Abstract: A method for securing data in hardcopy documents. The method includes obtaining a page image having a private data item; generating an encrypted version of the private data item; obtaining a decoder identification (ID) value of a decoder; generating, using an encoder, a symbol having the encrypted version of the private data item and the decoder ID value; and generating a hardcopy document by recording the symbol on a physical medium, where the hardcopy document is transported to a subsystem having the decoder, and where the subsystem decrypts the encrypted version of the private data item after extracting the encrypted version of the private data item from the symbol.

Abstract: A file server receives a request from a client to mount an encrypted file system. The file server informs the client that the requested file system is encrypted and, in turn, receives a session ticket from the client that includes a security protocol mounting selection. The file server decrypts the client's user's encrypted private key, and then decrypts the requested encrypted file system using the private key. In turn, the file server sends the decrypted file system to the client over a secure channel, which is based upon the security protocol mounting selection. In one embodiment, a key distribution center server receives a request from the client for the client's user to access the encrypted file system at the file server. The key distribution center server retrieves an intermediate key; includes the intermediate key in a session ticket; and sends the session ticket to the client.

Abstract: Methods, apparatus, and articles of manufacture for media monitoring are disclosed. In particular, the example methods, apparatus, and articles of manufacture generate signatures. Initially, a first plurality of filtered values are identified by performing a wavelet transform on a first frame of media samples. A first energy value is determined based on a first portion of the first plurality of filtered values, and a second energy value is determined based on a second portion of the first plurality of filtered values. A first descriptor of the first frame of media samples is determined based on a comparison of the first energy value and the second energy value. A first signature is generated based on the first descriptor.

Abstract: In one aspect, systems and methods for three-factor authentication include receiving a user's identification and password transmitted from the user's mobile device, generating a One Time Password (OTP), encrypting the OTP, and encoding the encrypted OTP in a two-dimensional barcode. The two-dimensional barcode of the encrypted OTP is transmitted to a computing device of the user, and an image of the two-dimensional barcode of the encrypted OTP displayed on the user's computing device is captured using the user's mobile device. The two-dimensional barcode of the encrypted OTP is decoded using the user's mobile device to obtain the encrypted OTP. The encrypted OTP is decrypted using the user's mobile device and displayed. The OTP then is spoken by the user, and the user's voice and the OTP are recognized to authenticate the user.

Abstract: A mobile node and its home system generate synchronized time-based codes at periodic time intervals. Each time-based code is valid for a predetermined time period. To facilitate anonymous operation when roaming, the mobile node identifies itself with a coded identifier instead of a public identifier. The coded identifier used at a given time includes the time-based code that is valid for that given time. To authenticate the mobile node, a serving system receives authentication information from the mobile node and forwards the authentication information to a home system. The authentication information includes the current time-based code and a timestamp. The home system identifies the mobile node from the current time-based code and the timestamp. The home system then uses the authentication information to authenticate the mobile node.

Abstract: A method and apparatus are disclosed herein for paper-based document logging. In one embodiment, the method comprises scanning bits of a document, generating a cryptographic hash, converting the cryptographic hash into a machine readable code, and rewriting the document with the code contained thereon.

Abstract: A file server receives a request from a client to mount an encrypted file system. The file server informs the client that the requested file system is encrypted and, in turn, receives a session ticket from the client that includes a security protocol mounting selection. The file server decrypts the client's user's encrypted private key, and then decrypts the requested encrypted file system using the private key. In turn, the file server sends the decrypted file system to the client over a secure channel, which is based upon the security protocol mounting selection. In one embodiment, a key distribution center server receives a request from the client for the client's user to access the encrypted file system at the file server. The key distribution center server retrieves an intermediate key; includes the intermediate key in a session ticket; and sends the session ticket to the client.

Abstract: The present disclosure involves a method of verifying user check-ins to a venue. The method includes initializing a digital check-in chain for a venue. The method includes expanding, electronically by a processor, the check-in chain with a plurality of check-in entries that each correspond to a visit to the venue by a respective user. Each check-in entry on the check-in chain is generated in response to one or more preceding check-in entries on the check-in chain. The method includes detecting fraudulent check-in entries in response to a split in the check-in chain. The method includes removing the fraudulent check-in entries from the check-in chain.

Abstract: An electronic label authenticating method is provided, the method includes: the electronic label receives an accessing authenticating request group sent by a reader-writer, the group carries a first parameter selected by the reader-writer; the electronic label sends a response group of the accessing authenticating to the reader-writer, the response group of the accessing authenticating includes the first parameter and a second parameter selected by the electronic label; the electronic label receives an acknowledgement group of the accessing authenticating feed back by the reader-writer; the electronic label validates the acknowledgement group of the accessing authenticating. An electronic label authenticating system is also provided, the system includes a reader-writer and an electronic label.

Abstract: The object of the present invention is to safeguard the authenticity and integrity of real-time data in a distributed real-time computer system. The present invention considers other requirements of real-time data processing, such as the timeliness of real-time data transmission and limited resource availability. Frequent modification of an asymmetric key pair hinders intruders from cracking a key before its validity has expired. The present method can also be extended to safeguard the confidentiality of real-time data. It can be implemented efficiently on a multiprocessor system-on-chip (MPSoC).

Abstract: Electronic data is input. The electronic data is divided into N (N is an integer satisfying N?2) segments. Examination data is generated by repeating, up to the Nth segment, the computation processing of using the computation result obtained by performing predetermined computation on the data of the Mth (M is an integer satisfying 1?M?N?1) segment as an input for predetermined computation of the data of the (M+1)th segment. Verification data for the electronic data is generated so as to contain, as intermediate data, the examination data and a computation result in the middle of generating the examination data.

Abstract: A method for generating a digital signature with respect to an electronic document, the method including: inputting a target electronic document and a corresponding digital signature ?; dividing the target electronic document into a plurality of partial documents mi; and when a revision of the partial documents is to be performed, in a case where deletion of the one partial document is to be performed, when sanitization is not prohibited, exponentiating the digital signature ? twice with a hash value Gi, when sanitization is prohibited, exponentiating ? with the Gi; in a case where sanitization is to be performed, replacing a partial document by Gi; in a case where deletion is to be prohibited, exponentiating ? with a hash value Hi; in a case where the sanitization is to be prohibited, exponentiating ? with Gi; and updating ?.

Abstract: A system verifies an identity of a content sender by receiving content purporting to originate from a content sender, and performing a validation of the content to determine a purported identity of the content sender. The system prepares and transfers verification data to an address associated with the purported identity of the content sender. In response to transferring the verification data, the system receives a verification response to the verification data, and performs a validation of the verification response to verify the purported identity of the content sender.

Abstract: Disclosed is a method of using public key cryptography to determine the authenticity of a brand name product. The brand name product has a unique message personal to the owner of the brand name product and a digital signature which includes at least the encrypted unique personal message. The unique message and digital signature are authenticated using a public key.

Abstract: A system and method for performing a security check may include using at least one processor to periodically check a status of a flag, generate and store a baseline representation of modules stored on the device where the flag is determined to be set to a first state, and, where the flag is determined to be set to a second state, generate an active representation of modules stored on the first device, compare the active representation of modules to the baseline representation of modules, and, responsive to a determination in the comparing step of a difference between the baseline and active representations of modules, output an alert. The flag status may depend on an association of the device with one of a plurality of authorization policies, each mapped to one of the two states. Results of the comparison may be appended to an activity log of the device.

Abstract: A signing method, apparatus, and system, which relate to the information security field. The present invention overcomes the problem of signature counterfeit in prior art. The client host generates a transaction message and determines the key information of the message after receiving transaction information entered by a user, forms a data packet for signing, and transmits the data packet to the USB key, which will then extract the key information and output it for confirmation by the user, and if a confirmation is received, the USB key signs the data packet and transmits a signature to the client host; after receiving the signature and the transaction message from the client host, the server extracts the key information from the transaction message to form a data packet for signing and verifies the signature against the data packet. The embodiments of the present invention are mainly applicable to the field of information security.

Abstract: An information processing apparatus according to the present application includes a first application allowed to access the IC chip, including an IC chip in which predetermined data is recorded, an IC chip reading unit that reads the data recorded in the IC chip, and a signature data generation unit that generates signature data by performing encryption processing on the recorded data read by the IC chip reading unit and a second application not allowed to access the IC chip, including a server access unit that requests acquisition of content from an information providing server by receiving the signature data and the recorded data from the first application and transmitting the signature data and the recorded data to the information providing server that provides predetermined content.

Abstract: In a first aspect the invention provides a storage method for a gaming machine, including allocating program code to one of at least two program categories including a first category of program code that is expected to be modified more frequently than a second category of program code and storing program code from the first and second categories in logically separate storage areas.

Abstract: A digital signature method to generate a signature for an electronic document, the method including: initializing a signature t of each of the document segments of electronic document and twice raising the signature t to the power of a hash value of each of the document segments and digitally signing the raised signature to produce a signature s serving as the signature of the electronic document; and revising a document segment; wherein, in the revising, to delete a document segment, the signature t is raised twice to the power of the hash value of the document segment unless the document segment is sanitization prohibited, or the signature t is raised to the power of the hash value of the document if the document segment is sanitization prohibited, and the document segment is deleted; to sanitize a document segment, the document segment is replaced with the hash value thereof.

Abstract: A method of generating a self-authenticating printed document and authenticating the printed document. The back side of the printed document contains 2d barcode which encode extracted features of the document content. The features are hashed into a hash code, converted to a barcode stamp element, and transformed into a hierarchical barcode stamp by repeating the stamp element. The hierarchical barcode stamp is printed as a gray background pattern on the front side of the same sheet of printed document. To authenticate the printed document, the barcodes on the back side are read to extract the document features. The features are hashed into a hash code and compared to the hash code extracted from the hierarchical barcode stamp on the front side of the document to detect any alterations of the back side barcodes. Further, the document features extracted from the front and back sides of the document are compared.

Abstract: An authentication method of an electronic device is disclosed. A plurality of key inputs is received from a user via activation of input keys. At least one key input from the key inputs is validated based on a predefined criterion to obtain a password. The password is compared to a registered password to obtain an authenticated password.

Abstract: Methods, systems, and computer programs for using an implicit certificate are disclosed. In some implementations, an identifier for an entity is obtained. A first cryptographic pair that includes a first private value and a first public value is generated. A second cryptographic pair that includes a second private value and a second public value is generated. Based on the first public value and the identifier for the entity, an implicit certificate IC is generated at a first computing device. Based on the implicit certificate IC, the first private value, and the second private value, a private key for the entity is generated at the first computing device. The implicit certificate IC is then sent with the second public value from the first computing device to the second computing device. The implicit certificate IC can be used, for example, to generate or verify digital signatures, to encrypt or decrypt messages, etc.

Abstract: Systems and methods for electronic postmarking of location data are provided. Electronic postmarking of location data (S.20) includes generating a hash value corresponding to merged data (S.30). Electronic postmarking further includes generating an electronic postmark data structure (S.40) comprising the hash value and a date/time stamp. The electronic postmarking data structure (S.40) may further include a digital signature.

Abstract: A system for secure transfer of encrypted data involves a sender client (36), a recipient client (38), a main server (40), and a key server (42). The sender client (36) receives instructions from a first user identifying transfer data and a recipient identifier, creates an encoding key, encodes the transfer data using the key, and communicates the key and the recipient identifier to a main server (40). The main server (40) communicates the key and the recipient identifier to the key server (42), which associates the recipient identifier with a secure package identifier and communicates the secure package identifier to the main server (40), which communicates the secure package identifier to the sender client (36).

Abstract: A control system and a security checking method thereof is used in an embedded system. The control system includes a process module and a first memory module. The first memory module is used to store a pre-loader code and a first secure key. The security checking method includes the following steps: loading the pre-loader code and the first secure key; executing the pre-loader code to download a first program from an in-system programming module; determining whether the first program corresponds to the first secure key or not; if yes, then downloading a second program from the in-system programming module; and programming an internal program and a second secure key by the second program.

Abstract: Systems and methods for generating and verifying an electronic document with embedded digital signatures. When an electronic document is generated, signature blocks are included that are used to store corresponding digital signatures. When each digital signature is generated, some of the attributes of the signature blocks are filled such that the digital signature references these attributes, such as a timestamp. Each signature block also includes a reconstruct attribute that is used when the electronic document and/or the digital signature is validated through reconstruction. Other signature blocks do not require a reconstruct attribute. During reconstruction, some data is removed from the electronic document such that the data is identical to a previous state. The reconstructed document is hashed and the hash result is compared with the decrypted digital signature. The electronic document and/or the digital signature is validated or verified if the hash result matches the decrypted digital signature.

Abstract: A system and method for dynamically and automatically updating the appropriate fields on the message application screen of an electronic message to show which of the appropriate service book, security encoding or security properties are acceptable or allowed for the message being composed. This updating occurs automatically based on the contents of the fields that are modified during composition of the message, such as, for example, modifications to classification of the message, recipients, keywords, or the like. Thus, the properties in place for a given message is reflected in a dynamic options list provided to the user based on the contents of various fields of the electronic message and the system policies resident on the system. The dynamic updating may provide an updated list of options to the user, or may optionally automatically apply minimum level settings based on security policy and contents of the message.

Abstract: Various embodiments of a system and method for a single request—single response protocol with mutual replay attack protection are described. Embodiments may include a system that receives multiple single request messages, each of which may include a respective nonce, timestamp, and digital signature. The system may create a record of previously received nonces that, at any given time, may include multiple message nonces received within a valid period of time prior to that given time. To validate a given single request message the system may verify the digital signature of the that message, determine that the timestamp of that message indicates a time within the valid period of time prior to the current time, and determine the nonce of the that message is not present within the record of previously received nonces. The system may send a single response message that includes the same nonce as the validated message.

Abstract: A logging system and method based on a one-way hash function are described. The system includes a user system, a trusted third party, and a verifier. The method includes the following steps. The user system records a log file and initializes a message authentication code key and an image code. When the verifier requests the user system for a logging unit corresponding to an operation history, the user system uses a one-way hash function to calculate a check value and returns the check value and an image code sequence. The verifier then verifies the integrity of the check value and the image code sequence through the trusted third party. The trusted third party checks if the image code sequence obtained by the hash calculation equals to the check value through the one-way hash function, so as to verify that the log file of the user system has not been modified.

Abstract: The invention relates to a secure data processing method comprising the steps of generating (E204; E304) a first random value (A1); executing (E206; E306) a first cryptographic algorithm (FK) using the first random value (A1); generating (E208; E308) a second random value (A2); executing (E210; E310) a second cryptographic algorithm (FK; GK) using the second random value (A2); and generating a result (V) to verify that the first algorithm (FK) was properly executed.

Abstract: Techniques are disclosed for sharing information in a wide variety of contexts. An information sharing system is described that allows both an explicit capture process and an implicit capture process to add information items to a staging area. Further, the information sharing system supports both implicit and explicit consumption of information items that are stored in said staging area. A rules engine is provided to allow users to create and register rules that customize the behavior of the capture processes, the consuming processes, and propagation processes that propagate information from the staging areas to designated destinations. Techniques are also described for achieving exactly-once handling of sequence of items, where the items are maintained in volatile memory. Techniques are also provided for recording DDL operations, and for asynchronously performing operations based on the previously-performed DDL operations.

Abstract: The invention relates to a decoding method for a probabilistic anti-collusion code aiming to identify at least one sequence of the code present in a multimedia content having served in the creation of an illegal copy of the multimedia content, this method comprising a step of selection of the collusion strategy used to constitute the illegal copy from among a set of collusion strategy models.

Abstract: Methods and apparatus for characterizing media are described. An example apparatus includes a transformer to convert at least a portion of a block of audio into a frequency domain representation including a plurality of frequency components; a decision metric processor to: define a band of frequency components having real and imaginary spectral components, define a plurality of frequency bins within the band, determine respective difference functions for each of the frequency bins using a product of the real and imaginary spectral components of a corresponding group of the frequency bins, the corresponding group for a first one of the frequency bins including at least the first one of the frequency bins and a second one of the frequency bins selected based on the first frequency bin, and determine a decision metric by summing the difference functions; and a signature determiner to determine a signature based on the decision metric.

Abstract: The present invention provides a system and a method for generating digital signatures. The system comprises a first formula which generates the signature as selected series from at least two, but preferably more digitized biometric features of a user. The signature comprises a different selected series per unit of time of for instance 10 seconds. The invention comprises a second formula which assigns a numerical value to a data file. The second formula can also use the numerical value to define another time interval, on the basis of which another signature can be generated. The invention further provides a number of examples for application of the generated signature during the sending of data files.

Abstract: The present disclosure provides a number of systems and associated processes for using machine-readable codes to perform a transaction. Embodiments of the present disclosure provide a system and associated processes for consolidating and replacing various forms of payment (e.g. credit cards, debit cards, and cash) with a single payment system. Further, embodiments of the present disclosure provide a system and associated processes for reordering a product provided by a product provider. Moreover, embodiments of the present disclosure provide a system and associated processes for accepting a gift, or gift transaction, associated with a gift card. In addition, embodiments of the present disclosure provide a system and associated processes for performing an Automatic Teller Machine (ATM) transaction using a machine-readable code.

Abstract: A method and apparatus for verifying that a user is the owner of a public listing is provided. The user selects an option to claim ownership of the public listing offered by an online service provider. The online service provider uses information regarding the user and the public listing to generate a verification code. The online service provider delivers the verification code to the owner of the public listing via the contact information provided by the public listing. If the user owns the public listing, the user receives the verification code via contact information associated with the public listing. The user verifies ownership by inputting a code to the online service provider. If the inputted code matches the verification code, then the online service provider identifies the user as the owner of the listing. Once verified, the user modifies the listing.

Abstract: The invention relates to a method that allows a third party to authenticate a manufacturer's individual product. According to said method, at least one first code that is specific for said individual product is generated and is applied to the product or the packaging thereof by the manufacturer, said first code is stored in a publicly accessible database, the first code is read by the third party and is entered into the database, and the database generates an output based on a comparison between the entered first code and the first codes of all products stored in the database, said output indicating whether the first code is identical to a stored first code and/or whether the first code has been retrieved at an earlier time. Previously known methods of this type offer no sufficiently sure possibility to verify whether the product is an original product or a counterfeit product.

Abstract: A secure remote-data-storage system stores encrypted data and both plaintext and encrypted keys at a server, where data at the server is inadequate to recover the plaintext of the encrypted data; and stores at least one encrypted key at a client system. To decrypt the data, the client must obtain a copy of the encrypted data from the server, and a key to decrypt its locally-stored encrypted key. Once decrypted, the locally-stored key can be used to decrypt the encrypted data, or to decrypt an encrypted key from the server, which may then be used decrypt the encrypted data.

Abstract: There is described an image forming apparatus, which make it possible to appropriately print each of a valid print object and an invalid print object. The apparatus includes: a printing section to conduct a printing operation based on the print data, so as to create the print product; and a control section to determine whether the digital signature is valid or invalid so as to control the printing operation, based on the determined result. When the plurality of print objects includes both a valid print object for which the digital signature is determined as valid and an invalid print object for which the digital signature is determined as invalid, the control section controls the printing operation, so as to enable the valid print object to be printed, based on the print data, while disable the invalid print object to be printed, based on the print data.

Abstract: A sending device prepares a key for each electronic message sent by the device by applying an algorithm to specified data in the message and then incorporates the key in the message. A receiving device, upon receipt of an electronic message, locates the incorporated key and the data from which a sending device practicing the invention would have prepared it. The receiving device communicates a confirmation request to the purported sending device which contains the key and the data for its preparation. The sending device receives the confirmation messages and prepares a comparison key by applying the algorithm to the data in the confirmation request. The sending device replies to the confirmation request confirming that the sending device sent the message if the comparison key matches the key in the confirmation request and otherwise responds with a denial.

Abstract: The invention relates to a method for providing an assertion message (200) from a proving party (20) to a relying party (40), the method comprising the steps of: —creating an assertion (A) comprising one or more statements, —creating an assertion proof (p A), —creating a temporary private key and a corresponding temporary public key (K) from the assertion (A) and the assertion proof (p A), —creating a key proof (PK) for the temporary public key (K), —creating an assertion message signature (S) by means of the temporary private key, —creating the assertion message (200) comprising the temporary public key (K), the assertion proof (PA), the key proof (PK), the assertion (A), a message body (220) and the assertion message signature (S) to the relying party (40).

Abstract: The subject disclosure is directed towards processing requests for accessing a service provider. After examining at least one security token, a public key and a portion of attribute information are identified. An authentication component is accessed and applied to the public key. A unique user identifier is employed in generating the public key. The authentication component is generated using information from at least one revoked security token or at least one valid security token. The authentication component is configured to prove validity of the at least one security token.

Abstract: A computer-implemented method for using reputation data to detect packed malware may include: 1) identifying a file downloaded from a portal, 2) determining that the file has been packed, 3) obtaining community-based reputation data for the file, 4) determining, by analyzing the reputation data, that instances of the file have been encountered infrequently (or have never been encountered) within the community, and then 5) performing a security operation on the file (by, for example, quarantining or deleting the file).

Abstract: In a method for compatibility checking of a measuring system including a measurement transmitter and a sensor, a first signature is externally created for an identifying data set and is stored in the measurement transmitter. After transmission of the identifying data set from the measurement transmitter to the sensor, a second signature is calculated for the identifying data set in the sensor. If the signatures match, then the measurement transmitter and the sensor are compatible and the measurement transmitter can access data and/or functions of the sensor.

Abstract: Methods and systems for centralized kernel module loading are described. In one embodiment, a computing system detects a kernel module load event to load a kernel module into a kernel of a client. Upon detection of the kernel module load event, the computing system computes a cryptographic hash of the kernel module, and sends the cryptographic hash to an access control server to verify whether the cryptographic hash is a permitted hash. The computing system receives a response from the access control server to permit or deny the kernel module load event, and permits or denies the kernel module load event based on the response.

Abstract: The present invention relates electronic receipts. There is provided a method for generating an electronic receipt in a communication system providing a public key infrastructure, the method comprising the steps of receiving by a second party a request message from a first party, the request message comprising a transaction request and a first public key based on a secret owned by the first party and wherein the secret is associated with at least the secret of a further public key of the first party, electronically signing at least part of the request message with a second public key assigned to the second party to issue the electronic receipt, and providing the electronic receipt to the first party.

Abstract: Systems and methods utilizing the network layer and/or application layer to provide security in distributed computing systems in order to thwart denial of service attacks. The systems and methods of the present invention utilize puzzles placed at the network layer level and/or application layer level to protect against denial of service attacks. Further, the systems and methods of the present invention advantageously provide a robust and flexible solution to support puzzle issuance at arbitrary points in the network, including end hosts, firewalls, and routers and thereby a defense against denial of service attacks.

Abstract: Embodiments describe a system and/or method for multiple party digital signatures. According to a first aspect a method comprises establishing a first validity range for a first key, establishing a first validity range for at least a second key, and determining if the validity range of the first key overlaps the first validity range of the at least a second key. A certificate is signed with the first validity range of the first key and the first validity range of the at least a second key if the validity ranges overlap. According to another embodiment, signage of the certificate is refused if the first validity range of the first key does not overlap with the first validity range of the at least a second key.

Abstract: In general, one aspect of the subject matter described in this specification can be embodied in a system that includes a network-based information server system; and a computer operable to interact with a user interface device and operable to perform operations including: receiving from the network-based information server system status information corresponding to software applications, the status information including black-list information and phoenix-list information; updating a local cache, retained by the computer, with the status information received from the network-based information server system; generating an identifier for a software application, using a digital certificate and a hash value, when the software application is launched on the computer; checking the identifier for the software application against the status information; and notifying a user of the computer when a match is found during the checking.

Abstract: Methods, systems, and computer-readable media for updating a domain name server are provided. A console may receive a first request to access the console. The console may verify first permission to access the console. The console may receive a second request to access the domain name server. The console may verify second permission to access the domain name server. The console may receive an instruction to modify an entry in the domain name server. The instruction may specify that a previous Internet Protocol address in the entry is replaced with a new Internet Protocol address. The console may transmit the instruction from the console to the domain name server. The domain name server may be configured to replace the previous Internet Protocol address with a new Internet Protocol address in the entry in response to the instruction.