Abstract: A trusted authentication chip for use in authenticating an untrusted authentication chip; the trusted authentication chip including a random number generator, a symmetric encryption function and two secret keys for the function, a signature function and a test function; wherein the trusted authentication chip generates test data including a random number and its signature, encrypted using a first of said secret keys and transmits the test data to the untrusted authentication chip, wherein the trusted authentication chip receives a data message and an encrypted version of the data message in combination with the random number from the untrusted authentication chip, the data message being encrypted using a second of said secret keys, wherein the test function operates to encrypt the random number together with the data message by the symmetric encryption function using the second secret key, compare the two versions of the random number encrypted together with the data message using the second key, and in the e

Abstract: A method for providing naming and access control of data items in a data repository, the method comprising having a first client program deposit a data item in the data repository, the depositing including determining a digital fingerprint from the data item, and storing the data item in the data repository at a location or locations associated with the fingerprint, having the first client program specify an object name for an object that comprises a set of data items, storing in the repository an association between the name and the set of data items, and allowing the client program to retrieve a data item from the set of data items by specifying the object name and without providing the digital fingerprint of any data item or composite of data items.

Abstract: A system and method are described supporting secure implementations of 3DES and other strong cryptographic algorithms. A secure key block having control, key, and MAC fields safely stores or transmits keys in insecure or hostile environments. The control field provides attribute information such as the manner of using a key, the algorithm to be implemented, the mode of use, and the exportability of the key. A MAC algorithm is applied across the key and control for generating a MAC field that cryptographically ties the control and key fields together. Improved security is provided because tampering with any portion of the key block results in an invalid key block. The work factor associated with any manner of attack is sufficient to maintain a high level of security consistent with the large keys and strong cryptographic algorithms supported.

Abstract: The present invention provides for authenticating a message. A security function is performed upon the message. The message is sent to a target. The output of the security function is sent to the target. At least one publicly known constant is sent to the target. The received message is authenticated as a function of at least a shared key, the received publicly known constants, the security function, the received message, and the output of the security function. If the output of the security function received by the target is the same as the output generated as a function of at least the received message, the received publicly known constants, the security function, and the shared key, neither the message nor the constants have been altered.

Abstract: An executable module includes a dynamic data area that contains all data that may be changed by execution of the executable module. A header in the module includes a start address and an end address for the dynamic data area. The executable module is loaded in a memory. An alternate memory area is allocated in the memory. The dynamic data area is copied to the alternate memory area. The memory is mapped so that execution of the executable module modifies exactly one of the dynamic data area and the alternate memory area. A hash value is computed for the executable module. The hash value includes exactly one of the dynamic data area and the alternate memory area. The unmodified memory area is copied to the modified memory area and the hash value is recomputed to re-establish the executable module in a known state.

Abstract: Hash function constructions from expander graphs are described. In one aspect, an expander graph is walked to compute a hash function. The expander graph is walked using respective subsets of an input message. A label of a last vertex walked is an output of the hash function.

Abstract: A system (140) prevents the spread of viruses in a network (100). The system (140) receives a hash value from a remote device (130), compares the hash value to a group of hash values associated with data messages including viruses, and generates a first message when the hash value matches one of the group of hash values. The first message instructs the remote device (130) to discard a received data message. The system (140) also generates a second message when the hash value does not match one of the group of hash values. The second message instructs the remote device (130) to forward the received data message to a user of the remote device (130).

Abstract: Methods and apparatus for identifying unwanted email messages by transmitting metadata with an outbound email message that indicates the total number of email messages sent by that sender in a predetermined time period, or alternatively indicates the total number of email messages which are equivalent to the outgoing message that have been sent. In addition the metadata may include an identification of the sender and a “pledge” made byte sender. A pledge may take the form of a binding commitment from the sender that the information contained in the metadata is accurate, and/or that the sender promises to abide by predetermined good conduct rules designed to limit unwanted email. The outgoing message may be further signed by the sender with a digital signature that provides means for verifying the content of the message and the pledge as well as the identity of the sender.

Abstract: A method for managing an agent includes verifying an integrity of the agent in response to a registration request. Memory protection is provided for the agent during integrity verification. An indication is generated when registration of the agent has been completed. According to one aspect of the present invention, providing memory protection includes having a virtual machine monitor limit access to the agent. Other embodiments are described and claimed.

Abstract: A method and apparatus to transmit personal information, the method including: receiving an information request message requesting the personal information; receiving the personal information from a user; receiving a transmission approval from the user; transmitting a service requesting identifier to the service provider when the transmission approval is received; receiving a security policy with respect to the personal information to be transmitted; securing the personal information to be transmitted according to the received security policy; and transmitting the personal information to the service provider. Therefore, the personal information can be safely transmitted.

Abstract: A high-performance, low-latency data retrieval system is disclosed using hash functions. Given a set of input data, the data retrieval system may generate one or more index values and a signature value according to a predetermined hash function. The index values may be applied to respective data arrays to access a data unit therein. The data unit may include signatures previously developed when populating the array. If a signature from the data unit matches the signature generated from the hash function, then the associated index may be applied to a second portion of the respective data array to retrieve requested data.

Abstract: A method and system for authenticating a message is described, in which the message contains a network address, at least a portion of which is a digital fingerprint. Embedded in the message is data, such as a code, that indicates the size of the digital fingerprint. A device receiving the message uses the size data and, for example, the public key of the sender to attempt to reproduce the digital fingerprint. If successful, the device receiving the message verifies the identity of the sender.

Abstract: Methods and apparatus for data authentication with multiple keys are disclosed. An example apparatus to authenticate data disclosed herein comprises a key verifier to verify a first key by comparing a test composite key value and a reference composite key value, wherein the test composite key value is generated from a first key value corresponding to the first key and a second key value corresponding to a second key, and a data verifier to verify the data using the first key when the key verifier determines that verification of the first key was successful, wherein verification is successful when the test composite key value substantially matches the reference composite key value.

Abstract: Methods and apparatuses enable countermeasures to obstruct a fault-based attack on an authentication procedure. A digital message M, a signature S, and a modulus N are received, where the signature S is to sign the digital message M, and the modulus N is a public modulus for modular authentication operations. In one embodiment, the message and signature are compliant with the RSA algorithm. The signature S is validated, and after validation of the signature S, one or more N-based computations are performed that validate N. In one embodiment, N is validated prior to validating the signature S, and a double-validation countermeasure provides for re-validating N after validating S. In one embodiment, N is validated or re-validated in conjunction with validation of S. N can be validated in conjunction with validation of S through the use of computations with intermediate values derived from a trusted copy of N.

Abstract: An approach for tracking documents using image processing is disclosed. Auxiliary information corresponding to compressed digital information is extracted. The auxiliary information is used to output text lines, which undergo a hash function (e.g., checksum operation). In this manner, individual hash values are generated, as well as an overall hash value of the entire file of text lines. A reference set of hash values are maintained to identify other compressed digital information.

Abstract: Systems, methods and data structures are described for attaching a digital signature to a web page and authenticating the digital signature before allowing the web page to invoke a software control on a computer that has downloaded the web page. Unauthorized users cannot gain access to a control on a computer through a web page that is downloaded to the computer, if the source of the web page or application cannot be authenticated or is not a trusted source.

Abstract: The present invention provides a method for transferring encrypted information from one storage area to other storage area wherein cryptographic data protection scheme having protection attributes are applied on the data. A crypto container having cryptographic properties represents cryptographically protected data. The attributes that have been attached to the container at the time when data is added or removed from the container determine the scheme of data protection being applied. Crypto container can be converted or serialized for storage or transmission, here the conversion spread only to the protected data parts which possibly includes crypto containers in protected form but may not the attached crypto attributes. These attributes must be stored or transmitted in another form.

Abstract: A method is provided for secure communication between a transmitter and a receiver. The transmitter comprises a non-volatile memory for storing a first portion of a count value, where the count value is updated after an elapse of a period of time. The transmitter comprises a volatile memory for storing a second portion of the count value. In response to receipt of a transmit request, the transmitter sets a use indicator corresponding to the first portion of the count value. Upon elapse of the period of time, the second portion of the count value is updated. The first portion of the count value is updated if the second portion of the count value overflows and if the use indicator corresponding to the first portion set. A message authentication code is generated based on at least the count value. A message transmitted to the receiver comprises at least the message authentication code.

Abstract: A technique for security and authentication on block-based media includes involves the use of protected keys, providing authentication and encryption primitives. A system according to the technique may include a secure device having a security kernel with protected keys. A disk drive security mechanism may support authentication of data, secrecy, and ticket validation using the security kernel and, for example, a ticket services module (e.g., a shared service that may or may not be used by other storage devices like flash).

Abstract: A method, system and computer program product for computing a message authentication code for data in storage of a computing environment. An instruction specifies a unit of storage for which an authentication code is to be computed. An computing operation computes an authentication code for the unit of storage. A register is used for providing a cryptographic key for use in the computing to the authentication code. Further, the register may be used in a chaining operation.

Abstract: A system comprises a first operating environment and a second operating environment. The first and second operating environments exchange information in encrypted form using a shared encryption key (K3). The first and second operating environments cooperate to change said encryption key K3 using another shared encryption key (K4). The encryption key K4 is changed upon the encryption key K3 being changed.

Abstract: An authenticatable envelope is utilized to allow for the secure and quasi-atomic delivery and execution of an ordered list of externally specified non-volatile memory write commands. In at least some embodiments, an external provider generates an authenticatable envelope that includes write commands and data that is used by a local platform of a non-volatile memory device to generate non-volatile memory write data in response to the write commands.

Abstract: A method for providing a secure firmware operating environment includes detecting the presence of a new component, for example, a peripheral device. Next, a determination is made as to whether the peripheral device includes an option read-only memory. Next, a determination is made as to whether the option read-only memory is authorized to be executed on the corresponding device. If the option read-only memory is authorized, the code contained within the option read-only memory is executed. By only allowing execution of peripheral devices or components including authorized option read-only memories, security related breaches are substantially reduced or eliminated; thereby, enhancing device integrity.

Abstract: The invention described herein utilizes a universally known and accepted unique item that is independently identifiable and valuable so as to be constituted for difficulty of counterfeiting as an authenticator item. The identity of this item is included in an authorization calculation which can only be accomplished by an authorizing issuing authority. In a preferred embodiment of the invention, the authenticator is a serial numbered item such as a currency bill or note. The document may be created in a decentralized fashion using ordinary plain paper and the document may even take electronic or other forms. The issuing authority must have the critical or important details of the document and must authorize the creation of the document before it can be created. Further the document's authenticity may be verified without communication back to the issuing authority.

Abstract: An authentication method provides a segment forming an executable authentication plug-in previously authenticated by at least one authentication function from an authentication library and linked to a plurality of segments in accordance with a chaining relationship. In response to a request for authentication of a plurality of segments chained in accordance with the chaining relationship in this way, the method authenticates each successive segment and, in the case of a segment requiring the authentication plug-in, it executes the authentication plug-in in order to authenticate the segment submitted in this way to the authentication plug-in.

Abstract: A method, article, and system for providing an effective implementation of data structures, and application programming interface (API) functions that allow secure execution of functions behind a secure boundary. The controlling mechanism is a flexible, extendable, and non-forgeable block that details how values and parameters behind the secure boundary can be changed. The invention allows for one entity to execute a security function that will normally require extensive authorizations or dual or multiple control. The method and system comprise instructions that are cryptographically protected against alteration or misuse, wherein the instructions further comprise a trusted block that defines security policies that are permitted when an application program employs the trusted block in APIs. The trusted block has a number of fields containing rules that provide an ability to limit how the trusted block is used, thereby reducing the risk of the trusted block being employed in unintended ways.

Abstract: A method, an apparatus and a computer program product are disclosed for verifying the trustworthiness of a software in an apparatus, and switching a hardware signal in the apparatus into a first state when the software is not trustworthy.

Abstract: The disclosed embodiments relate to a system and method for storing and accessing secure data where non-secure data needs to be exchanged between entities without exposing underlying or related secure data which is already known to those entities and which must also be communicated to identify or otherwise contextualize the non-secure data. A Hashing Facility is provided that uses a Hash Function to create a unique Hash Value from a secure data value. The Hash Value may then be communicated along with the related non-secure data.

Abstract: A method for securing an electronic document (22) comprising attaching a biometric characteristic (20) and the electronic document (22) to form a biometric characteristic-document combination and encrypting the biometric characteristic-document combination to form an encrypted data package (24).

Abstract: For use in a distributed system where a client computer is operable to communicate with a server computer and to receive a digital certificate associated with a remote external component, apparatus for securing a communications exchange between computers includes a hasher, responsive to the client computer receiving a digital certificate, for hashing data associated with the client computer and the server computer with data associated with the digital certificate to create a first message digest, and a first transmitter for transmitting the first message digest to the remote external component.

Abstract: A system for securely vaulting, auditing, controlling and transferring electronic transferable records (TRs) with unique ownership, including at least one registry for registering the electronic transferable record with unique ownership in a TR registry record; at least one secure storage manager (SSM) associated with the registry, the SSM storing the transferable record registered in the registry as an authoritative copy, the secure storage manager being distinct from said registry. The transferable record can be transferred in a transaction between an originating party and a receiving party with a transaction descriptor including information about the parties involved in the transaction and an identification of the TR being transferred. The transaction descriptor is initially signed by the originating party with the TR, subsequently verified and countersigned by the registry and signed by said accepting party.

Abstract: A relay apparatus comprises a frame relay processing unit for relaying a frame, a plurality of ports for sending and receiving the frame to and from the outside, and a cryptographic processing module corresponding to each of the ports. Each cryptographic processing module is connected to the corresponding port and to the frame relay processing unit by means of general-purpose interfaces such as MII. The cryptographic processing module performs the encryption process and decryption process so that the frame relay processing unit can concentrate on the relay process and the relay speed is not subject to degradation. Also, the cryptographic processing module can generate a different cryptographic key for each frame without requiring dynamic exchange of key information.

Abstract: A reading device reads ambiguous target elements of an authentication target printed on a medium. Each ambiguous target element has a number of different manners by which the ambiguous target element can be interpreted by the reading device. The authentication target as read by the reading device is compared against an authentication signature of the reading device. The authentication signature specifies for each ambiguous target element an expected manner by which the reading device interprets the ambiguous target element as one of the different manners by which the ambiguous target element can be interpreted. Where the authentication target as read by the reading device matches the authentication signature of the reading device, the reading device is signaled as having passed authentication.

Abstract: A computer system including a bus bridge for bridging transactions between a secure execution mode-capable processor and a security services processor. The bus bridge may include a transaction source detector, a configuration header and control logic. The transaction source detector may receive a security initialization transaction performed as a result of execution of a security initialization instruction. Further, the transaction source detector may determine whether the secure execution mode-capable processor is a source of the security initialization transaction. The configuration header may provide storage of information associated with the security services processor. The control logic may determine whether the security services processor is coupled to the bus bridge via a non-enumerable, peripheral bus.

Abstract: A key establishment protocol includes the generation of a value of cryptographic function, typically a hash, of a session key and public information. This value is transferred between correspondents together with the information necessary to generate the session key. Provided the session key has not been compromised, the value of the cryptographic function will be the same at each of the a correspondents. The value of the cryptographic function cannot be compromised or modified without access to the session key.

Abstract: A packet data string is provided to a device under test (DUT), which preprocesses the packet data string, based on static inputs, to provide packet segment data strings, which are placed in a queue in a memory structure. Separate therefrom, a packet segment data string is applied to an encryption engine of the DUT, which encryption engine has an initialization vector applied thereto, and an encryption algorithm of the encryption engine is applied to this packet segment data string to provide an encrypted packet segment data string.

Abstract: A system (126-129) detects transmission of potentially malicious packets. The system (126-129) receives packets and generates hash values corresponding to each of the packets. The system (126-129) may then compare the generated hash values to hash values corresponding to prior packets. The system (126-129) determines that one of the packets is a potentially malicious packet when the generated hash value corresponding to the one packet matches one of the hash values corresponding to one of the prior packets and the one prior packet was received within a predetermined amount of time of the one packet. The system (126-129) may also facilitate the tracing of the path taken by a potentially malicious packet. In this case, the system (126-129) may receive a message that identifies a potentially malicious packet, generate hash values from the potentially malicious packet, and determine whether one or more of the generated hash values match hash values corresponding to previously-received packets.

Abstract: An authentication system providing a safety authentication process of electronic values with the use of mobile terminals which do not have a tamper-resistant function. The electronic value including encrypted value authentication information (F(VPW)), wherein an authentication information (VPW) corresponding to an electronic value specified by a user is acquired by the hash calculation, is stored in user's mobile terminal.

Abstract: A system which allows each server in a network to verify the signature of a party issuing a service instruction in a system for providing a cooperative service by allowing servers to send and receive instruction data indicating instructions to each server and to execute the instruction written in the instruction data. An instruction input device receiving an instruction from a service requestor attaches an electronic signature (initiator signature (74)) of the requestor or the instruction input device to an instruction which indicates process content of each server, to create a signed individual instruction (72). The instruction input device further attaches an initiator signature (76) to data in which the signed individual instructions (72) for all servers involved in the service are merged, to create a collective instruction (70). The collective instruction (70) is transmitted to a flow controller controlling the servers.

Abstract: A secure network is disclosed. The secure network includes a residential gateway to communicate with a remote network and a local network. At least one trusted local device is configured to send communications including data packets with authentication information to the residential gateway to request access to resources of the remote network. The residential gateway inhibits a request received from the local network to access resources on the remote network until the residential gateway uses authentication information to authenticate data packets associated with the request as originating from the at least one trusted local device.

Abstract: A truncated message digest of length L bits is generated from a message by preprocessing the message dependent upon the value L to obtain a modified message. As part of the preprocessing, the message is lengthened by insertion of additional values. A full length message digest is generated from the modified message and the truncated message digest is obtained by truncating the full length message digest to L bits. This approach results in truncated message digests that are secure and provide a large range of truncation options.

Abstract: This invention provides a means for insuring data security and confidence in a recorded sequence of data that includes video, audio and meta-data through the use of digital signatures. The digital signatures are calculated through the use of publicly available hash algorithms and chained in a new and novel manner to provide for confidence in the data integrity and security of the recorded data upon replay.

Abstract: The invention relates to the authentication of users for a multi-function peripheral (MFP) device using handwritten signatures. Systems and methods are disclosed which relate to a MFP that conditions access to MFP operations based on an authenticating process that compares a prospective user's signature to previously saved signatures. The signatures are communicated to the MFP using the MFP's native scanning function.

Abstract: A programmable processor calculates a hash value of a memory region, then monitors program operation to detect a security monitoring system initialization. The hash value is added to extend a security measurement sequence if the security monitoring system initialization clears a security state. Processors that implement similar methods, and systems using such processors, are also described and claimed.

Abstract: Methods and apparatus, including computer program products, implementing and using techniques for establishing trust in an electronic document. An electronic document is received. State dependent content in the electronic document is identified. The state dependent content is content that is renderable to have a several appearances. The electronic document is presented to a user, which includes disclosing the presence of any identified state dependent content in the electronic document.

Abstract: A method, system and apparatus for performing user identification, digital signatures and other secure communication functions in which keys are chosen essentially at random from a large set of vectors and key lengths are comparable to the key lengths in other common identification and digital signature schemes at comparable security levels. The signing technique of an embodiment of the identification/digital signature scheme hereof uses a mixing system based on multiplication in a ring and reduction modulo an ideal q in that ring; while the verification technique uses special properties of products of elements whose validity depends on elementary probability theory. The security of the identification/digital signature scheme comes from the interaction of reduction modulo q and the difficulty of forming products with special properties.

Abstract: A method, apparatus, and computer implemented instructions for processing a request in a data processing system. The request is received. In response to a first hash value being present within the request, the first hash value is compared to a second hash value that was computed locally, wherein the second hash value represents a current policy configuration for assigning a quality of service. In response to a match between the first hash value and the second hash value, other information in the request is used to establish a quality of service for packets associated with the request.

Abstract: An image verification system includes an image generation apparatus and a first verification apparatus. The image generation apparatus (a) generates image data, (b) generates a hash value from the image data, and (c) generates first verification data from the hash value using a common key cryptography and not using a public key cryptography. The first verification apparatus (a) receives the hash value and the first verification data, (b) verifies, using the received hash value, the received first verification data and the common key cryptography, whether the image data is altered, and (c) generates second verification data from the hash value using the public key cryptography, if the first verification apparatus verifies that the image data is not altered.

Abstract: A method, apparatus, and computer instructions for authorizing execution of an application on the data processing system. A request is received to execute the application, wherein the request originates from a remote data processing system and wherein the request includes a digital certificate and the application. The digital certificate is verified in response to receiving the request. Responsive to verifying the digital certificate, a digital digest is calculated for the application to form a calculated digital digest. The calculated digital digest is compared with a set of digital digests from a trusted source. The application is executed if a match between the calculated digital digest and set of digital digests occurs.

Abstract: A system is described for uniquely mating components of a communication network such as a smartcard and a set-top box. When mated, the smartcard and set-top box are tied together and have a single identity. Further, the smartcard operates properly only when inserted into an authorized set-top box. Exchanges of information between both components are secured by encryption and authentication to guard against piracy of the exchanged information. The system provides the same authentication key to the set-top box and the smartcard. This key is used for authenticating communication between the set-top box and the smartcard. First, the authentication key is encrypted by a set-top box mating key. The set-top box employs this mating key to decrypt the authentication key. After it is derived, the authentication key is stored in the set-top box's memory. Further, the same authentication key is encrypted by a smartcard mating key.