Abstract: Representing a number of assets on an originating computer begins with selecting the assets to be represented. Cryptographic hash asset identifiers are generated; each of the asset identifiers is computed using the contents of a particular asset. The asset identifier is a content-based or content-addressable asset name for the asset and is location independent. An asset list is generated that includes the asset identifiers computed from the assets. A cryptographic hash asset list identifier is generated that is computed from the asset list. The asset list identifier is stored for later retrieval. The assets selected are also stored for safekeeping either locally or on a computer network. In the event of loss of the files from the originating computer, the asset list identifier is retrieved. Using the asset list identifier, the original asset list is found and retrieved from its safe location.

Abstract: The present invention provides an apparatus and method for performing cryptographic operations on a plurality of message blocks within a processor to generate a message digest. In one embodiment, the apparatus has an x86-compatible microprocessor that includes translation logic and execution logic. The translation logic receives a single, atomic cryptographic instruction from a source therefrom, where the single, atomic cryptographic instruction prescribes generation of the message digest according to one of the cryptographic operations. The translation logic also translates the single, atomic cryptographic instruction into a sequence of micro instructions specifying sub-operations required to accomplish generation of the message digest according to the one of the cryptographic operations. The execution logic is operatively coupled to the translation logic. The execution logic receives the sequence of micro instructions, and performs the sub-operations to generate the message digest.

Abstract: An x86-compatible microprocessor that executes an application program fetched from memory, including a single, atomic hash instruction directing the x86-compatible microprocessor to perform the hash operation. The single, atomic hash instruction has an opcode field and a repeat prefix field. The opcode field prescribes that the x86-compatible microprocessor accomplish the hash operation. The repeat prefix field is coupled to the opcode field and indicates that the hash operation prescribed by the single, atomic hash instruction is to be accomplished on one or more message blocks. The x86-compatible microprocessor has a hash unit that is configured to execute a plurality of hash computations on each of the one or more message blocks to generate a corresponding intermediate hash value, where a last intermediate hash value that is computed for a last message block after processing all previous message blocks includes a message digest corresponding to the one or more message blocks.

Abstract: Embodiments of methods and apparatus for providing an insertion and integrity protection system associated with a wireless communication platform are generally described herein. Other embodiments may be described and claimed.

Abstract: A security printing method includes generating a security file having a plurality of metadata fields and an information field concatenated together in an initial sequence. A security file identification is generated from the plurality of metadata fields and the information field. The security file identification corresponds to the initial sequence and is a one-way function of the plurality of metadata fields and the information field. The method further includes selecting a custom scrambling technique based on the security file identification, and scrambling the initial sequence using the selected custom scrambling technique, thereby creating a scrambled sequence of the plurality of metadata field and the information field.

Abstract: A server component includes a network interface and an analysis component. The server component is at least partially implemented by an operative set of processor executable instructions configured for execution by at least one processor. The network interface is in operative communication with a network and is configured to communicate with at least two nodes of different node types. The network interface is also in operative communication with a local RFID tag attached to a corresponding module. A node of the at least two nodes is a printer-based node associated with a printing machine. The analysis component is configured to utilize the network interface to communicate with the node associated with the printing machine such that the analysis component is in operative communication with the local RFID tag attached to the corresponding module.

Abstract: The present invention relates to a device for detecting a manipulation of an information signal, having an extractor for extracting an information signal component characteristic for the information signal from the information signal, an encryptor for encrypting the information signal component to obtain an encrypted signal, and a comparator for comparing the encrypted signal to a reference signal, wherein the reference signal is an encrypted representation of a non-manipulated reference signal component of a reference information signal to detect the manipulation.

Abstract: The present invention provides an information processing device, an authentication system, etc. that save a server the trouble of updating a database, etc., even when a software module in a client device is updated, and that are capable of verifying whether software modules that have been started in the client device are valid. The terminal device A100 holds private keys 1 and 2, and performs authentication processing with the terminal device B101 using the private key 2. The private key 1 has been encrypted such that the private key 1 is decryptable only when secure boot is completed. The private key 2 has been encrypted such that the private key 2 is decryptable using the private key 1 only when the application module X that has been started is valid. When the authentication processing is successful, the terminal device B101 verifies that the terminal device A100 has completed secure boot and the application module X that has been started in the terminal device A100 is valid.

Abstract: A unique system and method that facilitates visually identifying authentic UI objects, bundles, or windows is provided. A detection component can detect when user-based input has activated a verification mode with respect to one or more trusted UI objects rendered on-screen. A verification component can verify at least one of a source and identity associated with one or more UI objects in order to ensure the integrity related therewith. A verification rendering engine can re-render the one or more trusted UI objects in a manner that is based at least upon whether the one or more trusted UI objects are verified, thus improving visual recognition of verified trusted UI objects over non-verified UI objects.

Abstract: A method for authenticating a message that is transmitted wirelessly. The method includes providing a set of private key values that define a private key and performing a key pair generation process that provides a key pair including the private key and a public key, where performing the key pair generation process includes applying one or more hash functions to the private key values, where a succeeding hash function provides a hash of a previous hash function. The scheme uses a signature generation process that generates a message digest by applying a hash function on the message to be signed and then separates the message digest into two parts including signing bits and selection bits and using the private key to sign the message. A receiver verifies the authenticity of the received message using the public key and a signature verification algorithm.

Abstract: Disclosed is a method and system to discourage a MITM attacker in a data communications system that includes client and a server. The method includes, in a Digest Authentication and Key Agreement (AKA) challenge sent to the client from the server, setting an “algorithm” field to ‘algorithm=“AKAv1-HMAC-MD5”’ for directing the client to use the HMAC-MD5 keyed hash function when producing Digest credentials; and using at least one of an AKA Integrity Key (IK) or an AKA Cipher Key (CK) in the keyed hash function.

Abstract: Improving security of a processing system may be accomplished by at least one of executing and accessing a suspect file in a sandbox virtual machine.

Abstract: A translation device has an input unit that inputs image data from a document; a detecting unit that detects a security information image, which indicates that the inputted image is a confidential image, from the inputted image data; a translating unit that translates the security information image detected by the detecting unit; and an outputting unit that outputs the translated image of the security information image.

Abstract: In the computer data security field, cryptographic hash function processes are embodied in a computer system and may be keyless, but are highly secure. The processes are based on the type of randomness exhibited by the well known game of dominos using a set of tiles arranged by players on a surface. Computation of the hash value (digest) is the result of executing in computer code or logic circuitry an algorithm which models such a domino game using the message as an input to the domino game algorithm, then executing the domino game algorithm. A state of the game algorithm which models the final layout of the pieces (tiles) gives the hash digest value of the message.

Abstract: In the computer data security field, this disclosure is of cryptographic hash function processes embodied in a computer system and which may be keyless, but are highly secure. The processes are based on the type of randomness exhibited by painting or drawing a picture. Computation of the hash value (digest) is the result of executing in computer code or logic circuitry an algorithm which models such a picture painting process using the message as an input to the picture painting algorithm, then executing the algorithm. A state of the resulting picture gives the hash digest value of the message. Message expansion or a derivation function (e.g., a pseudo random number generation process) may be applied to the message prior to execution of the picture painting process, for enhanced security.

Abstract: Processing load on an executing device for conducting playback is high during the playback of contents since the executing device performs verification of the contents validity in parallel with the contents playback, and therefore the executing device has to be equipped with a highly efficient processor. The present invention reduces the processing load involved in the verification by using, for the verification, only a predetermined number of encrypted units selected randomly from multiple encrypted units constituting encrypted contents recorded on the DVD. In addition, the present invention is capable of improving the accuracy of detecting unauthorized contents to some extent by randomly selecting a predetermined number of encrypted units every time the verification is performed.

Abstract: A secure method and system of digital data transmission between a sender and a receiver, including a phase of receiver authentication by a symmetrical authentication key sharing algorithm with no transmission of the key, a phase of data watermarking by using the authentication key as the watermarking key, and a phase of transmission of the watermarked data.

Abstract: A secure approach for sending a original message from a sender to a receiver. The sender may encrypt the original message by performing an XOR (or XNOR) operation of the original message and a first random message (same size as original message) on a bit by basis to generate a second message. The receiver may also perform an XOR of the second message with a locally generated second random message. The resulting message is sent to the sender system. The sender system may again perform XOR operation of the received message and the first random message, and send the resulting message to receiver. The receiver may perform XOR operation on the received output to generate the original message sent by the sender. Other technologies such as digital signatures and key pairs (public key infrastructure) may be used in each communication between the sender and receiver to further enhance security.

Abstract: The present method is directed, in the computer data security field, to cryptographic sponge and hash function processes which are embodied in a computer system and are typically keyless, but highly secure. The processes are based on the type of randomness exhibited by manipulation of the well known three dimensional Rubik's cube puzzle. Computation of the hash or sponge value (digest) is the result of executing in a model (such as computer code or logic circuitry) an algorithm modeling such a puzzle using the message as an input to the cube puzzle algorithm, then executing the cube puzzle algorithm. A state of the modeled cube puzzle (the final cube puzzle arrangement) after execution gives the sponge or hash digest value of the message.

Abstract: Sending signed e-mail messages. An output data stream is created for streaming a signed e-mail message, and streamed attachment data is read. In response to receiving a portion of the read streamed attachment data, the received portion of the attachment data is digested to generate a digest value, and the received portion of the attachment data is sent to a mail server via the output data stream. The received portion of the attachment data is smaller than the size of the attachment data. The digest value is updated as additional portions of the streamed attachment data are received and digested. In response to sending all attachment data to the mail server, a signer generates the signature data by signing the digest value using a signer's private key, and the generated signature data is sent to the mail server via the output stream.

Abstract: An efficient solution for secure implementation of indirect addressing (IA) is described. IA may be used, for example, in networks of which the routing algorithms are not capable of multicast but also contain very constrained devices that, although requiring multicast, are not capable of repeated unicast. This ID is useful in wireless networks containing low-power low-cost devices.

Abstract: Systems and methods are provided for managing the transfer of electronic files. In one embodiment, a sender transfers an encrypted version of a file (such as a digitally encoded audio track, movie, document, or the like) to someone who wishes to receive it. The receiver computes a hash of the encrypted file, and sends it to a trusted third party. The trusted third party compares the hash that was computed by the receiver with another hash computed by the sender. If the two hashes match, the third party sends the file decryption key to the receiver. In some embodiments, the receiver may also send the third party payment information so that the sender, the content owner, and/or the third party can be paid for their role in the transaction. In a preferred embodiment, the payment information is only sent to, and/or used by, the third party once the third party has confirmed to the satisfaction of the receiver that the encrypted file in the receiver's possession will decrypt correctly.

Abstract: Method for detecting an attack on a broadcast key shared between an access point and its wireless clients. Upon detection of the attack, actions are implemented to react to the attack as defined in one or more security policies. Detection of the attack is achieved by examining both a link message integrity check and an infrastructure management frame protection (IMFP) message integrity check contained in a broadcast management frame.

Abstract: A signature system with a mechanism to identify element(s) of a signed document includes a sender having a signature module with a digest generator. The digest generator generates digests for identifying selected elements of the document. The resulting “identifying” digests are then used in generating a signature in which the sender signs the digests rather than the original elements. The receiver can then process the signature and use these digests to distinguish between elements, as needed.

Abstract: In accordance with a broad aspect, a method is provided to securely configure a computing device. A configuration indication is received into the computing device, including receiving a digital signature generated based on the configuration indication. Generation of the digital signature accounts for a unique identifier nominally associated with the computing device. The received configuration indication may be verified to be authentic including processing the unique identifier, the received configuration indication and the received digital signature. The computing device may be operated or interoperated with in accordance with the received configuration indication. In one example, a service interoperates with the computing device. The configuration indication and digital signature may be provided from the computing device to the service, and the service may interoperate with the computing device in accordance with the configuration indication and the digital signature.

Abstract: A mobile communication terminal having a function of managing multimedia data is provided, including: a main memory including a multimedia database storing the multimedia data; a signal processor converting the multimedia data stored in the main memory into data of a format suitable to be output to a display of the mobile communication terminal; a back_end chip which processes the multimedia data outputted from the signal processor, stores digest information of multimedia data upon occurrence of an update event of the multimedia data, and provides the stored digest information upon receiving a signal of requesting the digest information to be synchronized; and a front_end chip including a controller which requests the digest information stored in the back_end chip, compares and synchronizes the digest information offered from the back_end chip and digest information stored in advance in the front_end chip.

Abstract: A communication system includes a source node for transmitting data and general nodes that function as relay nodes for relaying the data or destination nodes for receiving the data. Data encoding is performed in each node of the communication system. The source node is linked to the general nodes by one or more independent paths. The number of independent paths from the source node to each of the general nodes is counted. A tap-proof index is calculated based on the maximum number of independent paths and the size of a set of elements formed by the encoded data. The security level against tapping is determined according to the value of the tap-proof index.

Abstract: A chip mountable on a customer replaceable unit monitoring memory (CRUM) unit used in an image forming job includes a central processing unit (CPU) with its own operating system (OS), which operates separately from an OS of the image forming apparatus, to perform authentication communication with a main body of the image forming apparatus using the OS of the CPU. The security of a unit on which the chip is mounted can thereby be reinforced and random changes of data of the unit can be prevented.

Abstract: A secure user authentication system, operable over a client-server communications network to authenticate a system user. The system includes an application server which includes a site which is able to be enabled, and an authentication server, which is able to enable the application server site. The authentication server includes a core database, and receives and stores user authentication-enabling data in the core database. The system further includes a client, and a client program which is able to be actuated in the client. The client program includes the user authentication-enabling data. Upon actuation, the client program automatically directly connects to the authentication server, and sends the client authentication-enabling data to the authentication server, for secure user authentication by the authentication server.

Abstract: A security system in which wireless transmitting security devices use a hybrid or dual encoding methodology, wherein a first part of a data message is encoded in a return-to-zero (RZ) format and a second part of the data message is encoded in a non-return-to-zero (NRZ) format, thereby increasing error detection and correction. In a first aspect of the invention, status information is included in the first part of the message and redundant status information is included in the second part of the message. In a second aspect of the invention, message sequence information is included in the second part of the message to avoid processing of stale or out-of-sequence messages.

Abstract: A module monitoring system and related method includes a plurality of nodes and a server component. Each node of the plurality of nodes is in operative communication with a network and with at least one RFID attached to a module. Each node of the plurality of nodes is a node type and at least two nodes of the plurality of nodes are different node types. A node of the at least two nodes is a printer-based node and is associated with a printing machine. The node associated with the printing machine is also in operative communication with a local RFID tag attached to a corresponding module. The server component includes a network interface and an analysis component. The network interface is in operative communication with the network and communicates with the at least two nodes utilizing the network.

Abstract: A method of authentication of data to be sent in a digital transmission system, the data being organized in a series of at least three files, involving generating a first authentication value for at least one first file, storing said first authentication value in a second file, generating a second authentication value for said second file, storing said second authentication value in a third file, and transmitting said first, second, and third files to a receiver.

Abstract: The present invention relates specifically to a modified digital signature algorithm together with a polynomial-based hash function, in which the last step of the calculation of the final hash value, the exponentiation, is omitted. Such a modification eliminates some of the potential attacks to which a basic hash function algorithm is susceptible. It further introduces several flexibilities to a digital signature scheme. For example, hashing and MAC-ing procedures omit an exponentiations step, whereby the security of data is increased as the possibility of successful attack is diminished. Furthermore, the present invention may be implemented either by way of hardware or software. It may also be capable of generating a digital signature for any set of parameters extracted from a message. Generation of a digital signature may occur without the step of a hashing or MAC-ing procedure.

Abstract: Computer software or integrated circuit for performing a secure hashing method including one or more of the following: representing an initial sequence of bits as a specially constructed set of polynomials; transformation of this set by masking; partitioning the transformed set of polynomials into a plurality of classes; forming the bit string during the (separated) partitioning; for each of the plurality of classes, factoring each of the polynomials and so as to define a set of irreducible polynomials and collecting these factors in registers defined for each of the plurality of classes; wrapping the values of the registers from the plurality of classes by means of an enumeration; organizing the enumerations and the bit strings into a knapsack; and performing an exponentiation in a group to obtain the hash value or the MAC value.

Abstract: A programmable encryption approach involves the use of a downloadable decryptor. According to an example embodiment of the present invention, an FPGA device includes a microcontroller for configuring logic circuitry on the FPGA device. A memory register is implemented for storing encryption key data and a message authentication code (MAC). When the FPGA device is to be configured using a configuration bitstream, a MAC is calculated for a decryptor and sent to the microcontroller along with an encryption key. The microcontroller stores the encryption key and MAC in a register to which access is limited. When the decryptor is downloaded to the microprocessor, a MAC is calculated on the downloaded decryptor and compared with the stored MAC. If the calculated MAC matches the stored MAC, the decryptor is allowed to access the key.

Abstract: A secret string is established so as to be known only to a client computing system and a server computing system. A non-encrypted version of a message, a message counter value, and first hash value are received by the server computing system from the client computing system. The first hash value, based on a content of the message, the message counter value, and the secret string, is generated at the client computing system using a first hash algorithm. Using the first hash algorithm, the server generates second hash value based on the content of the received message, the received message counter value, and the secret string. The server computing system accepts the received non-encrypted version of the message as authentic upon determining that the received message counter value is greater than a previously received message counter value and that the second hash value matches the first hash value.

Abstract: Since there is a possibility that an application downloaded to a terminal performs an invalid operation, an operation of the downloaded application is very much restricted, and the application can not use local resources of the terminal. With the use of information for authenticating the application, which is held in a tamper resistant region of an authentication module, authentication for the application downloaded to a download section of the terminal is performed to confirm its source or whether or not it has been tampered with. Only an authenticated application is permitted to use the local resources of the terminal or the authentication module, so that an invalid application is prevented from using the local resources. Furthermore, there is no need to make the terminal have the tamper resistant region, manufacturing costs of the terminal can be held at a low level.

Abstract: A system and method for authenticating the source of, protecting the contents of, and ensuring the integrity of information. The information may be any digital information which can be stored in a computer file. The information is encapsulated in a computer file which also includes the biometrically verified identity of the person who packaged the information. The contents of the computer file are encrypted, and a unique message digest value is generated and stored in a secure central database. The message digest value functions as the digital signature of the encrypted information, and is used to ensure the integrity of the information.

Abstract: The present invention proposes a solution to prevent a program flow in a processing unit from being modified with respect to an intended program flow, thereby ensuring that important steps such as verifying or authenticating are not bypassed. The invention is particularly aimed at security modules within receiver/decoders in a pay-TV system and involves performing a set of predetermined operations during the processing of entitlement management messages and/or entitlement control messages, said operations being redundant with respect to the normal processing of said messages while leading to the calculation of keys which can then be used to verify that the intended program flow has been respected.

Abstract: A method for securing communication between members. The method includes a first member obtaining a secret. An n-bit generator executing on the first member generates a message digest using the first secret. The first member extracts algorithm selector bits and an encryption key from the message digest, and selects an encryption algorithm identified by the algorithm selector bits. The method further includes the first member encrypting a communication using the encryption algorithm and the encryption key to obtain an encrypted communication, and the first member sending, to a second member of the group, the first encrypted communication.

Abstract: An example embodiment of a includes a Home Page, a Web Presence Tool Page, and a Product and Community Forum which is created and maintained by a Hosting Provider. The Home Page may be made accessible to Hosting Customers and Partners and is an ideal location for placement of ads since all members of the Web Hosting Community are funneled through this Web page. The Web Presence Tool Page may display information generated by a Partner regarding the Partner's application which may be viewed by the Hosting Customers. The Product and Community Forum may allow the Hosting Customers to share information regarding all the applications with other Hosting Customers.

Abstract: A method for managing an original executable code downloaded into a reprogrammable computer on-board system such as a microprocessor card. The code includes a cryptographic signature and is executable by the microprocessor once the validity of the signature has been checked. Off the card, a modified executable code corresponding to the original code and adapted to a pre-defined specific use is identified. A software component is calculated, which when applied to the original code, enables the modified code to be reconstructed. The software component is signed, and the signed original code and the signed software component are downloaded into the card. On the card, the signature of the original code and the software component are checked, and the software component is applied to the original code in order to reconstruct the modified code for the execution of the same by the microprocessor.

Abstract: A system and method for authenticating an HTTP message. A relying party may respond to a request from a requester by sending an HTTP message with authentication specifications to the requester. The requester responds with a new request that adheres to a scheme specified by the relying party. A framework allows for a security token to be located in an HTTP header or a message body, with various options such as fragmenting the token available. An option allows for cryptographically binding the security token to the body of a message. An authentication framework provides for an implementation by an HTTP stack or by an application.

Abstract: An improved system and approaches for protecting passwords are disclosed. A file security system for an organization operates to protect the files of the organization and thus prevents or limits users from accessing some or all of the files (e.g., documents) associated with the organization. According to one aspect, a password entered by a user is used, provided it is authenticated, to obtain a respective authentication string (a relatively longer string of numbers or characters). The retrieved authentication string is then used to enable the user to enter the file security system and/or to access secured files therein. According to another aspect, user passwords are not stored in the file security system to avoid security breaches due to unauthorized capture of user passwords.

Abstract: A writing area security system (10) includes a CPU (34), a flash memory (64), and a memory controller (62). The memory controller (62), when receiving a read command of data stored in the flash memory (64) from the CPU (34), performs a parity check on the data. The memory controller (62) outputs the data to the CPU (34) only when the parity of the read data is correct.

Abstract: Circuitry for encrypting at least a part of an input data flow and generating a tag based on the input data flow with the same ciphering algorithm and the same key including a first ciphering branch arranged to encrypt the at least part of the input data; a second ciphering branch arranged to generate the tag; and a single key schedule unit arranged to receive the key, to generate at least one sub-key based on the key and to provide the at least one sub-key to the first and second ciphering branches.

Abstract: A method for analyzing a security grade of an information property, and more particularly, a method by which a security grade (a risk degree in security) is analyzed objectively and quantitatively such that risk degree management of an information property can be efficiently performed, is provided. The method for analyzing a security grade of an information property includes: selecting an information property as an object of security grade analysis, among information properties for which risk degree analysis and importance evaluation in managerial, physical, and technological aspects are performed; calculating the property risk degree of the selected property based on the weighted mean of risk degrees and importance evaluation; and mapping the weighted mean of the risk degree and the importance on a 2-dimensional plane having the X-axis indicating the weighted mean of a risk degree and the Y-axis indicating importance, and based on the appearing result, determining the priority of a safeguard.

Abstract: A recording device for recording one or more of a plurality of subcontents recorded on a first recording medium, onto a second recording medium, the first recording medium having further recorded thereon digest values of the subcontents, and a medium signature generated based on the digest values of the subcontents, the plurality of subcontents constituting one content, the recording device comprising: a subcontent acquisition unit operable to select and acquire one or more of subcontents permitted to be copied; an excluded digest value acquisition unit operable to acquire excluded digest values from the first recording medium, the excluded digest values being digest values of nonselected subcontents; a signature acquisition unit operable to acquire the medium signature from the first recording medium; and a write unit operable to write, onto the second recording medium, (i) the one or more selected subcontents, (ii) the excluded digest values, and (iii) the medium signature.

Abstract: This method securely transmits data from a secure control system [110] located on an isolated computer network [100] to a separate computer [210] outside the isolated control network [100]. The method includes several features designed to minimize the risk of outside cyber attack on the control system [110] while ensuring that the data is transmitted correctly and promptly. The system uses a non-routable unidirectional physical data link [300]. Messages [400] are redundantly transmitted to computer [210] without acknowledgement along with checksums [430,450]. The checksum information is used to validate that the message header [420] and the message data [440] have been received correctly. Redundant information contained in repeated message data blocks [440] is discarded after the transmitted message [400] is correctly received and decoded. An ordered transmission sequence is used to minimize the message delay if an individual message [400] was not received correctly on its first transmission.

Abstract: A method for electronically storing and retrieving at a later date a true copy of a document stored on a remote storage device comprises: sending a document in electronic format from a document owner's computing device to a store entity for storing the document; generating a digest of the document while the document is at the store entity by applying a hash function to the document; signing the digest electronically with a key while said document is at the store entity; generating a receipt that includes the digest and the key; sending the receipt to the document owner; and verifying, at the document owner's computing device, that the received receipt corresponds to the document sent from the owner's computing device.