Message Digest Travels With Message Patents (Class 713/181)
  • Patent number: 7613926
    Abstract: Protection systems and methods provide for protecting one or more personal computers (“PCs”) and/or other intermittently or persistently network accessible devices or processes from undesirable or otherwise malicious operations of Java™ applets, ActiveX™ controls, JavaScript™ scripts, Visual Basic scripts, add-ins, downloaded/uploaded programs or other “Downloadables” or “mobile code” in whole or part. A protection engine embodiment provides, within a server, firewall or other suitable “re-communicator,” for monitoring information received by the communicator, determining whether received information does or is likely to include executable code, and if so, causes mobile protection code (MPC) to be transferred to and rendered operable within a destination device of the received information, more suitably by forming a protection agent including the MPC, protection policies and a detected-Downloadable.
    Type: Grant
    Filed: March 7, 2006
    Date of Patent: November 3, 2009
    Assignee: Finjan Software, Ltd
    Inventors: Yigal Mordechai Edery, Nimrod Itzhak Vered, David R. Kroll, Shlomo Touboul
  • Patent number: 7610505
    Abstract: Methods and apparatus for implementing peer-to-peer relay. In one implementation, a method of detecting and recovering from violations in a peer-to-peer relay network includes: receiving a message at a peer system from a sending peer system connected to said peer system in a peer-to-peer relay network detecting a violation in said received message; and sending an alert message to each peer system connected to said peer system in said peer-to-peer relay network; wherein each peer system in said peer-to-peer relay network stores a connection limit defining a number of other peer systems up to which that peer system is permitted to connect, and each peer system stores a set of one or more relay rules for relaying data to other peer systems connected to that peer system.
    Type: Grant
    Filed: January 24, 2008
    Date of Patent: October 27, 2009
    Assignee: Sony Computer Entertainment America Inc.
    Inventors: Glen Van Datta, Anthony Mai
  • Patent number: 7606401
    Abstract: Herein is described a tokenless biometric method for processing electronic transmissions, using at least one user biometric sample, an electronic identicator and an electronic rule module clearinghouse. The steps for processing of the electronic transmissions comprise of a user registration step, wherein a user registers with an electronic identicator at least one registration biometric sample taken directly from the person of the user. A formation of a rule module customized to the user in a rule module clearinghouse, wherein at least one pattern data of a user is associated with at least one execution command of the user. A user identification step, wherein the electronic identicator compares a bid biometric sample taken directly from the person of the user with at least one previously registered biometric sample for producing either a successful or failed identification of the user.
    Type: Grant
    Filed: August 4, 2005
    Date of Patent: October 20, 2009
    Assignee: YT Acquisition Corporation
    Inventors: Ned Hoffman, Philip Dean Lapsley
  • Patent number: 7603562
    Abstract: A mechanism for making increased amounts of firmware available to a computer pre-boot is discussed. To increase the amount of firmware available pre-boot, a design decision is made during the build process as to which segments of the firmware need to be placed on the ROM part and which segments of the firmware can be located elsewhere. The segments of the firmware that are stored remotely from the ROM are referred to as “virtual ROM modules”. Each of the virtual ROM modules is assigned a generated unique identifier, and a “message digest” is constructed for each module using an algorithm such as MD5 or SHA-1. In the software build of the ROM image, the message digest-unique identifier pair created for each Virtual ROM module is used as a logical pointer for the virtual module. Additionally, a search path variable is placed into the ROM image in non-volatile storage. The search path provides for one or more locations in which to look for the Virtual ROM modules, and may be updated at a later point in time.
    Type: Grant
    Filed: February 1, 2006
    Date of Patent: October 13, 2009
    Assignee: Insyde Software Corporation
    Inventor: Rex A. Flynn
  • Publication number: 20090254756
    Abstract: A data communication method capable of performing a synchronization processing at two or more computer terminals while ensuring security. A server certificate and a public key are transmitted through a host-side terminal to a guest-side terminal, whereby the guest-side terminal authenticates the server, and a guest-side hash key used in a hash function, as well as the hash function, are encrypted with the public key. A web server decrypts the hash key and the hash function, creates a digest of the contents with the guest-side hash key, and transmits the digest through the host-side terminal to the guest-side terminal. The guest-side terminal receives the contents and digest received from the host-side terminal, and compares this digest and a digest created from the received contents, whereby security can be ensured when the synchronization processing is performed.
    Type: Application
    Filed: September 24, 2004
    Publication date: October 8, 2009
    Inventor: Jun Kawakita
  • Patent number: 7600127
    Abstract: A method for updating an ISO file, e.g., to add a digital signature to the ISO file, includes adding a supplemental file composed of, e.g., all zeroes to the ISO file before recording, and then recording the ISO file with supplemental file to an optical disk using ISO format. A digital signature is computed after recording. The zeroes in the supplemental file are replaced by the values of the digital signature and the file is re-saved. Also, an ISO file that might have a common part and several unique parts, e.g., for respective languages, is deconstructed such that only a single copy of the common part is recorded to disk, avoiding multiple recordations of the same data.
    Type: Grant
    Filed: July 13, 2005
    Date of Patent: October 6, 2009
    Assignee: Lenovo Singapore Pte. Ltd
    Inventors: Rod David Waltermann, Mark Charles Davis, Seiichi Kawano
  • Patent number: 7599890
    Abstract: A memory card (110) includes a memory (1415) to store encrypted content data, a license hold unit (1440) to store at least a portion of license information distributed by a distribution system, a plurality of authentication data hold units (1400.1, 1400.2), each storing a plurality of authentication data that are authenticated respectively by a plurality of public authentication keys KPma, KPmb common to the distribution system, and a switch (SW2) to selectively provide the data from the plurality of authentication data hold units outside of said recording apparatus according to a request external to the memory card (110).
    Type: Grant
    Filed: March 28, 2001
    Date of Patent: October 6, 2009
    Assignees: Sanyo Electric Co., Ltd., Fujitsu Limited, Hitachi, Ltd.
    Inventors: Yoshihiro Hori, Hiroshi Takemura, Takatoshi Yoshikawa, Toshiaki Hioki, Takahisa Hatakeyama, Takayuki Hasebe, Shigeki Furuta, Masataka Takahashi, Takeaki Anazawa, Tadaaki Tonegawa
  • Patent number: 7600134
    Abstract: A method for theft deterrence of a computer system is disclosed. The computer system includes a trusted platform module (TPM) and storage medium. The method comprises providing a binding key in the TPM; and providing an encrypted symmetric key in the storage medium. The method further includes providing an unbind command to the TPM based upon an authorization to provide a decrypted symmetric key; and providing the decrypted symmetric key to the secure storage device to allow for use of the computer system. Accordingly, by utilizing a secure hard disk drive (HDD) that requires a decrypted key to function in conjunction with a TPM, a computer if stolen is virtually unusable by the thief. In so doing, the risk of theft of the computer is significantly reduced.
    Type: Grant
    Filed: November 8, 2004
    Date of Patent: October 6, 2009
    Assignee: Lenovo Singapore Pte. Ltd.
    Inventors: Ryan C. Catherman, David C. Challener, James P. Hoff, Joseph M. Pennisi, Randall S. Springfield
  • Patent number: 7600126
    Abstract: Efficient processing of time-bound messages is described herein. In an implementation, messages are classified either time-bounded messages or non-time-bounded messages. The time-bounded messages are then processed separately from the non-time-bound messages. Examples of time-bounded messages can include spam e-mails or other types or classes of e-mails subject to a retention policy, such that the are retained only for some set period of time. Metadata relating to the time-bound messages are compiled and stored separately from the messages, thereby enabling optimization of the metadata storage and processing apart from the messages. The time-bounded messages are accumulated before they are processed in bulk, thereby reducing the number if I/O operations consumed by the time-bound messages, and reducing the amount and cost of resources supporting the process of the time-bounded messages.
    Type: Grant
    Filed: May 27, 2005
    Date of Patent: October 6, 2009
    Assignee: Microsoft Corporation
    Inventors: William J. Bolosky, Atul Adya, Ronnie I Chaiken, Marcus Jon Jager
  • Publication number: 20090249076
    Abstract: A user is provided with access to his or her account information using a client. The account information is stored on a server which receives the information from a feed source and transmits the information to the client. A method for downloading and installing specialized software for viewing the account information on the client is also provided. The information can be received from different feed sources in different formats and converted to a format that is compatible with the intended receiving client. Encryption can be used to protect the privacy of the users of the system and the account information therein. Additionally, a special access password and a privileged access routine can be used to provide access to an authorized third party user on a temporary basis.
    Type: Application
    Filed: April 1, 2009
    Publication date: October 1, 2009
    Applicant: AllOne Health Group, Inc.
    Inventors: William C. Reed, William Drew Palin, Dennis Wozniak, Thomas A. Druby, Daniel Thomas Hynes, Patrick Jason Kinney, Warwick Antony Charlton, John Greg Pollak, Erik Lazlo Manassy
  • Patent number: 7596703
    Abstract: An agent computer system, acting on behalf of the user, provides the personal information to various wide area network sites for conducting online transactions. A user has a secure device with a built-in device identifier. A backup center has a computer system to be coupled to the secure device during backup of the personal information. The personal information is encrypted with a unique user ID as a key. The user ID is entered by the user. The user ID is irreversibly encrypted to a unique irreversibly encrypted user identifier. The secure device includes data executable to establish a new account, renew an old account, and transmission of the encrypted information along with the unique device identifier and the unique irreversibly encrypted user identifier to the backup center. The unique device identifier and the unique irreversibly encrypted user identifier are used for indexing the storage of the encrypted information.
    Type: Grant
    Filed: March 21, 2003
    Date of Patent: September 29, 2009
    Assignee: Hitachi, Ltd.
    Inventors: Tomohisa Kohiyama, Motoyasu Tsunoda
  • Publication number: 20090240764
    Abstract: A network storage system for a download intensive environment is provided. The network storage comprises at least a data storage server (DSS) that includes an interface enabling connection of the DSS to a network at a location that enables at least a view of network transactions performed by a plurality of clients; a storage unit; and a system adapted to monitor the network transactions occurring on the network and identification of the network transactions as belonging to a registered client of the DSS, and storing in the storage the transactions with an identification corresponding to the registered client.
    Type: Application
    Filed: March 17, 2009
    Publication date: September 24, 2009
    Applicant: CRYPTORIA
    Inventors: NIR PELEG, OR SAGI, AMNON STRASSER
  • Patent number: 7594261
    Abstract: Systems and methods for cryptographically processing data as a function of a Cartier pairing are described. In one aspect, a Cartier pairing is generated from two different abelian varieties or abelian varieties and an isogeny between them. Data is cryptographically processed based on the Cartier pairing.
    Type: Grant
    Filed: February 8, 2005
    Date of Patent: September 22, 2009
    Assignee: Microsoft Corporation
    Inventors: Kristin E. Lauter, Denis X. Charles
  • Patent number: 7594124
    Abstract: A method and apparatus for cross validation of data using multiple subsystems are described. According to one embodiment of the invention, a computer comprises a first subsystem and a second subsystem; and a memory, the memory comprising a first memory region and a second memory region, the first memory region being associated with the first subsystem and a second memory region being associated with the second subsystem; upon start up of the computer, the first subsystem to validate the second memory region and the second subsystem to validate the first memory region.
    Type: Grant
    Filed: June 9, 2004
    Date of Patent: September 22, 2009
    Assignee: Intel Corporation
    Inventors: David Durham, Travis Schluessler, Raj Yavatkar, Vincent Zimmer, Carey Smith
  • Patent number: 7590853
    Abstract: Secure computation environments are protected from bogus or rogue load modules, executables and other data elements through use of digital signatures, seals and certificates issued by a verifying authority. A verifying authority—which may be a trusted independent third party—tests the load modules or other executables to verify that their corresponding specifications are accurate and complete, and then digitally signs the load module or other executable based on tamper resistance work factor classification. Secure computation environments with different tamper resistance work factors use different verification digital signature authentication techniques (e.g., different signature algorithms and/or signature verification keys)—allowing one tamper resistance work factor environment to protect itself against load modules from another, different tamper resistance work factor environment.
    Type: Grant
    Filed: August 20, 2007
    Date of Patent: September 15, 2009
    Assignee: Intertrust Technologies Corporation
    Inventors: Victor H. Shear, W. Olin Sibert, David M. Van Wie
  • Patent number: 7590855
    Abstract: To assist a destination/intermediary node in authenticating a communications packet as originating from a certain source node, the source node hides a cryptographically generated first special value based on the packet in a header portion of the communications packet. Upon receipt of the communications packet, the destination/intermediary node cyptographically generates a second special value also based on the packet for comparison to the first special value extracted from hiding in the header portion. If the first and second special values match, the destination/intermediary node has authenticated the communications packet as originating from the source node. The foregoing may be implemented in a number of situations, but has special use in connection with the detection of packet communications vulnerability assessment probe traffic by an intrusion detection system.
    Type: Grant
    Filed: April 30, 2002
    Date of Patent: September 15, 2009
    Assignee: TippingPoint Technologies, Inc.
    Inventor: Victoria Lynn Irwin
  • Publication number: 20090228701
    Abstract: A logging system and method based on a one-way hash function are described. The system includes a user system, a trusted third party, and a verifier. The method includes the following steps. The user system records a log file and initializes a message authentication code key and an image code. When the verifier requests the user system for a logging unit corresponding to an operation history, the user system uses a one-way hash function to calculate a check value and returns the check value and an image code sequence. The verifier then verifies the integrity of the check value and the image code sequence through the trusted third party. The trusted third party checks if the image code sequence obtained by the hash calculation equals to the check value through the one-way hash function, so as to verify that the log file of the user system has not been modified.
    Type: Application
    Filed: December 17, 2008
    Publication date: September 10, 2009
    Applicant: INDUSTRIAL TECHNOLOGY RESEARCH INSTITUTE
    Inventor: Chih-Yin LIN
  • Patent number: 7581110
    Abstract: This invention provides a bandwidth-efficient mechanism whereby the source or originating node(s) (the invention supports multiple source nodes, each creating single or multiple broadcast message(s)) may utilize broadcast addressing service to efficiently reach multiple receiver nodes and still control which receiver node(s) may access the broadcast data or message. This method is realized by a novel and efficient key distribution technique.
    Type: Grant
    Filed: August 24, 2000
    Date of Patent: August 25, 2009
    Assignee: Nokia Corporation
    Inventor: Scott Probasco
  • Patent number: 7581103
    Abstract: Software self-checking mechanisms are described for improving software tamper resistance and/or reliability. Redundant tests are performed to detect modifications to a program while it is running. Modifications are recorded or reported. Embodiments of the software self-checking mechanisms can be implemented such that they are relatively stealthy and robust, and so that it they are compatible with copy-specific static watermarking and other tamper-resistance techniques.
    Type: Grant
    Filed: June 13, 2002
    Date of Patent: August 25, 2009
    Assignee: InterTrust Technologies Corporation
    Inventors: William G. Home, Lesley R. Matheson, Casey Sheehan, Robert E. Tarjan
  • Patent number: 7581117
    Abstract: Secure delivery of configuration data of an intellectual property (IP) core includes the steps of loading configuration data for the IP core into IP core space by an IP core provider, masking portions of the IP core space not loaded with configuration data in the loading configuration data step with the value 0 or 1 by the IP core provider, encrypting data in the IP core space by the IP core provider, loading configuration data for system design other than for the IP core into a remainder space and any unused portions of the IP core space by a system designer, masking portions of the IP core space loaded in the loading configuration data step with the value 0 or 1 used by the IP core provider in the masking portions of the IP core space not loaded step, and encrypting data in a configuration space by the system designer.
    Type: Grant
    Filed: July 19, 2005
    Date of Patent: August 25, 2009
    Assignee: Actel Corporation
    Inventors: Kenneth Irving, Jonathan Greene
  • Patent number: 7577845
    Abstract: In accordance with the present invention, there is provided a concept of the present invention is to use technology and methods of a special coded information matrix cryptogram with five integrated technologies to protect the original digital data from forgery, counterfeiting and pirating effectively. Five technologies comprise of data matrix bitmap technology, compression technology, encryption technology, data allocating technology and authentication technology. They can enhance the information matrix cryptogram with the special features to the strongest level of security. The concept of designing the system of the present invention is to be able to convert any data in any kind of formats and size into a special formatted and coded information matrix cryptogram. This cryptogram with a special authentic code is unique and infeasible to break.
    Type: Grant
    Filed: August 17, 2004
    Date of Patent: August 18, 2009
    Inventor: Hengli Ma
  • Publication number: 20090204813
    Abstract: A system for authenticating data of interest includes a digest locator engine capable to locate a first and a second digest result in a data file, including a set of data; a first digest creator capable to create, using a first digest function, a first digest of the set of data, the first digest function being identical to a digest function used to create the first digest result; a second digest creator capable to create, using a second digest function that is incompatible with the first digest function, a second digest of the set of data, the second digest function being identical to a second digest function used to create the second digest result; and a digest comparator engine, communicatively coupled to the digest locator, first digest creator and the second digest creator, capable to compare the first and second created digests with the first and second located digest results respectively.
    Type: Application
    Filed: January 20, 2009
    Publication date: August 13, 2009
    Inventor: John Man Kwong Kwan
  • Patent number: 7574605
    Abstract: A method of managing digital signature includes the steps of preparing a signature log file storing signature log entry information, generating a new digital signature for a transmission message by reflecting, in the new digital signature, signature log entry information registered to the signature log file in the past; generating signature log entry information associated with the new digital signature and registering the signature log entry information to the signature log file; and preparing a user search file in addition to the signature log file; registering, to the user search file, user identifier information indicating a transmission destination of the transmitted digital signature and a transmission source of the received digital signature, with a correspondence established between the information, the user identifier information, and each signature log entry information in the signature log file.
    Type: Grant
    Filed: May 17, 2002
    Date of Patent: August 11, 2009
    Assignee: Hitachi, Ltd.
    Inventors: Kouichi Tanimoto, Shinji Itoh, Kunihiko Miyazaki, Narihiro Omoto, Katsuko Nishioka
  • Patent number: 7574479
    Abstract: Techniques for attesting to content received from an author (sender) are provided. A sender's content is represented by a message digest. The message digest is signed by an identity service. The signed message digest represents an attestation as to the authenticity of the content from the sender. The sender transmits the signed message digest and content in a message to a recipient. The recipient verifies the signature and message digest to authenticate the content from the sender.
    Type: Grant
    Filed: January 24, 2006
    Date of Patent: August 11, 2009
    Assignee: Novell, Inc.
    Inventors: Cameron Craig Morris, Lloyd Leon Burch, Stephen R. Carter, Stephen Hugh Kinser
  • Patent number: 7574607
    Abstract: Methods and apparatus for secure transmission of data in pipeline fashion. A pair of transaction certificates can be used to verify the authenticity and integrity of data transmitted in more than one block.
    Type: Grant
    Filed: October 29, 2002
    Date of Patent: August 11, 2009
    Assignee: Zix Corporation
    Inventors: Gary G. Liu, David P. Cook
  • Patent number: 7571325
    Abstract: Methods, apparati, and computer-readable media for regulating a user's access to a Web page. A method embodiment of the present invention comprises the steps of hashing (31) a URL associated with a Web page requested by the user; comparing (32) the hashed URL with a list (24) of pre-stored URL hashes; and granting (34) or denying (37) access to the requested Web page based upon results of the comparing step (32).
    Type: Grant
    Filed: March 14, 2005
    Date of Patent: August 4, 2009
    Assignee: Symantec Corporation
    Inventors: Shaun Cooley, Brian Powell
  • Patent number: 7570759
    Abstract: A method for encrypting a message containing a plurality of message segments is described. First, a key is input into a SHA function to generate a first hash value. Then, a first message segment is encrypted into a first cipher segment by use of a part of the first hash value. Next, the first message segment and the first hash value are input into the SHA function to generate a second hash value. Following that, the second message segment is encrypted into a second cipher segment by use of a part of the second hash value. Subsequently, next message segment is repeatedly encrypted and input into the SHA function to generate a next cipher segment and a next hash value, respectively, until the last message segment is encrypted and the last hash value is generated.
    Type: Grant
    Filed: August 13, 2004
    Date of Patent: August 4, 2009
    Inventor: Yen-Fu Liu
  • Publication number: 20090193261
    Abstract: In one embodiment of the invention, an apparatus for authenticating a flash program is provided. The apparatus comprises a hardware unique key, a register storing a customer identity (ID) and a message authentication code (MAC) generation unit. The MAC generation unit acquires a root key corresponding to the hardware unique key and the customer ID, and generates a MAC for the flash program using the acquired root key, wherein the content of the register is locked to avoid modification of the stored customer ID until the next system reset.
    Type: Application
    Filed: January 25, 2008
    Publication date: July 30, 2009
    Applicant: MEDIATEK INC.
    Inventors: Ching-Chao Yang, Tzung-Shian Yang
  • Publication number: 20090187759
    Abstract: Systems, methods, and computer readable media for application-level authentication in a telecommunications network are disclosed. According to one aspect, the subject matter described herein includes a method for application-level authentication of messages in a telecommunications network. The method includes, at a node in a telecommunications network, receiving, from a personal communications device having a user, a message requiring application-level authentication, the message including information associated with the user and incorporating first authentication information associated with the user, the first authentication information being provided from a source that is not the user of the personal communications device. A request for second authentication information associated with the user is sent to an authentication server.
    Type: Application
    Filed: January 21, 2009
    Publication date: July 23, 2009
    Inventor: Peter J. Marsico
  • Patent number: 7565549
    Abstract: Managing and controlling the execution of software programs with a computing device to protect the computing device from malicious activities. A protector system implements a two-step process to ensure that software programs do not perform malicious activities which may damage the computing device or other computing resources to which the device is coupled. In the first phase, the protector system determines whether a software program has been previously approved and validates that the software program has not been altered. If the software program is validated during the first phase, this will minimize or eliminate security monitoring operations while the software program is executing during the second phase. If the software program cannot be validated, the protector system enters the second phase and detects and observes executing activities at the kernel level of the operating system so that suspicious actions can be anticipated and addressed before they are able to do harm to the computing device.
    Type: Grant
    Filed: July 3, 2007
    Date of Patent: July 21, 2009
    Assignee: International Business Machines Corporation
    Inventors: Thomas James Satterlee, William Frank Hackenberger
  • Patent number: 7565537
    Abstract: A secure key exchange with mutual authentication allows devices on a network to perform, in a single roundtrip over the network, the exchange. A key exchange initiator packet that does not include a key to be established is sent from an initiating device to another device via a network. The key exchange initiator packet is validated and the other device generates the key without requiring any additional packets to be received from the initiating device in order to generate the key. A key exchange response packet that does not include the key is returned to the initiating device, which validates the key exchange response packet and generates the key without requiring any additional packets to be sent to the other device or received from the other device.
    Type: Grant
    Filed: June 10, 2002
    Date of Patent: July 21, 2009
    Assignee: Microsoft Corporation
    Inventors: Dinarte R. Morais, Ling Tony Chen, Damon V. Danieli
  • Patent number: 7558953
    Abstract: Disclosed is a method of loading data, such as software, into a mobile terminal, where the data is loaded from a loading station, and the data comprises payload data and header data. The mobile terminal accepts the data conditioned on a verification process based on the header data. The step of receiving the data further comprises the steps of receiving a header message including the header data from the loading station by the mobile terminal, verifying the received header data by the mobile terminal, and receiving at least a first payload message including the payload data, if the header data is verified successfully.
    Type: Grant
    Filed: December 20, 2002
    Date of Patent: July 7, 2009
    Assignee: Telefonaktiebolaget L M Ericsson (Publ)
    Inventors: Harro Osthoff, Bernard Smeets, Christian Gehrmann
  • Publication number: 20090164794
    Abstract: The digital content store provides users with an opportunity to purchase authorized usage of digital content, such as single or multiple music tracks, video, movies, and/or video games. The users can also buy license to a desired track for a fixed number of times, e.g. preferably the users can listen on three different machines simultaneously. Users can also burn a play list of X number of times, for example ten. The burn limit preferably applies to the play list, not the song. Mixed media capability is provided that allows the purchase of digital content and/or physical media. The digital content store system comprises a unique digital rights management system and a back-end enabling system that controls these digital rights.
    Type: Application
    Filed: December 18, 2008
    Publication date: June 25, 2009
    Inventors: Ellis Verosub, Sanjeev Tenneti, Kamal Acharya, Solomon D. Goldfarb, Todd Pringle, David S. Bill, Shailesh Prakash, Adam Milligan
  • Patent number: 7551737
    Abstract: A system and method for providing cryptographic keys which are usable in a network of connected computer nodes applying a signature scheme. The method employs: generating a random secret key usable in the network of connected computer nodes; generating an exponent interval I having a plurality of exponent elements, the exponent interval having a specified first random limit, wherein each element of the plurality of exponent elements of the exponent interval has a unique prime factor tat is larger than a given security parameter; and, providing a public key comprising an exponent-interval description including The first random limit, and a public key value derived from the random secret key, such That the random secret key and a selected exponent value from the plurality of exponent elements in the exponent interval I are usable for deriving a signature value on a message to be sent within The network to a second computer node for verification.
    Type: Grant
    Filed: March 25, 2004
    Date of Patent: June 23, 2009
    Assignee: International Business Machines Corporation
    Inventors: Jan Camenisch, Maciej A Koprowski
  • Patent number: 7552230
    Abstract: One embodiment of the present method and apparatus for reducing spam in peer-to-peer networks includes forming a search message including at least one decoy word and sending the search request message, including the decoy word(s), to one or more nodes in the network. Embodiments of the present invention make it possible to weed out nodes in the network that send spam in response to every search message (e.g., regardless of the search message's content).
    Type: Grant
    Filed: June 15, 2005
    Date of Patent: June 23, 2009
    Assignee: International Business Machines Corporation
    Inventors: David A. George, Raymond B. Jennings, III, Jason D. LaVoie
  • Patent number: 7552332
    Abstract: A method and system for capturing an electronic signature of a user in a Java-based environment on a personal digital assistant. A user is prompted by an applet operating on the personal digital assistant, handling a canvas by the applet, and capturing an instance of the electronic signature on the canvas. The canvas encodes the instance of the electronic signature in a file and transfers the file by the canvas to the applet. A personal digital assistant may include a screen sensitive to pressure for capturing a signature and an application adapted to capture and attach the signature to a business object. The application may also include an applet adapted to prompt a user and adapted to handle a canvas. The canvas is adapted to capture an instance of the electronic signature and encode the instance in a file. The file is transferred by the canvas to the applet.
    Type: Grant
    Filed: October 20, 2003
    Date of Patent: June 23, 2009
    Assignee: SAP AG
    Inventors: Prithipal Singh, Sunil Lal, Srinivasan Subramanian
  • Patent number: 7552335
    Abstract: The present invention provides a technique that allows for a valid modification that is authorized by the author of data, while assuring the originality of the data. An information processing apparatus for processing original data created by a predetermined author is provided. The information processing apparatus includes a modification-information storing unit for storing modification information regarding a modification onto a storage medium when the original data is modified, and a modification-assuring-information creating unit for creating modification assuring information for assuring that the modification information is true.
    Type: Grant
    Filed: November 12, 2003
    Date of Patent: June 23, 2009
    Assignee: Canon Kabushiki Kaisha
    Inventor: Keiichi Iwamura
  • Publication number: 20090158046
    Abstract: A system (200) detects transmission of potentially malicious packets. The system (200) receives, or otherwise observes, packets and generates hash values based on variable-sized blocks of the packets. The system (200) then compares the generated hash values to hash values associated with prior packets. The system (200) determines that one of the received packets is a potentially malicious packet when one or more of the generated hash values associated with the received packet match one or more of the hash values associated with the prior packets.
    Type: Application
    Filed: October 10, 2008
    Publication date: June 18, 2009
    Inventors: Walter Clark Milliken, William Timothy Strayer, Stephen Douglas Milligan, Luis Sanchez, Craig Partridge
  • Publication number: 20090158045
    Abstract: The present invention relates to a wireless sensor message authentication method, which is characterized by an authentication scheme of any message authentication code applied to any secure message authentication code (MAC); an authentication scheme using the concept of error correcting code (ECC) and applied to any binary ECC to provide different feature; flexible technique tuning required throughput and faulty data detection capability by adjusting the ECC in use; end-to-end authentication; and XOR operation conducted to original MAC to secure light overhead.
    Type: Application
    Filed: February 1, 2008
    Publication date: June 18, 2009
    Inventors: Hung-Min Sun, Shih-Ying Chang
  • Patent number: 7549058
    Abstract: A method and apparatus for encrypting and decrypting digital data employing multiple Huffman tables and at least one encryption key to enhance security of the digital data. At least one image parameter for characterizing the digital data, such as a motion vector table or DC-luminance, is selected as an image parameter. All possible Huffman tables according to the image parameter are then generated by Huffman tree mutation. A predetermined number of active Huffman tables from all possible Huffman tables are selected using a first encryption key and a hash function. Afterward, a coding sequence for the active Huffman tables is generated using a second encryption key and the hash function. Finally, the digital data is encrypted into an encrypted bit stream by the active Huffman tables with the coding sequence. Encrypted symbols of the image parameter can be reduced by symbol statistic analysis, thus reducing computation effort.
    Type: Grant
    Filed: June 30, 2005
    Date of Patent: June 16, 2009
    Assignee: MAVs Lab. Inc.
    Inventors: Bei Wang, Chia-Hung Yeh, Hsuan-Huei Shih, C.-C. Jay Kuo
  • Patent number: 7549061
    Abstract: An executing device for conducting playback is high during the playback of contents. The executing device is equipped with a highly efficient processor and reduces the processing load involved in verification by using, for the verification, only a predetermined number of encrypted units selected randomly from multiple encrypted units constituting encrypted contents recorded on a DVD. In addition, the executing device is capable of improving the accuracy of detecting unauthorized contents by randomly selecting a predetermined number of encrypted units every time the verification is performed.
    Type: Grant
    Filed: March 24, 2005
    Date of Patent: June 16, 2009
    Assignee: Panasonic Corporation
    Inventors: Masao Nonaka, Yuichi Futa, Toshihisa Nakano, Kaoru Yokota, Motoji Ohmori, Masaya Miyazaki, Masaya Yamamoto, Kaoru Murase, Senichi Onoda
  • Patent number: 7549053
    Abstract: A method and system for efficiently retrieving secured data by securely pre-processing provided access information, provides data store security based on only a single piece of access information, which is generally public, such as the proper name of a business or individual that is used to retrieve mailing address information. The access information is hashed for access to a secured data store and efficient access and low data storage for permutations of input access information are provided by verifying the presence of an entry for the hashed access information in a look-up table. If an entry is found, the data store is accessed using the hashed access information, but if an entry is not found, another look-up table corresponding to another information type may be tried or the input access information permuted and retried.
    Type: Grant
    Filed: September 27, 2005
    Date of Patent: June 16, 2009
    Assignee: United States Postal Service
    Inventors: James D. Wilson, Robert F Snapp, David J Payne, Edgar H. Gillock, II
  • Patent number: 7545810
    Abstract: Approaches are disclosed for switching transport protocol connection keys. In a transport protocol module configured to use a first key for signing messages associated with a transport protocol connection, a second key is configured for the transport protocol connection. A first message that is associated with the transport protocol connection is received. The first message includes a first signature. A first and a second message digests are computed for the first message, where the first message digest is based on the first key and the second message digest is based on the second key. The first message is validated if the first signature in the first message matches any one of the first message digest and the second message digest.
    Type: Grant
    Filed: July 1, 2005
    Date of Patent: June 9, 2009
    Assignee: Cisco Technology, Inc.
    Inventors: Satish K. Mynam, Anantha Ramaiah, Chandrashekhar Appanna, Keyur Patel
  • Patent number: 7545938
    Abstract: An apparatus for generating codes includes a quantization unit which generates quantization coefficients by performing discrete wavelet transform with respect to each of tiles into which an image is divided, a block division unit which divides the quantization coefficients into blocks, a Hash conversion unit which performs Hash conversion based on the quantization coefficients of each of the blocks so as to produce a Hash value for each of the blocks, a digital watermark embedding unit which adjusts a parity of a quantization coefficient of interest equal to a parity of the Hash value of a block to which the quantization coefficient of interest belongs, and a coding unit which generates code sequence data by coding the quantization coefficients including the quantization coefficient whose parity is adjusted.
    Type: Grant
    Filed: November 10, 2003
    Date of Patent: June 9, 2009
    Assignee: Ricoh Company Ltd.
    Inventors: Yasuyuki Nomizu, Takanori Yano, Junichi Hara, Hiroyuki Sakuyama, Taku Kodama, Yasuyuki Shinkai, Toshio Miyazawa, Nekka Matsuura, Takayuki Nishimura
  • Patent number: 7543138
    Abstract: An image registration server stores encryption keys of respective ones of a plurality of client terminals. Image data is encrypted by the image registration server using the encryption key corresponding to the client terminal to which the image data is applied. The encrypted image data is applied to the client terminal via a server. The client terminal has a decryption key stored within so that only a client terminal that is duly authorized can decrypt encrypted image data. Other client terminals that are not duly authorized cannot decode the image data. This makes it possible to prevent unlawful use of image data even if the image data has been intercepted.
    Type: Grant
    Filed: September 22, 2000
    Date of Patent: June 2, 2009
    Assignee: Fujifilm Corporation
    Inventors: Yoshiki Kawaoka, Norihisa Haneda, Hiroshi Suganuma, Hiroyuki Yoshinaga
  • Patent number: 7543149
    Abstract: A method for securing patient identity comprising accessing an electronic medical records database including patient data for a plurality of patients. Each patient in the electronic medical records database is assigned a unique patient identifier. Patient data for a first patient, including a first patient identifier, is retrieved from the electronic medical records database. The first patient is de-identified from the patient data. De-identifying includes the creation of a first encoded patient identifier responsive to the first patient identifier. The de-identifying results in de-identified first patient data and includes the replacement of the first patient identifier with the first encoded patient identifier. The de-identified first patient data is transmitted to a data warehouse system. The method further comprises identifying a second patient in response to receiving report data that includes a second encoded patient identifier from the data warehouse system.
    Type: Grant
    Filed: April 22, 2003
    Date of Patent: June 2, 2009
    Assignee: GE Medical Systems Information Technologies Inc.
    Inventors: Thomas N. Ricciardi, Curtis White
  • Publication number: 20090138722
    Abstract: A method and apparatus for authenticating and authorizing online transactions. An authentication cookie is transmitted to a client system. The authentication cookie includes a user encryption key and an encrypted buffer that contains user identification data and a profile code. Subsequent requests for the particular service use the authentication cookie to generate a query that includes the encrypted buffer and user identification data entered by the user. Portions of the query are encrypted using the user encryption key. Queries received at each authentication and authorization server are authenticated by reconstructing the user encryption key using information transmitted in the clear and decrypting the query using both the reconstructed user encryption key and the secret key. The user identification data entered by the user is then compared with the user identification data in the encrypted buffer for further authentication. The profile code is analyzed for determining authorization.
    Type: Application
    Filed: January 29, 2009
    Publication date: May 28, 2009
    Applicant: PALMSOURCE, INC.
    Inventors: Robert Lennie, Carl Chen, Gabe Dalbec
  • Publication number: 20090132826
    Abstract: A security system in which wireless transmitting security devices use a hybrid or dual encoding methodology, wherein a first part of a data message is encoded in a return-to-zero (RZ) format and a second part of the data message is encoded in a non-return-to-zero (NRZ) format, thereby increasing error detection and correction. In a first aspect of the invention, status information is included in the first part of the message and redundant status information is included in the second part of the message. In a second aspect of the invention, message sequence information is included in the second part of the message to avoid processing of stale or out-of-sequence messages.
    Type: Application
    Filed: January 23, 2009
    Publication date: May 21, 2009
    Applicant: HONEYWELL INTERNATIONAL INC.
    Inventor: Thomas Schmit
  • Patent number: 7529937
    Abstract: A discovery secret is transmitted from the source domain to the correspondent domain. The discovery secret includes a data element specific to the correspondent domain and. The discovery secret includes a source domain address to which the correspondent domain is permitted send a message in order to determine that a potential correspondent has compatible secure email technology so that a link between the source domain and the correspondent domain may be established. The discovery secret is received by the correspondent domain including receiving the data element and the source domain address. An invitation is transmitted from the correspondent domain to the source domain address. The invitation includes the data element or an element corresponding to the data element. The source domain initiates a process to establish a link with the correspondent domain upon receipt by the source domain of the invitation.
    Type: Grant
    Filed: April 15, 2005
    Date of Patent: May 5, 2009
    Assignee: Microsoft Corporation
    Inventors: Eric D. Tribble, Trevor W. Freeman
  • Patent number: 7529943
    Abstract: A network device constructs an outgoing resource reservation message and determines an authentication value, using, for example, a cryptographic algorithm and at least a portion of the outgoing message. The network device identifies a destination node for the message and inserts the authentication value in the message. The network device sends the message across a network to the destination node for authentication at the destination node using the authentication value.
    Type: Grant
    Filed: April 16, 2004
    Date of Patent: May 5, 2009
    Assignee: Juniper Networks, Inc.
    Inventor: Nurettin Burcak Beser