Abstract: A system and method are disclosed for collecting, analyzing, verifying, producing, and broadcasting security data. Internet security-related information may be broadcast continuously from a data center over a broadcast channel, such as a webcast. As additional security related information is received at the data center, the data is analyzed and video content is produced to describe the incoming data. Video content may take the form of urgent near real-time security alerts, or pre-scheduled programs describing recent news and developments related to internet security. In an alternative embodiment, security news alerts are multi-cast to a selected group of users and the news alert data encrypted so that the group of users may trust its source.

Abstract: A computer system receives from a user computer, an authorization code and an access instruction for at least one data record with person-related contents. It executes the access instruction only if the authorization code matches a comparison criterion which it determines on the basis of a data record code assigned to the data record. The data record code is specific at least to the person whose personal data the data record contains.

Abstract: Material code recording and reading method and devices designed for protection of products and control of their authenticity. The marking device 1 embeds a sign upon the product 4, the marked product 5 is passed to camera 2 which films the product material structure around the sign and transfers the image to the recording device 3, the latter records the database. The comparing alarm device 8 compares the icon from camera 7 with the icon from database 6 and alarms whether they are identical or not.

Abstract: Methods and apparatus that correct for corrupted user identification or other data based on reciprocal transmission channel characteristic. In one embodiment, a level of tolerance is disclosed which provides a degree of leniency in user identification. In alternate embodiments, a level of tolerance is disclosed which provides a narrow window for “guessing” of user identification. Various methods for quantization and specification of tolerances are also disclosed. Methods and apparatus useful for implementing variation-tolerant encryption schemes are also provided.

Abstract: The present invention relates to a device for detecting a manipulation of an information signal, having an extractor for extracting an information signal component characteristic for the information signal from the information signal, an encryptor for encrypting the information signal component to obtain an encrypted signal, and a comparator for comparing the encrypted signal to a reference signal, wherein the reference signal is an encrypted representation of a non-manipulated reference signal component of a reference information signal to detect the manipulation.

Abstract: A security printing method includes generating a security file having a plurality of metadata fields and an information field concatenated together in an initial sequence. A security file identification is generated from the plurality of metadata fields and the information field. The security file identification corresponds to the initial sequence and is a one-way function of the plurality of metadata fields and the information field. The method further includes selecting a custom scrambling technique based on the security file identification, and scrambling the initial sequence using the selected custom scrambling technique, thereby creating a scrambled sequence of the plurality of metadata field and the information field.

Abstract: A system and method are disclosed for rendering published documents tamper evident. Embodiments render classes of documents tamper evident with cryptographic level security or detect tampering, where such security was previously unavailable, for example, documents printed using common printers without special paper or ink. Embodiments enable proving the date of document content without the need for expensive third party archival, including documents held, since their creation, entirely in secrecy or in untrustworthy environments, such as on easily-altered, publicly-accessible internet sites. Embodiments can extend, by many years, the useful life of currently-trusted integrity verification algorithms, such as hash functions, even when applied to binary executable files. Embodiments can efficiently identify whether multiple document versions are substantially similar, even if they are not identical, thus potentially reducing storage space requirements.

Abstract: A unique system and method that facilitates visually identifying authentic UI objects, bundles, or windows is provided. A detection component can detect when user-based input has activated a verification mode with respect to one or more trusted UI objects rendered on-screen. A verification component can verify at least one of a source and identity associated with one or more UI objects in order to ensure the integrity related therewith. A verification rendering engine can re-render the one or more trusted UI objects in a manner that is based at least upon whether the one or more trusted UI objects are verified, thus improving visual recognition of verified trusted UI objects over non-verified UI objects.

Abstract: A method and system for embedding into a text document generated by a licensed software a License Identification Signature of the software.

Abstract: A method for authenticating address ownership using a Care-of Address (CoA) binding protocol, the method includes a comparison of two hash-function-processed result values, i.e., a first hash-function-processed result value transmitted from a home agent, the first hash-function-processed result value encrypted by a public key of a correspondent node and decrypted by a secret key of the correspondent node, and a second hash-function-processed result value piggybacked in a binding update message transmitted from a mobile node. The hash-function-processed result values are obtained by applying hash functions to a care-of address of a mobile node to be used in a foreign link, a random number generated by a home agent and a secret key shared by the home agent and the mobile node.

Abstract: A method, program and system for processing data is disclosed. The data comprises identifiers of a plurality of entities. The method, program and system comprising the steps of: (a) receiving one or more records, each record having a plurality of identifiers, each record corresponding with at least one entity, (b) utilizing a cryptographic algorithm to process at least two of the plurality of identifiers in the record, (c) sometimes after transmitting the processed record to a separate system or database, comparing the processed record to previously stored data; (d) matching the processed record with previously stored data that is determined to reflect the entity, the previously stored data that is determined to reflect the entity comprising at least a portion of at least two previously received records and/or based upon another identifier; and/or (e) associating the processed record with previously stored data that is determined to reflect a relationship with the entity.

Abstract: A method of detecting a version of input data content, there being a plurality of different versions of said data content, in which: said data content is arranged as two or more segments according to a segmentation pattern; and said versions of said data content are identifiable by corresponding identification data patterns by which at least some of said segments have respective identification data; said method comprising the steps of: (i) detecting said identification data in respect of said segments of said input data content; (ii) comparing said detected identification data with said identification data patterns corresponding to said different versions of said data content; and (iii) detecting that said input data content comprises at least a contribution from a certain version of said data content if a sum of matches obtained between said detected identification data and said identification data pattern for said certain version exceeds a threshold number.

Abstract: Processing load on an executing device for conducting playback is high during the playback of contents since the executing device performs verification of the contents validity in parallel with the contents playback, and therefore the executing device has to be equipped with a highly efficient processor. The present invention reduces the processing load involved in the verification by using, for the verification, only a predetermined number of encrypted units selected randomly from multiple encrypted units constituting encrypted contents recorded on the DVD. In addition, the present invention is capable of improving the accuracy of detecting unauthorized contents to some extent by randomly selecting a predetermined number of encrypted units every time the verification is performed.

Abstract: The main CPU executes Fourier transform to the partial image, then performs strict spectrum analysis 1 for judging the presence/absence of data at a coordinate position designated in advance on a Fourier transform plane with high resolution for judging the presence/absence of prohibition of duplication, then judges whether duplication-prohibited data exists or not, and clears both the partial image and the document image if it is judged that duplication-prohibited data exists. If it is judged that duplication-prohibited data does not exist, the main CPU executes spectrum analysis 2 for broadly inspecting the existence of a periodic component instead of lowering the resolution from the spectrum analysis 1 and judges whether a structure other than DC component exists or not.

Abstract: A method and apparatus for a third party authentication server is described. The method includes receiving a record ID for a user, and a one-time key generated by the server and encrypted with a user's public key by the server. The method further includes receiving the user's authentication data from the client, and determining if the user's authentication data matches the record ID. If the authentication data matches the record ID, decrypting the one-time key with the user's private key, and returning the decrypted one-time key to the client.

Abstract: There is described an authentication system in which during an enrolment process a distinctive characteristic of a subject being enrolled is measured to generate a reference number representative of the subject. Authentication data is then generated using the reference number, and the authentication data is stored for use in a subsequent verification process. During verification, the representative characteristic of the subject being verified is re-measured to generate a test number representative of the subject being verified and the authentication data during enrolment is retrieved. The authentication system then checks for equality between the test number and the reference number using the retrieved authentication data. If the test number and the reference number are equal, then the authenticity of the subject is verified, otherwise the authenticity is denied.

Abstract: Techniques are disclosed to enable utilization of randomly-occurring features of a label (whether embedded or naturally inherent) to provide counterfeit-resistant and/or tamper-resistant labels. More specifically, labels including randomly-occurring features are scanned to determine the labels' features. The information from the scan is utilized to provide identifying indicia which uniquely identifies each label and may be later verified against the label features that are present to determine whether the label is genuine. In a described implementation, the identifying indicia may be cryptographically signed.

Abstract: Generating a cryptographic key, for example using a received external key. A system to generate a cryptographic key may include a first data store which may store an authorization key. A system may include a second data store which may store a secure key and/or a public key. A system may include an access controller, which may allow access to a secure key, for example to an access request which may be accompanied by a digital signature. A system may include a key generator, which may generate a private key, for example using a received external key, a stored authorization key and/or a mapping function. A system may include an access request signal generator which may generate a digital signature and/or which may transmit an access request, for example including a generated digital signature, to an access controller to retrieve a secure key.

Abstract: The present invention provides a signature generation device and a signature verification device capable of countering a transcript attack that seeks a private key by analyzing a plurality of signed documents (pairs of a message and a signature) signed using the NTRUSign signature scheme. The signature generation device calculates a hash value vector H of message data, adds a vector based on a private distribution to the hash value vector H to calculate a converted hash value vector H?, and seeks, as a signature vector S, the closest lattice point to the converted hash value vector H? in a lattice defined by private key basis vectors. The signature verification device determines whether the distance between the hash value vector H of the message data and the signature vector S is equal to or less than L? and, if so, recognizes the message data as valid.

Abstract: An apparatus includes a processor and a storage medium. The processor is operable to collect device data associated with the apparatus and transmit at least some of the device data to a tag.

Abstract: An electronic data flash card includes a random number generator that generates a random number stored in the card and a host system each time the card is accessed by the host system. The random number is used by the host system to encrypt a logical branch address, a user password, and user data that is written to and stored in a secure area of the card. The random number is encrypted using a key associated with the card, and the encrypted random number is stored by the card with the associated encrypted data. The random number is not stored in the host system. A new random number is generated each time the card is queried. In a read process the host system decrypts the encrypted random number using the key, then uses the random number to decrypt the associated encrypted data. Access to read/write processes are password protected.

Abstract: A method for controlling distribution of digital content includes fragmenting a digital content file into fragments and tagging at least some of the fragments with corresponding tags to provide tagged fragments for distribution. The tags may be generated using a pseudo-random number (PRN) bit sequence. A digital rights license is generated for the digital content file based on the tags and/or fragments. The digital rights license is configured to allow reassembly of the tagged fragments to provide the digital content file. Later, the fragments may be re-tagged with corresponding second tags to provide second tagged fragments for distribution that are different from the first tagged fragments. Related systems and computer program products are also discussed.

Abstract: Peer-to-peer authentication may be accomplished by sending a digital certificate to a responder, receiving a randomized codeword in response to the sending, creating a secure fingerprint based at least in part on the digital certificate and randomized codeword, creating a first bit sequence based at least in part on a first portion of the secure fingerprint and a second portion of the randomized codeword and indicating the first digital certificate is authenticated based upon whether the first bit sequence matches a second bit sequence received from the responder via an out-of-band communication in response to the sending. The size of the first bit sequence is less than the size of the secure fingerprint. According to another aspect, the first bit sequence is compared with a rendering of the second bit sequence, using an out-of-band communication, by associating the first bit sequence with one or more indices into an array of representations.

Abstract: A system and method for authenticating the source of, protecting the contents of, and ensuring the integrity of information. The information may be any digital information which can be stored in a computer file. The information is encapsulated in a computer file which also includes the biometrically verified identity of the person who packaged the information. The contents of the computer file are encrypted, and a unique message digest value is generated and stored in a secure central database. The message digest value functions as the digital signature of the encrypted information, and is used to ensure the integrity of the information.

Abstract: The present invention proposes a solution to prevent a program flow in a processing unit from being modified with respect to an intended program flow, thereby ensuring that important steps such as verifying or authenticating are not bypassed. The invention is particularly aimed at security modules within receiver/decoders in a pay-TV system and involves performing a set of predetermined operations during the processing of entitlement management messages and/or entitlement control messages, said operations being redundant with respect to the normal processing of said messages while leading to the calculation of keys which can then be used to verify that the intended program flow has been respected.

Abstract: In a method for compatibility checking of a measuring system including a measurement transmitter and a sensor, a first signature is externally created for an identifying data set and is stored in the measurement transmitter. After transmission of the identifying data set from the measurement transmitter to the sensor, a second signature is calculated for the identifying data set in the sensor. If the signatures match, then the measurement transmitter and the sensor are compatible and the measurement transmitter can access data and/or functions of the sensor.

Abstract: A system, method, and apparatus for authenticating microparticle marks or marks including other three-dimensional objects. The authentication utilizes two or more sets of information captured or acquired for the mark in response to illumination of the mark by electromagnetic energy such as in the visible frequency range. These sets of information are then used to verify that the mark includes three-dimensional objects such as microparticles. The two or more sets of information about the mark preferably vary from each other in time, space/directionality, color, frequency or any combinations thereof, and can be captured or acquired as part of one, two, or more images of the microparticle mark.

Abstract: A system and/or method that facilitates the installation and/or authentication of a device by invoking installation protocols and/or authentication protocols for a non-physical connection. A physical interface component provides a physical connection between at least one wireless device and at least one network entity in which the installation protocols and/or authentication protocols can be exchanged. The physical interface component can utilize a token key to establish multiple non-physical connections with multiple wireless devices. Additionally, the physical interface component can utilize a daisy chain scheme to install and/or authenticate a wireless device.

Abstract: A document accessible over a network can be registered. A registered document, and the content contained therein, cannot be transmitted undetected over and off of the network. In one embodiment, the invention includes maintaining a plurality of stored signatures, each signature being associated with one of a plurality of registered documents, intercepting an object being transmitted over a network, calculating a set of signatures associated with the intercepted object, and comparing the set of signatures with the plurality of stored signatures. In one embodiment, the invention can further include detecting registered content from the registered document being contained in the intercepted object, if the comparison results in a match of at least one of the signatures in the set of signatures with one or more of the plurality of stored signatures.

Abstract: Generating a digital signature of an entire embedded code project is provided while maintaining certain exclusion areas so that a productivity application can incorporate application-specific information into the embedded code project without hampering the digital signature. A tree structure of data may be serialized into a data stream. The tree structure may include multiple branches and one or more elements identified as an exclusion area. A digital signature of the data stream may be created and included in a document associated with the tree structure.

Abstract: A method of issuing electronic vouchers (Vi) which a user (U) may submit to a merchant (M) in exchange for goods or services comprises the steps of: an issuer (I) receiving an electronic declaration (Di?1) from the user (U), the issuer verifying the electronic declaration (Di?1), and the issuer issuing a new electronic voucher (Vi) for use with the merchant (M) only if the electronic declaration comprises a signature (SM) of a merchant on a previous electronic voucher (Vi?1). The vouchers (Vi) and declarations (Di?1) are preferably blinded by the user such that the user remains anonymous. However, the electronic vouchers (Vi) may contain the identity (Q) of the user (U), which identity may be revealed when a voucher is submitted more than once.

Abstract: Described are computer-based methods and apparatuses, including computer program products, for scalable filtering and policing mechanism for protecting user traffic in a network. A data packet is filtered by a multi-tiered filtering and transmission system. Data packets matching the first tier filter are discarded. Data packets matching the second tier filter are transmitted to an output module based on a criterion. Data packets in the third tier filter are hashed into bins and data packets matching an entry in the bin are transmitted to the output module based on a criterion for the bin. Data packets in the fourth tier transmission system are transmitted to the output module based on a criterion. Data packets that do not meet the criterion for transmission to the output module are transmitted to an attack identification module which analyzes the data packets to identify attacks.

Abstract: Exemplary embodiments provide methods and systems of authenticating an integrated circuit (IC). The manufacturing location of an IC is authenticated by storing in the IC a local signature derived from a GPS signal that was received at the manufacturing location at the time of manufacture. A remote signature is derived from a GPS signal that was received at a remote site nearly simultaneously as the reception of the GPS signal at the manufacturing location. The local signature is compared to the remote signature at an authentication site to determine the authenticity of the IC.

Abstract: To establish trust between first and second entities, the first entity sends an attestation message to the second entity, including a code ID, relevant data, a digital signature based on the code ID and data, and a certificate chain. The second entity verifies the signature and decides whether to in fact enter into a trust-based relationship with the first entity based on the code ID and the data in the attestation message. Upon so deciding, the second entity sends a trust message to the first entity, including a secret to be shared between the first and second entities. The first entity obtains the shared secret in the trust message and employs the shared secret to exchange information with the second entity.

Abstract: A system and method for registering entities for code signing services. The entities may be software application developers or other individuals or entities that wish to have applications digitally signed. Signing of the applications may be required in order to enable the applications to access sensitive APIs and associated resources of a computing device when the applications are executed on the computing device. In one embodiment, a method of registering entities for code signing services will comprise the step of transmitting at least some account data to the registering individual or entity using an out-of-band communication system. This provides added security that the individual or entity registering for a code signing service is who that individual or entity purports to be.

Abstract: One aspect of the invention is a method for generating a certified electronic document that includes receiving identification information associated with a signatory user from a computer. From the same computer, identification information associated with a notary user is also received. At least one electronic document that requires certification is identified on a display. A first user command is received from the computer identifying the assent of the signatory user to the execution of the at least one electronic document. A second user command is received from the computer identifying the assent of the notary user to the certification of the at least one electronic document. Official indicia associated with the notary user is applied to the at least one electronic document to create at least one certified document.

Abstract: Methods, apparatus, and articles of manufacture for media monitoring are disclosed. In particular, the example methods, apparatus, and articles of manufacture generate digital spectral signatures for use in identifying media information. Initially, a frame of media samples is obtained. A first frequency component having a first spectral power and a second frequency component having a second spectral power are identified by performing a spectral transform operation on the frame of media samples. A descriptor of the first frame of media samples is determined based on a comparison of the first spectral power and the second spectral power. A first signature is then generated based on the descriptor.

Abstract: A system, method and computer program product for guaranteeing a data transaction over a network are disclosed. When a data transaction between at least a server and a client is detected on a network, data transmitted via the network between the server and client during the data transaction is captured. At least one identifier is associated with the captured data. A timestamp is also generated for the captured data. The timestamp includes information therein identifying at least a portion of the identifier(s). The captured data, the identifier(s) and the timestamp are stored in one or more data stores. The identifier(s) associated with the stored captured data is also mapped to an entry in an index to permit retrieval of the stored data from the data store via the index.

Abstract: Digitally signing data for multiple encodings is disclosed. A first signature of the data is generated. A second signature of a second encoding of the data is generated. The first signature and the second signature are associated with the signed data.

Abstract: A method for copy protecting a record carrier is disclosed, in which method the copy protected record carriers are provided with a pattern of logical errors which cannot be corrected by the error correcting rules predefined for said record carrier. The pattern of logical errors represents access control information. The logical errors are generated during decoding the bit sequence read from the record carrier. Bit errors may be positioned in the bit sequence so as to counteract de-interleaving which is part of an error decoding process in a reading device and accumulate in error words which are uncorrectable. Also a method for detecting access control information and a retrieval arrangement are disclosed, which retrieval arrangement serves to detect the access control information by selecting at least one error location, but not all error locations on the record carrier, and verifying the presence of an error by reading the selected error location via the reading means.

Abstract: A robust technique to prevent illicit copying of video information notwithstanding the use of image scaling. A watermark is embedded into the video signal (e.g., DVD's content or other video sources) at different scales (i.e., sizes). The watermark is maintained at each scale for a predetermined time duration that is sufficient to allow the detector circuit in a DVD-recorder, DVHS recorder, DVCR, or any other digital format recorder to detect, extract, and process information contained in the watermark. At the end of the predetermined time duration, the watermark is changed to a different scale preferably on a pseudo-random basis to ensure that each one of all the scales in a predetermined scaling range is achieved a predetermined number of times.

Abstract: Run-as credentials delegation using identity assertion is presented. A server receives a request from a client that includes the client's user identifier and password. The server authenticates the client and stores the client's user identifier without the corresponding password in a client credential storage area. The server determines if a run-as command is specified to communicate with a downstream server. If a run-as command is specified, the server retrieves a corresponding run-as identity which identifies whether a client credential type, a server credential type, or a specific identifier credential type should be used in the run-as command. The server retrieves an identified credential corresponding to the identified credential type, and sends the identified credential in an identity assertion token to a downstream server.

Abstract: JSON (JavaScript Object Notation) message integrity is provided using a digital signature scheme. The digital signature scheme implements a set of processing rules for creating and representing digital signatures using a JSON signature syntax. The syntax preferably comprises a set of named elements, including a reference element, a signature information element, and a signature element. In one embodiment, a machine-implemented method for signing a JSON message begins by constructing a reference element for each data object in the JSON message to be signed. The data object is identified by a reference identifier. The reference element includes the reference identifier, a pointer (such as a URI) to a digest method, and a digest generated by applying the digest method to the data object or a given function of the data object. Then, a signature information element is constructed for one or more of the reference elements corresponding to the one or more data objects in the message that are being signed.

Abstract: Embodiments of methods and apparatus for providing an access profile system associated with a broadband wireless access network are generally described herein. Other embodiments may be described and claimed.

Abstract: A self-authenticating printed document (101) comprises text and a symbol (102) printed on the document (101). The symbol (102) includes a verification value, which is representative of the entire data content of the text, and error correction codes for correcting the text. The verification value is used to check the integrity of the text after the document has been corrected using the error correction codes.

Abstract: A system and method for generating a non-repudiatable record of a communications data stream is provided, which is applicable to real-time and quasi-real-time data streams. A binary communication data stream is captured and segmented into defined frames. A key frame is generated for each of a number of data frames containing integrity and authentication information. The key frame is inserted into the data stream to provide an authenticated data stream.

Abstract: Systems and methods of providing a desktop framework. The desktop framework may include an application framework component that includes a set of core libraries that provide desktop applications access to data and services, a download component that maintains versions of the desktop applications and core libraries installed on a computer, and a license component that tracks data use and access. The application framework exposes APIs to provide the desktop applications with access to the data and services. The application framework serves as a platform upon which the desktop applications share common data and logic.

Abstract: Methods and systems for random data access for security applications are disclosed and may comprise generating on a chip, a random process index. A data process may be randomly selected on the chip utilizing the generated random process index. A time interval may be randomly allocated on the chip. After the time interval, the randomly selected data process may initiate processing of data. The processing of the data may comprise accessing the data and/or acquiring the data. The data may be verified by the selected data process prior to the processing of the data. The data may be verified utilizing a digital signature verification algorithm, for example.

Abstract: Method of detecting an unauthorized exchange of components in the case of a technical system, where the control unit (1) sends an encoded message (3) to a component (2) to be checked, in a data field of the message (3) a randomly generated or not easily reproducible value (5, 6) being entered, which is used for checking the installed component (2). The component (2) accesses an assignment field (8) and, as a result, assigns an identification (9) to each not easily reproducible or random value (5, 6) transmitted together with the message (3), and the component (2) transmits the identification corresponding to the value (5, 6) back to the control unit (1). The control unit (1) decides on the basis of the identification (9) whether the component (2) is that the component (2) which is authorized for use in the particular technical system.

Abstract: An executing device conducts playback of contents. The executing device is equipped with a highly efficient processor and reduces the processing load involved in verification by using, for the verification, only a predetermined number of encrypted units selected randomly from multiple encrypted units constituting encrypted contents recorded on a DVD. In addition, the executing device is capable of improving the accuracy of detecting unauthorized contents by randomly selecting a predetermined number of encrypted units every time the verification is performed.