invention proposes a solution to prevent a program flow in a processing unit from being modified with respect to an intended program flow, thereby ensuring that important steps such as verifying or authenticating are not bypassed. The invention is particularly aimed at security modules within receiver/decoders in a pay-TV system and involves performing a set of predetermined operations during the processing of entitlement management messages and/or entitlement control messages, said operations being redundant with respect to the normal processing of said messages while leading to the calculation of keys which can then be used to verify that the intended program flow has been respected.

Abstract: The invention relates to a method for decoding a probabilistic anti-collusion code intended to identify at least one sequence of code present in a multimedia content having been used to create an illegal copy of this multimedia content, this method comprising a step of estimating the collusion strategy used to constitute the illegal copy associated with a step of identifying the sequences having been used in creating the illegal copy.

Abstract: A system and method are provided for intentionally introducing defects into molded replacement component parts that are used to identify and authenticate, or confirm compatibility of, the molded replacement component parts in devices in which the molded replacement component parts are installed. Process conditions in the fabrication or formation of melt processed parts are modified to deliberately introduce surface, detectable defects into the melt processed parts. Authentication and compatibility confirmation for molded parts are facilitated by deliberately introducing one or more of undercut posts, deliberate flashes, weld lines, sinks, cracked ribs, flow marks or the like included individually or in combination in a test area on a molded part. A Quality Review (QR) code that specifies a compilation of at least some of the actual defects that are present in the molded part is provided, potentially encrypted, for comparison purposes.

Abstract: A system and a method automatically generate video-based tests to distinguish human users from computer software agents. The system comprises a CAPTCHA generation engine, a CAPTCHA serving engine, a video clips database, and a video tests database. The CAPTCHA generation engine selects a video clip from the video clips database, and segments the video clip into multiple video segments. For each video segment, the CAPTCHA generation engine associates a plurality of related queries with the video segment, generates a video test based on the association, and stores in the video tests database. A CAPTCHA serving engine selects a video test for a user, maintaining a user trial counter for each user taking the video test. Based on the user trial counter information and the response to the selected video test, the CAPTCHA serving engine determines whether the user is a human user.

Abstract: A method and system for verifying a check that is being used for an on-line transaction, utilizes a hash code value either printed directly on the check, or obtained from an insert card provided by a check printer. To conduct an on-line transaction using a check, the customer enters in data obtained from a MICR line of the check, whereby the data includes a one-way hash value that is based on the data provided on the MICR line as well as private data not provided on the MICR line. A web server of an e-tailer for which the customer seeks to make the on-line transaction, receives the data entered by the customer. The web server of the e-tailer transmits, to a check verifier, the data entered by the customer. The check verifier verifies whether or not the check is valid, by comparing the hash code value entered in by the customer with a hash code value that is separately calculated by the check verifier, based on private data of the customer obtained by the check verifier from a database.