Abstract: The present invention relates to methods for protecting a data signal using the following techniques: applying a data reduction technique to reduce the data signal into a reduced data signal; subtracting the reduced data signal from the data signal to produce a remainder signal; embedding a first watermark into the reduced data signal to produce a watermarked, reduced data signal; and adding the watermarked, reduced data signal to the remainder signal to produce an output signal. A second watermark may be embedded into the remainder signal before the final addition step. Further, cryptographic techniques may be used to encrypt the reduced data signals and to encrypt the remainder signals before the final addition step.

Abstract: A secure instant messaging system integrates secure text instant messaging and secure file transfers into existing instant messaging systems. At least one certificate authority (CA) is provided that issues a security certificate to a user that binds the user's instant messaging screen name to a public key which is used by other users to encrypt messages and files sent to the user and by the user to decrypt the received messages and files. A subscriber database is used by the CA to keep track of valid users and their associated information, such as: user screen names, user subscription expiration dates, and enrollment agent information. A user sends his certificate to the invention's instant messaging server which publishes the user's certificate to other users by creating a hash value of the user's certificate and sending it to the other users which allows the recipients to decide if they need to update their caches with a new copy of the user's certificate.

Abstract: An image reading system is disclosed that has an image information reading unit for reading optical information on a manuscript, and an image outputting unit for outputting the optical information read by the image information reading unit to a recording medium. The system includes an IC tag information reading unit for reading IC tag information held by an IC tag provided on the manuscript, an IC tag information outputting unit for outputting the IC tag information read by the IC tag information reading unit to the recording medium, a conversion unit for converting the IC tag information into coded image data, and a control unit for controlling outputting of the coded image data.

Abstract: A system for storing information having a predetermined use which requires the information to be secured. The information may comprise credit card details used to complete a transaction. The system includes: (a) A client system for storing an encoded version of the information and an identifier. The encoded version is generated from first data of the information and an encoded version of the second data of the information. The information can be generated from the first data and the second data, and the predetermined use is infeasible with only one of the first data and the second data. (b) A remote server for storing the second data and an encoded identifier generated from the identifier. The client system sends at least the encoded version of the second data to the remote server. The client system or the remote server is able to generate the information from the first data and the second data.

Abstract: According to respective embodiments of the present invention, it is possible to verify a security environment of an digital signature and assure validity of the digital signature. For example, in the case of generating the digital signature, the assertion for asserting a key management system and a user authentication system is generated, the conversion processing is applied to both of the digital signature and the assertion, and the acquired digital signature, assertion, and conversion value are outputted. Therefore, it is possible to verify validity of the assertion on the basis of the conversion value and verify the security environment of the digital signature on the basis of the key management system and the user authentication system included in the assertion. Accordingly, the validity of the digital signature can be assured.

Abstract: Methods of providing a private placement document to a potential investor in a private placement. The methods may comprise the step of generating the private placement document in an encrypted electronic format. The private placement document may include a unique identifier. The methods may also comprise the steps of providing the private placement document to the potential investor, and recording the unique identifier.

Abstract: A process is disclosed for notarizing document, by a client in the presence of a notary, comprising the steps of registering the notary, the client and the document, from a local workstation coupled to a central office, to provide for assigning at least one respective encryption key for identifying each of the notary, the client and the document to be notarized; associating in the central office, the respective encryption keys of the client with the notary and with the document; generating a transaction code, based on the step of associating the respective encryption keys, for authorizing execution of the document to provide the notarizing; executing the document; and embedding selected ones of the respective encryption keys together with a notary seal in the document.

Abstract: A method of providing a security document is provided in which a computer system generates a digital signature of at least part of an identity associated with the security document, generates a plurality of coded data tags to each encode data on the identity and a respective part of the digital signature, and prints, with a printer networked therewith, the security document with the tags tiled thereacross. The tags are generated and printed so that interaction with only one of the tags to detect the identity and respective signature part encoded thereby allows authentication of the entire digital signature.

Abstract: A method and apparatus for determining the distance between transitions from a first logical state to a second logical state stored on a medium (i.e., a document). This determination is used to precisely characterize the information pattern in order to authenticate the information and the medium on which the information is stored. The invention uses a reader having a leading and trailing read apparatus which allow information to be read simultaneously from two or more locations spaced a known distance apart. The distance between the centerlines of each read apparatus is preferably an odd integer multiple of one half the distance between logical clock transitions. The distance between a first transition at the leading read apparatus and a next transition at the trailing read apparatus is used as a reference (i.e., the “Reference Value”). The Reference Value is compared with the distance between the first transition and the next transition on the medium (i.e., the “Jitter Value”).

Abstract: The present invention is directed to a system for providing a trusted environment for untrusted computing systems. The system may include a HAC subsystem managing shared resources and a trusted bus switch for controlling a COTS processor to access the shared resources. The shared resources such as memory and several I/O resources reside on the trusted side of the trusted bus switch. Alternatively, the system may include a SCM as an add-on module to an untrusted host environment. Only authenticated applications including COTS OS execute on the SCM while untrusted applications execute on the untrusted host environment. The SCM may control secure resource access from the untrusted host through a plug-in module interface. All secure resources may be maintained on the trusted side of the plug-in module interface.

Abstract: Tamper detection of audit records comprises configuring a proxy for adding tamper evidence information to audit information by obtaining audit records from at least one audit record generating source, grouping obtained audit records into subsets of audit records and providing tamper evidence processing to the subsets utilizing a cryptographic mechanism to calculate a signature over each subset of audit records. The proxy groups the subsets such that each subset contains at least one designated carryover audit record that overlaps into a next subset so that each carryover audit record is associated with at least two signatures. As such, the proxy creates an overlapping chain of digitally signed audit records subsets. The proxy further forwards the tamper evident audit records from the tamper evidence adding proxy to a corresponding audit log storage subsystem for storage, storing the calculated signatures.

Abstract: Computation environments are protected from bogus or rogue load modules, executables, and other data elements through use of digital signatures, seals, and certificates issued by a verifying authority. A verifying authority—which may be a trusted independent third party—tests the load modules and/or other items to verify that their corresponding specifications are accurate and complete, and then digitally signs them based on a tamper resistance work factor classification. Secure computation environments with different tamper resistance work factors use different digital signature authentication techniques (e.g., different signature algorithms and/or signature verification keys), allowing one tamper resistance work factor environment to protect itself against load modules from another tamper resistance work factor environment. The verifying authority can provide an application intended for insecure environments with a credential having multiple elements covering different parts of the application.

Abstract: Method and system for verifying the authenticity and integrity of files transmitted through a computer network. Authentication information is encoded in the filename of the file. In a preferred embodiment, authentication information is provided by computing a hash value of the file, computing a digital signature of the hash value using a private key, and encoding the digital signature in the filename of the file at a predetermined position or using delimiters, to create a signed filename. Upon reception of a file, the encoded digital signature is extracted from the signed filename. Then, the encoded hash value of the file is recovered using a public key and extracted digital signature, and compared with the hash value computed on the file. If the decoded and computed hash values are identical, the received file is processed as authentic.

Abstract: In accordance with an embodiment of the invention, a method of writing and reading redundant data is provided. Data is written by storing a copy of the data along with a timestamp and a signature at each of a set of storage devices. The data is read by retrieving the copy of the data, the timestamp and the signature from each of a plurality of the set of data storage devices. One of the copies of the data is selected to be provided to a requestor of the data. Each of the storage devices of the set is requested to certify the selected copy of the data. Provided that a proof of certification of the selected copy of the data is valid, the storage devices of the set are instructed to store the selected copy of the data along with a new timestamp.

Abstract: Software intrusion is proactively detected using a dynamically evolving audit log wherein log entries are generated in the audit log and key values are evolved based upon a one-way function depending on both the previous log entry and the previous key. The audit log with the generated log entries and the final key value is transmitted to a clearinghouse that detects software intrusion by analyzing these values. In an effort to reduce the size of the log to be transmitted, the log entries are assigned identical values, thereby only needing to transmit one log entry and the last key value to the clearinghouse.

Abstract: A method and apparatus are provided for identification/authentication of file transfers, that limits the attackers window of opportunity and that aims at incurring a minimum of overhead on the information processing between a client (CL) and a server (SV). According to a preferred embodiment of the invention hash functions (H1-H4) are involved at the server side and the client side. The client and server share a common secret value (S).

Abstract: A system and method are disclosed for rendering published documents tamper evident. Embodiments render classes of documents tamper evident with cryptographic level security or detect tampering, where such security was previously unavailable, for example, documents printed using common printers without special paper or ink. Embodiments enable proving the date of document content without the need for expensive third party archival, including documents held, since their creation, entirely in secrecy or in untrustworthy environments, such as on easily-altered, publicly-accessible internet sites. Embodiments can extend, by many years, the useful life of currently-trusted integrity verification algorithms, such as hash functions, even when applied to binary executable files. Embodiments can efficiently identify whether multiple document versions are substantially similar, even if they are not identical, thus potentially reducing storage space requirements.

Abstract: A method, programmed medium and system are provided for enabling a user to choose a user-preferred encryption type from among a plurality of encryption types listed in a user's Kerberos configuration file. During the ticket granting process in a Kerberos system, a user is requested to select a preferred encryption type to be used in the Kerberos communication from among encryption types contained in the user's Kerberos configuration file. The user-selected encryption type is then implemented for use in encrypting a session ticket (as well as generating the session key of user requested encryption type) for use by the user machine in communicating securely with an Kerberized application server when being communicated by that particular user. Thus, the system allows different users to simultaneously communicate with the same Kerberized application server using a supported encryption type of the user's own choice.

Abstract: A system for storing information having a predetermined use which requires the information to be secured. The information may comprise credit card details used to complete a transaction. The system includes: (a) A client system for storing an encoded version of the information and an identifier. The encoded version is generated from first data of the information and an encoded version of the second data of the information. The information can be generated from the first data and the second data, and the predetermined use is infeasible with only one of the first data and the second data, (b) A remote server for storing the second data and an encoded identifier generated from the identifier. The client system sends at least the encoded version of the second data to the remote server. The client system or the remote server is able to generate the information from the first data and the second data.

Abstract: A server is configured for preventing flood attacks by a client having sent a request, by dynamically generating a challenge to be performed by the client before the server will perform any work for the client. The challenge includes a dynamically generated computational request and a dynamically generated secure cookie. The server generates a first hash result based on hashing a first random number, having a prescribed length, with a second random number having a dynamically selected length. A secure cookie is generated based on hashing the first hash result with a prescribed secure key known only by the server, and a unique identifier for the request such as the client network address with a time stamp. The challenge requires the client to determine the second random number based on the first random number and the hash result. The server validates the challenge results using the secure cookie.

Abstract: Computation environments are protected from bogus or rogue load modules, executables, and other data elements through use of digital signatures, seals, and certificates issued by a verifying authority. A verifying authority—which may be a trusted independent third party—tests the load modules and/or other items to verify that their corresponding specifications are accurate and complete, and then digitally signs them based on a tamper resistance work factor classification. Secure computation environments with different tamper resistance work factors use different digital signature authentication techniques (e.g., different signature algorithms and/or signature verification keys), allowing one tamper resistance work factor environment to protect itself against load modules from another tamper resistance work factor environment. The verifying authority can provide an application intended for insecure environments with a credential having multiple elements covering different parts of the application.

Abstract: One or more content providers push data related to: movies, movie products, digital movie content over a network (e.g., a LAN, a WAN, the Internet, or a wireless network) onto an information filling station which, in turn, wirelessly transacts (over a network based on the 802.11b protocol) and transmits any requested data to a portable computer-based device (e.g., laptop, a pen-based computer device, a PDA, a wireless phone, or a pager). The portable device performs financial transactions for: purchasing movie tickets (directly or via auctions), downloading digital entertainment content of interest (e.g., copy of a movie of interest, copy of a movie identified based on a pre-stored profile, copy of soundtrack of a movie of interest), or movie related products. Any purchased digital content is either transferred wirelessly onto the portable device or, optionally, sent on a storage medium to a physical address associated with the profile.

Abstract: A system for loading digital watermarks automatically includes an application server (4). The application server includes a main controller. The main controller includes: a document fetching module (401) configured for fetching a document to be printed, and for accessing a document DRM header of the document fetched; a watermark downloading module (402) configured for downloading a digital watermark corresponding to the document; and an integrating module (403) configured for transforming the document into a graphical file and integrating the graphical file with the downloaded digital watermark. A related method is also disclosed.

Abstract: An information processing apparatus has an authentication/key exchange unit, a round trip time measuring unit, a common key transmitter, a contents key transmitter and a contents transmitter. The round trip time measuring unit sends a round trip time measuring request generated to the communication apparatus through the first communication connection to measure the round trip time, and check whether the measured round trip time is within a predetermined time and whether a transmitting source of the round trip request response is the communication apparatus sharing the first key. The common key transmitter encrypts a second key used for contents transmission by using the first key and transmits the encrypted second key through the first communication connection when the round trip time measuring unit succeeds in the checking.

Abstract: A method of managing content, and in particular, managing content on the Internet retrieves a web page that includes an image and detects whether the image included within the web page is embedded with a digital watermark. It generates an indicia associated with an image included in the web page that is embedded with a digital watermark. The indicia indicate to the user which images include watermarks. The watermarks may be used to convey links to related web pages or specific information about the images, such as usage rights and licensing information. Variations of this method create image bookmarks to web pages including images using thumbnails of those images. A content management system comprises a first program for retrieving web pages including images. It also includes a second program for extracting an image from a web page, creating a thumbnail of the image, and forming an image bookmark linking the thumbnail to the web page that the image has been extracted from.

Abstract: Methods of providing a private placement document to a potential investor in a private placement. The methods may comprise the step of generating the private placement document in an encrypted electronic format. The private placement document may include a unique identifier. The methods may also comprise the steps of providing the private placement document to the potential investor, and recording the unique identifier.

Abstract: Techniques are disclosed to enable utilization of randomly-occurring features of a label (whether embedded or naturally inherent) to provide counterfeit-resistant and/or tamper-resistant labels. More specifically, labels including randomly-occurring features are scanned to determine the labels' features. The information from the scan is utilized to provide identifying indicia which uniquely identifies each label and may be later verified against the label features that are present to determine whether the label is genuine. In a described implementation, the identifying indicia may be cryptographically signed.

Abstract: An information processing apparatus according to the present application includes a first application allowed to access the IC chip, including an IC chip in which predetermined data is recorded, an IC chip reading unit that reads the data recorded in the IC chip, and a signature data generation unit that generates signature data by performing encryption processing on the recorded data read by the IC chip reading unit and a second application not allowed to access the IC chip, including a server access unit that requests acquisition of content from an information providing server by receiving the signature data and the recorded data from the first application and transmitting the signature data and the recorded data to the information providing server that provides predetermined content.

Abstract: Software, and a master system with hardware and connections, for validated drug clinical studies includes: creating data collection documents with unique identifiers; having operators complete security identification verification before proceeding; having secured operators fill out and sign specified data collection documents; creating permanent records of the preceding; tracking by unique identifiers in a local system; uploading to a central system; independently reviewing filled out signed data collection documents to accept or require clarifications; keeping permanent read only records of all originally filled out and signed documents; making document clarification requests; reviewing each response; assigning new unique identifier links to each version of every revision; iteratively repeating the above until the documents are clean, and storing and tracking every version of every document in the central system; providing a monitor query and document entry history of all changes to all documents to create a

Abstract: A process is disclosed for notarizing a document, by a client in the presence of a notary, comprising the steps of registering the notary, the client and the document, from a local workstation coupled to a central office, to provide for assigning at least one respective encryption key for identifying each of the notary, the client and the document to be notarized; associating in the central office, the respective encryption keys of the client with the notary and with the; generating a transaction code, based on the step of associating the respective encryption keys, for authorizing execution of the to provide the notarizing; executing the; and embedding selected ones of the respective encryption keys together with a notary seal in the document.

Abstract: A sewer provides a message from a sender to a recipient and an attachment including the sender's identity, the recipient's identity and address, and the time of transmission from the sewer to the recipient. The method includes receiving the message and attachment at a sewer displaced from the recipient's location from the recipient and operates upon the message and attachment to allow comparison between information contained in the attachment and/or the message to determine the authenticity of the message.

Abstract: An electronic data storage system stores electronic data with attaching an electronic signature, and output the electronic data along with the attached electronic signature, which decreases the operation costs with a simple operation. By using a public key-based signature, a third party can verify the data, and by using a secret check code, the electronic signature at registration is always valid without risk of falsification. Also by attaching an electronic signature at access, the validity of the stored data is assured, and a third party can verify the data. By using all of these features, the verification by a third party becomes possible over the long term. In this way the long term storage of electronic data is implemented.

Abstract: A tag device causes a second calculator to read a confidential value from a confidential value memory and to apply a second function F2 which disturbs a relationship between elements of a definition domain and a mapping thereof to generate tag output information. The tag device delivers the tag output information to a backend apparatus. Subsequently, a first calculator reads out at least part of elements of the confidential value from the confidential value memory, and applies a first function F1, an inverse image of which is difficult to obtain, and a result of such calculation is used to update a confidential value in the confidential value memory by overwriting.

Abstract: A digital signature is applied to digital data in real-time. The digital signature serves as a mark of authenticity assuring a recipient that the digital data did in fact originate from an indicated source. The digital signature may be applied to any digital data, including video signals, audio signals, electronic commerce information, data pertaining to land vehicles, marine vessels, aircraft, or any other data that can be transmitted and received in digital form.

Abstract: Systems and methods and computer programs for verifying the authenticity and integrity of hyperlink addresses and files that are accessible by means of these hyperlink addresses. A system and a method are disclosed for authenticating a file such as an HTML document hyperlinked to a graphic object such as a digital image or to a graphic icon. The hyperlink network address (e.g., the URL of the hyperlink on the Internet) is encoded on a first portion of the graphic object. Checking information such as a MAC digital signature and the hyperlinked file are encoded into a second portion of the same graphic object. In accordance with another aspect of the invention, a system and a method are disclosed for verifying the authenticity and integrity of a hyperlink and a file when this hyperlink is activated.

Abstract: A method and apparatus identifying an item by attaching a radio frequency identification device to the item; obtaining encryption information; generating an encrypted code from the encryption information by a programmer; inserting the encrypted code into the radio frequency identification device by the programmer whereas the encrypted code may be one of a plurality of encrypted codes; attempting to access the radio frequency identification device by a security reader by transmission of another encrypted code to the radio frequency identification device; and responding with a correct access signal by the radio frequency identification device in response to receipt of the other encrypted code if the other encrypted code is same as the inserted encrypted code.

Abstract: A method and system for surreptitiously detecting and analyzing sites suspected of transferring steganographic communications, is accomplished by analyzing a targeted site for steganographic communications via a server that directs a plurality of clients to analyze the targeted site. The clients are dispatched according to the objectives of the server and the data retrieved by previous clients, which have been directed to scan the site. The client's data is aggregated and analyzed to determine if a steganographic communication is present.

Abstract: Cryptographic systems and methods are provided in which authentication operations, digital signature operations, and encryption operations may be performed. Authentication operations may be performed using authentication information. The authentication information may be constructed using a symmetric authentication key or a public/private pair of authentication keys. Users may digitally sign data using private signing keys. Corresponding public signing keys may be used to verify user signatures. Identity-based-encryption (IBE) arrangements may be used for encrypting messages using the identity of a recipient. IBE-encrypted messages may be decrypted using appropriate IBE private keys. A smart card, universal serial bus key, or other security device having a tamper-proof enclosure may use the authentication information to obtain secret key information. Information such as IBE private key information, private signature key information, and authentication information may be stored in the tamper-proof enclosure.

Abstract: A system for remote electronic verification and authentication and screening of potential signatories for remote electronic notary transactions via remote pc encrypted platform to a broadband digitally or WIFI cellular/PDA device or portable pc device. The system implements the following electronic components, but not limited to, electronic signature device, digital certificates, electronic document, electronic biometric devices, electronic audio/visual software/hardware, and electronic payment systems and devices, all electronically synchronized to afford capable notary publics in executing remote electronic notary transactions via a satellite kiosk network or on-line virtual kiosk application.

Abstract: A digital watermark in a data file occurs at multiple locations within the file. The location of each digital watermark, other than a first digital watermark, is specified by a previous digital watermark, or by other auxiliary information in a same logical block as a previous digital watermark.

Abstract: A method for automatically linking an anonymous electronic trade order having an order quantity (q) to an identity of a trader by providing an identity marker (s) of the trader; embedding the identity marker (s) by splitting the anonymous trade order into a number (n) of trade orders each having a corresponding order quantity x (i) to generate a trade order set; and placing the generated trade order set in an electronic order book.

Abstract: An apparatus for recording additional information hard to analyze in an information recording medium, a reproducer, a recording medium, a method, and a computer program for the same are provided. Bit values set at a plurality of DC control bit information setting positions set in a recording frame are decided based on constituent bit information of additional data, and additional data such as key information used for decoding contents is recorded in the information recording medium. In the reproducer, the additional data constituent bit information can be acquired by detecting the bit position set at a selected DC control bit storage position in the additional data-associated recording frame. With the configuration, it is possible to embed additional information such as key information used for decoding contents, key production information, contents reproduction control information, and copying control information with a format hard to analyze and also to accurately read out for data reproduction.

Abstract: A system for providing security to a portable storage device coupleable to a host system and associated methods are disclosed. The system includes a portable storage device random number generator operable to generate a random number for storage in the portable storage device and the host system each time the portable storage device is accessed by the host system. A random number generated in this manner may be used by the host system in a write process to encrypt a logical branch address, a user password, and user data which may be written to the portable storage device as encrypted data and stored in a secure area of the portable storage device. The write process may further include encrypting the random number using a key associated with the portable storage device to generate an encrypted random number, which may be written to the portable storage device and associated with the encrypted data. The random number is not stored in the host system.

Abstract: A system and method for authentication of JPEG image data enables the recipient to ascertain whether the received image file originated from a known identified source or whether the contents of the file have been altered in some fashion prior to receipt. A unique hashing function is derived from a first section of image data contained in the JPEG compressed image in such a way that any changes subsequently made to the first section of image data is reflected in a different hashing function being derived from a signature string is then embedded into a next section of the image data. Since the embedding of a previous section's integrity checking number is done without modifying the JPEG bit stream, any JPEG decoder can thereafter properly decode the image.

Abstract: A method for automatic validation of a computer program can access a secure memory and a non-secure memory, the program using at least one coding function and at least one de-coding function. The method includes a verification step (E340) during which verification occurs to ensure that each function which is adapted in order to read data from the secure memory and to produce data in the non-secure memory is a coding function and that all data produced by the coding function is stored in the secure memory.

Abstract: Illustrative embodiments provide a computer-implemented method for indicating a change in a service offering. The computer-implemented method generates a token representative of a state of the service offering, and determines whether the service offering has been modified to form a modified service. Responsive to a determination that the service offering has been modified, generates a token representative of the state of the modified service, and determines whether the service offering has been restarted to form a restarted service. Responsive to a determination that the offered service has been restarted, generates a token representative of the state of the restarted service, and provides the token to a requester.

Abstract: A digital forensic search tool which enables a first entity, such as a federal investigation agency, to share its suspect and sensitive data with a second entity, such as another investigative agency, in a manner that allows the second agency to utilize the suspect data while not revealing the actual content of the sensitive data to the second agency. The second agency can perform comparisons and other operations on the sensitive data without having to know the actual content of the data. The search tool allows an investigative agency to define an investigative strategy for a particular case via the search markup language programs and by the data features that it includes in the search tool. Thus, by sharing search tools among agencies, an agency can share or inform others of that agency's theory of the case and investigative goal.

Abstract: In one embodiment, the method of processing telephony sessions includes: communicating with an application server using an application layer protocol; processing telephony instructions with a call router; and creating call router resources accessible through a call router Application Programming Interface (API). In another embodiment, the system for processing telephony sessions includes: a call router, a URI for an application server, a telephony instruction executed by the call router, and a call router API resource.

Abstract: Accumulated proof-of-work approaches for protecting network resources against denial-of-service attacks are disclosed. A client computer or other requester is required to perform work, such as repeatedly hashing a message until a specified number of bits is zero, as a condition for accessing a resource. Proof of the work performed by a legitimate requester is accumulated across multiple requests, so that established users of a resource are not penalized when proof-of-work is used to prevent a denial of service attack. Requesters who cannot show accumulated work greater than a specified threshold are required to perform additional work. In certain embodiments, work may be accumulated only within a specified time window, and the threshold may vary according to resource capacity or loading. Proof-of-work values may be communicated between the user and the resource in cookies.

Abstract: A method and system for sharing data and interrogating data include establishing a level of trust between mutually mistrusting entities so that data may be shared therebetween based on the level of trust. The method and system include interrogating data provided from one of the entities to the other entity without the receiving entity having complete access to the data associated therewith.