Message Digest Travels With Message Patents (Class 713/181)
-
Patent number: 8689300Abstract: A method and system for authenticating the identity of a client device that is calling a remotely located server over a network. A client device inputs information pertaining to a hardware characteristic and a network address thereof into a cryptographic hash function stored on the client device. The hash function computes a unique registration ID hash code and presents it to the system server during a registration process. The system server then generates a digital certificate having a system-side key (i.e., public key). A client-side key (i.e., private key) is provided to the client device. For all future calls to the system server, the client device re-computes its registration ID hash code and then digitally signs it using its client-side key. The system server then uses its system-side key to examine the digitally signed registration ID hash code to authenticate the identity of the client device.Type: GrantFiled: January 30, 2007Date of Patent: April 1, 2014Assignee: The Boeing CompanyInventors: John B. Sims, Jeffrey W. Calog
-
Patent number: 8683206Abstract: A system and method of authenticating data files is provided. The method includes providing a plurality of software part files and a manifest file associated with the software part files. The manifest file identifies each of the plurality of software part files. The method includes associating the manifest file with a manifest detached digital signature. The method also includes digitally signing the manifest file with the manifest detached digital signature. The manifest detached digital signature authenticates the manifest file. The method includes associating each of the plurality of software part files with one a plurality of unique detached digital signatures. The method includes digitally signing each of the plurality of software part files with one of the plurality of unique detached digital signatures. Each of the plurality of unique detached digital signatures authenticates one of the software part files.Type: GrantFiled: September 19, 2011Date of Patent: March 25, 2014Assignee: GM Global Technology Operations LLCInventors: Susanta P. Sarkar, Ansaf I. Alrabady, Thomas M. P. Catsburg
-
Patent number: 8683577Abstract: An authentication method in a system having a display and a storage device is provided. The authentication method includes the steps of registering an object selected for each user from among a plurality of visually distinguishable objects prepared in advance as a key object in the storage device; and presenting the plurality of objects to the display, accepting selection of an object by a user to be authenticated, and performing authentication based on matching/mismatching of the selected object with the key object registered in association with the user. The step of registering includes a step of determining a degree of freedom of selection of the object at the time of registration of the key object according to a degree of overlapping of the key object already registered in the storage device.Type: GrantFiled: July 14, 2010Date of Patent: March 25, 2014Assignee: Konica Minolta Holdings, Inc.Inventors: Chiho Murai, Motohiro Asano
-
Patent number: 8683606Abstract: At the first data access by a navigation unit to a recording medium that records updating right information necessary for updating map data in a rewritable data area in which map data are recorded, the updating right information is read from the data area and is deleted from the data area, and a map updating due date created based on the read updating right information is written in a memory of the navigation unit together with the medium identification information read from a non-rewritable management area.Type: GrantFiled: January 7, 2011Date of Patent: March 25, 2014Assignee: Aisin AW Co., Ltd.Inventors: Hiroyoshi Masuda, Kensuke Takeuchi, Norihisa Fujikawa, Koichi Iwatsuki, Yoshihiro Tanabe
-
Publication number: 20140082366Abstract: In accordance with aspects of the disclosure, a system and methods are provided for managing multi-system security integration by performing state change calls to one or more backend systems by combining a multi-system protection token with a message component for transporting from a user agent to the one or more backend systems for validation by generating an authentication code for proving authenticity of a combined data structure generated by combining a secret cryptographic data key with a portion of the message component and generating a hash code of the combined data structure, generating an arbitrary random number to bind the multi-system protection token to the user agent, and generating the multi-system protection token by combining the authentication code and the arbitrary random number with the message component for transporting from the user agent to the one or more backend systems for validation.Type: ApplicationFiled: September 14, 2012Publication date: March 20, 2014Applicant: SAP AGInventors: Michael Engler, Martijn De Boer, Wolfgang Janzen
-
Patent number: 8677136Abstract: The present invention provides for authenticating a message. A security function is performed upon the message. The message is sent to a target. The output of the security function is sent to the target. At least one publicly known constant is sent to the target. The received message is authenticated as a function of at least a shared key, the received publicly known constants, the security function, the received message, and the output of the security function. If the output of the security function received by the target is the same as the output generated as a function of at least the received message, the received publicly known constants, the security function, and the shared key, neither the message nor the constants have been altered.Type: GrantFiled: December 15, 2011Date of Patent: March 18, 2014Assignee: Google Inc.Inventors: Daniel Alan Brokenshire, Harm Peter Hofstee, Mohammad Peyravian
-
Patent number: 8677134Abstract: A system and method for signing data transferred over a computer network is described. In one aspect, the HTTP header of an HTTP response message is extended to include a content identifier, a content expiration time, and a digital signature. The digital signature may be generated from the content identifier, the content expiration time, and the message body of the HTTP response message.Type: GrantFiled: November 11, 2010Date of Patent: March 18, 2014Assignee: Microsoft CorporationInventors: Felix Livni, Hao Chen
-
Patent number: 8676998Abstract: A client-server communication protocol permits the server to authenticate the client without requiring the client to authenticate the server. After establishing the half-authenticated connection, the client transmits a request and the server performs or responds accordingly. A network management system and environment where this protocol can be used is also described and claimed.Type: GrantFiled: November 29, 2007Date of Patent: March 18, 2014Assignee: Red Hat, Inc.Inventor: James P. Schneider
-
Patent number: 8677480Abstract: Embodiments of the present disclosure provide techniques for distributing information about possible anomalies in a network. A sensor in a network may detect packets with payloads that match an anomaly signature. Address dispersion information, for example, in the form of source and address bitmaps, may be gathered at the sensor. The address dispersion information may be distributed to one or more peer sensors if the information indicates that the number of different addresses of the detected matching packets exceeds a threshold.Type: GrantFiled: September 3, 2008Date of Patent: March 18, 2014Assignee: Cisco Technology, Inc.Inventors: Chui-Tin Yen, Saumyavapuh Lugani, Snigdhendu Mukhopadhyay, Rajiv Raghunarayan, Sumeet Singh
-
Patent number: 8661251Abstract: A method for creating a group signature of a message to be implemented by a member of a group in a system, the system including a trust authority, the group including at least the member provided with a secure portable electronic entity including storage elements and computing elements wherein are implanted a cryptographic algorithm. The method includes the following steps: generating via the computing elements a signature of the message using a private key common to the members of the group and integrating a data identifying the group member and a temporal data representing a temporal information of the member's membership to the group and of the date of the signature of the message, the private key common to the members of the group, the identifying data and the temporal data being stored in the storage elements.Type: GrantFiled: October 12, 2006Date of Patent: February 25, 2014Assignee: Oberthur TechnologiesInventors: Emmanuel Prouff, Jean-Bernard Fischer, Théophane Lumineau
-
Patent number: 8661259Abstract: A system and method for efficiently creating deduplicated and encrypted data across a plurality of computers allows local encryption and remote storage of deduplicated segments. Large data blocks may be divided into segments of data, and encrypted using a two-step process. A standard hash of the encrypted segment is used as an index into a remote deduplicated database so that only unique data segments are stored, and are stored only in encrypted form. When retrieving data, a data owner uses the stored digest to retrieve the data from the deduplicated database and the stored IV and second key to decrypt the data. Only the data owner has the second key and IV, so the encrypted data segment stored data in the deduplicated database is highly secure from information bleed during the storage process.Type: GrantFiled: December 20, 2010Date of Patent: February 25, 2014Assignee: Conformal Systems LLCInventors: Jacob Yocom-Piatt, Marco Antonio Peereboom
-
Patent number: 8656484Abstract: Two parties can establish a cryptographic key using a matrix based key exchange protocol, for secure communications without any prior distribution of secret keys or other secret data, and without revealing said key to any third party who may have access to all of the transmissions between them. The two parties use a shared secret to produce a common matrix M. The common matrix M, is multiplied by a random matrix K on the sending side, and a different random matrix N on the receiving side. The matrix product KM is sent from the sending side to the receiving side, and the matrix product MN is sent from the receiving side to the sending side. Both sides produce the common matrix product KMN, and use it for producing a symmetric key for encrypted communications, after mutually authenticating one another over an insecure network.Type: GrantFiled: December 28, 2010Date of Patent: February 18, 2014Assignee: Authernative, Inc.Inventors: Edward M. Barton, Len L. Mizrah
-
Patent number: 8656178Abstract: The present invention provides a method, system and program product for modifying content usage conditions during broadcast content distribution. Specifically, the present invention allows protected (e.g., encrypted, secured, etc.) content to be received along with content usage conditions, an encrypted combination of the content usage conditions and a title key (e.g., a MAC), and a key management block. Using the key management block, a key encrypting key can be determined for decrypting the combination. Once the combination is decrypted, the content usage conditions can be modified (e.g., edited, added to, etc.).Type: GrantFiled: April 18, 2002Date of Patent: February 18, 2014Assignee: International Business Machines CorporationInventors: Eric M. Foster, Jeffrey B. Lotspiech, Dalit Naor, Sigfredo I. Nin, Florian Pestoni, Wilfred E. Plouffe, Jr., Frank A. Schaffa
-
Patent number: 8645482Abstract: A method may include obtaining a source file at a node in peer-to-peer network and dividing the source file into a plurality of pieces. The pieces of the source file may be encoded using network coding principles. A last-modified-date (LMD) value may be appended to each of the encoded pieces, the LMD value being the same for each of the encoded pieces of the source file. The encoded pieces with the LMD values may be sent to one or more other nodes in the peer-to-peer network.Type: GrantFiled: November 1, 2011Date of Patent: February 4, 2014Assignee: Verizon Patent and Licensing Inc.Inventor: Adrian E. Conway
-
Patent number: 8639925Abstract: A method for protecting a sensor and data of the sensor from manipulation, as well as a sensor to that end; in the course of the authentication, a random number being sent by a control unit to the sensor; in order to recognize manipulation of the sensor data, the sensor data from the sensor to the control unit being provided with a cryptographic integrity protection; and to prevent replay attacks, additional time-variant parameters being added to the sensor data, the sensor data, together with the integrity protection and the added time-variant parameters, being sent by the sensor to the control unit. In this context, after the authentication of the sensor, the random number or a part of the random number or a number obtained from the random number by a function is utilized for the time-variant parameters.Type: GrantFiled: April 15, 2010Date of Patent: January 28, 2014Assignee: Robert Bosch GmbHInventor: Torsten Schuetze
-
Patent number: 8639935Abstract: A non-transitory machine-readable storage medium storing program code for causing a processor to establish a plurality of links to a plurality of devices communicatively coupled to the processor, a particular link of the plurality of links supporting control-plane communications between the processor and a particular device of the plurality of devices over a wireless access network; receive a server message from a particular server of a plurality of servers communicatively coupled to the processor, the server message comprising message payload for delivery to the particular device; generate an encrypted message comprising the message payload and an identifier identifying a particular agent of a plurality of agents on the particular device; and send the encrypted message to the particular device over the particular link, wherein establishing the plurality of links comprises executing a link initialization sequence associating the particular link with a credential associated with the particular device.Type: GrantFiled: December 12, 2012Date of Patent: January 28, 2014Assignee: Headwater Partners I LLCInventor: Gregory G. Raleigh
-
Patent number: 8635392Abstract: A layer management interface (LMI) to communicate with a processor over MDIO protocol, and to communicate with a media access control security (MACsec) functional block over a local network protocol, the LMI including a command register to receive command information for transacting data information with the destination portion within the MACsec, an address register to receive address information associated with the destination portion without conducting all the MDIO address cycles required by the MDIO protocol to receive the address information, the LMI being configured to determine a location of the destination portion based on the received address information, and a data register to transact the data information without conducting all MDIO data cycles required by the MDIO protocol to transact the data information, and to transact the data information with the determined destination portion based on the command information over the local network protocol.Type: GrantFiled: October 12, 2012Date of Patent: January 21, 2014Assignee: Broadcom CorporationInventor: David (Wei) Wang
-
Patent number: 8635705Abstract: In some embodiments, approaches may provide an out-of-band (OOB) agent to protect a platform. The OOB agent may be able to use non-TRS methods to measure and protect an in-band security agent. In some embodiments, a manageability engine can provide out of band connectivity to the in-band and out-of-band security agents and provide access to the system memory resources without having to rely on OS services. This can be used for a trusted anti-malware and remediation service.Type: GrantFiled: February 17, 2010Date of Patent: January 21, 2014Assignee: Intel CorporationInventors: Ravi L. Sahita, David M. Durham, Steve Orrin, Yasser Rasheed, Prasanna G. Mulgaonkar, Paul S. Schmitz, Hormuzd M. Khosravi
-
Patent number: 8635451Abstract: Apparati, methods, and computer-readable media for strengthening a one-time pad encryption system. A method embodiment of the present invention comprises the steps of encrypting plaintext (1) with an OTP key (2) in an XOR operation to produce ciphertext (3); and obfuscating the ciphertext (3) with an AutoKey (4) in an XOR operation to produce AutoKeyed ciphertext (5), wherein the AutoKey (4) is a reusable key.Type: GrantFiled: November 9, 2010Date of Patent: January 21, 2014Assignee: Vadium Technology, Inc.Inventor: Zsolt Ari
-
Publication number: 20140019763Abstract: Message authentication in an ad-hoc network. Upon creation of a message, a message authentication code is created using a key shared with members of a group comprising a subset of nodes of the ad-hoc network. The message authentication code may be created using a cryptographic process having the message and a message identifier as inputs. After or in parallel with broadcast of the message, a pointer to the message is broadcast. The message authentication code is publicly broadcast and those members of the group among which the key has been shared are able to authenticate the message as coming from a particular sender.Type: ApplicationFiled: July 12, 2012Publication date: January 16, 2014Inventors: Philip GINZBOORG, Kari J. Leppanen, Pentti Valtteri Niemi, Markku T. Turunen
-
Patent number: 8631239Abstract: In one embodiment, a mobile device performs an over-the-air firmware update by writing the updated firmware to a inactive system image partition, and rebooting the device. The security of the OTA update is maintained through checking a plurality of security signatures in an OTA manifest, and the integrity of the data is maintained by checking a hash value of the downloaded system image.Type: GrantFiled: January 12, 2012Date of Patent: January 14, 2014Assignee: Facebook, Inc.Inventors: Gueorgui Djabarov, George Hotz, Shaheen Ashok Gandhi
-
Patent number: 8631466Abstract: Systems, methods, and instrumentalities are disclosed to provide secure operations in an M2M device. An M2M device may receive an indication that an operation to be performed is security sensitive. The M2M device may determine that the operation is to be performed in a secure environment on the M2M device. The secure environment may be a logically distinct portion of the M2M device. The determination may be made in in accordance with a policy. For example, the M2M device may determine that the operation meets a requirement specified in the policy indicating that the operation is to be performed in the secure environment. The M2M device may perform the operation in the secure environment on the M2M device. The M2M device may store a result relating to the operation in the secure environment.Type: GrantFiled: August 3, 2011Date of Patent: January 14, 2014Assignee: InterDigital Patent Holdings, Inc.Inventors: Inhyok Cha, Michael Meyerstein, Lawrence Case
-
Patent number: 8627092Abstract: A method for authenticating messages in a communication network includes forming a super message having a plurality of individual messages such that at least two of the individual messages are intended for separate receiving entities. The method further includes creating a message authentication code (MAC) using a private key, such that the MAC is configured to permit authentication of the super message using a public key.Type: GrantFiled: March 22, 2007Date of Patent: January 7, 2014Assignee: LG Electronics Inc.Inventors: Patrick Fischer, Vyacheslav Belenko
-
Publication number: 20140006792Abstract: A method for securing communication between a plurality of members. The method includes a first member sending a first input to a second member, receiving a second input from the second member, and generating, by an n-bit generator, an initial message digest using the first input and the second input. Communications between the first member and the second member are encrypted using the initial message digest.Type: ApplicationFiled: June 28, 2013Publication date: January 2, 2014Applicant: PACid TECHNOLOGIES, LLCInventor: Guy Fielder
-
Patent number: 8621217Abstract: A trusted branded email method and apparatus in one aspect detects branded electronic messages and performs validation before it is sent to a recipient. In another aspect, an electronic messages is branded by embedding branding assets and validation signatures. Algorithms that generate validation signatures are dynamically selected to further strengthen the security aspects. Branding assets are presented to a user using a distinct indicia that represents to the user that the branding assets are secure.Type: GrantFiled: September 19, 2008Date of Patent: December 31, 2013Assignee: Jose J. Picazo Separate Property TrustInventors: Harish Seshadri, Noel Ruane
-
Patent number: 8621203Abstract: An approach is provided for authenticating a mobile device. A mobile device initiates transmission of a request to an authentication platform for generating a public-key certificate to access a service from the mobile device. The mobile device receives an identity challenge and responds by initiating transmission of a tag specific to the mobile device to the authentication platform. The authentication platform uses the tag to generate a public-key certificate.Type: GrantFiled: June 22, 2009Date of Patent: December 31, 2013Assignee: Nokia CorporationInventors: Jan-Erik Ekberg, Kari Kostiainen, Pekka Laitinen, Ville Aarni, Miikka Sainio, Niklas Von Knorring, Dmitry Kolesnikov, Atte Lahtiranta
-
Patent number: 8621228Abstract: An improved MAC aggregation technique is disclosed that yields an aggregate MAC much shorter than the concatenation of constituent MACs while achieving improved resilience to denial-of-service (DoS) attacks. The aggregate MAC is constructed in a manner wherein upon instance of channel impairments or malicious attack (e.g., from a rogue node or man-in-the-middle attacker), only a portion of the aggregate MAC will include corrupted data, at least a portion of the aggregate MAC thereby including valid verifiable data. A source of corruption of the aggregate MAC may be ascertained based on indicia of which constituent MACs are included in the valid portion; and constituent MACs that are wholly included in the valid portion may be declared valid.Type: GrantFiled: September 20, 2011Date of Patent: December 31, 2013Assignee: Alcatel LucentInventors: Vladimir Y. Kolesnikov, Wonsuck Lee
-
Patent number: 8621227Abstract: Two parties can establish a cryptographic key using a matrix based key exchange protocol, for secure communications without any prior distribution of secret keys or other secret data, and without revealing said key to any third party who may have access to all of the transmissions between them. A common matrix M, shared in advance, is multiplied by a random matrix K on the sending side, and a different random matrix N on the receiving side. The matrix product KM is sent from the sending side to the receiving side, and the matrix product MN is sent from the receiving side to the sending side. Both sides produce the common matrix product KMN, and use it for producing a symmetric key for encrypted communications.Type: GrantFiled: December 28, 2010Date of Patent: December 31, 2013Assignee: Authernative, Inc.Inventors: Edward M. Barton, Len L. Mizrah
-
Patent number: 8611540Abstract: An improved system and method are disclosed for peer-to-peer communications. In one example, the method enables endpoints to securely send and receive messages to one another within a hybrid peer-to-peer environment.Type: GrantFiled: June 23, 2010Date of Patent: December 17, 2013Assignee: Damaka, Inc.Inventors: Sivakumar Chaturvedi, Satish Gundabathula
-
Patent number: 8607343Abstract: Securely installing and booting software of a device to run OS authorized according to a ticket that is validated by a nonce generated by application processor (AP) in booted OS stage prior to entering a restore mode is described. AP in booted OS stage generates a pre-flight nonce that is stored in a trusted location (effaceable storage). AP in booted OS stage performs one-way hash of pre-flight nonce and sends the hashed pre-flight nonce to ticket authorization server. AP enters restore mode. AP in first stage bootloader receives a ticket from the ticket authorization server including a signed copy of the hashed pre-flight nonce. AP in first stage bootloader validates the signed ticket by comparing one-way hash of the pre-flight nonce stored in the trusted location and the hashed nonce in the signed ticket. Pre-flight nonce expires after timeout period and upon reboot of AP. Other embodiments are also described.Type: GrantFiled: September 27, 2011Date of Patent: December 10, 2013Assignee: Apple Inc.Inventors: Jason D. Gosnell, Jerrold V. Hauck, Michael Brouwer, Tahoma Toelkes
-
Publication number: 20130326227Abstract: The first authentication unit of an authentication apparatus decides whether first authentication data exists in a received message, and performs, if it is decided that the first authentication data exists, authentication based on the first authentication data. The second authentication unit of the authentication apparatus decides whether second authentication data exists in the received message, and performs, if it is decided that the second authentication data exists, authentication based on the second authentication data. If the second authentication unit decides that no second authentication data exists in the received message, and the first authentication unit decides that authentication has succeeded, it is decided that authentication for the received message has succeeded.Type: ApplicationFiled: May 14, 2013Publication date: December 5, 2013Applicant: CANON KABUSHIKI KAISHAInventor: Ayumu Asano
-
Patent number: 8595492Abstract: On-demand protection and authorization of playback of media assets includes receiving digital media at a server computer, storing intermediary data in a data store, and receiving a request from a client for the digital media. The method also includes generating a protected copy of the digital media from the digital media and the intermediary data. The method also includes storing a description of the protected copy in a database and sending the protected copy to the client. The method also includes receiving a request from the client to access the digital media and reading the description from the database based on information in the request. The method also includes sending a response to the client, the response indicating whether the client is authorized to access the digital media, and the response including cryptographic data to decrypt the protected digital media if the client is authorized to access the digital media.Type: GrantFiled: August 19, 2009Date of Patent: November 26, 2013Assignee: Pix System, LLCInventors: Paul McReynolds, Eric B. Dachs, Erik Bielefeldt, Craig Wood
-
Patent number: 8589590Abstract: A method and system are provided to select address providers that provide mobile internet protocol devices with addresses for communication. An embodiment of the method includes obtaining an address request having a dynamic indicator. Upon obtaining an address request with a dynamic indicator, associating the dynamic indicator with one or more address providers based on the dynamic indicator. The address request is then communicated to one of the address providers associated with the dynamic indicator.Type: GrantFiled: September 10, 2007Date of Patent: November 19, 2013Assignee: Sprint Communications Company L.P.Inventors: Jeremy R. Breau, Ray R. Doerr, John E. Belser, Gary Rieschick
-
Patent number: 8583925Abstract: Each participant apparatus (103) encrypts a plaintext by using a secret key of secret key cryptography, encrypts the encryption key by a public key, and sends the plaintext and public key to a substitution/decryption apparatus (112). With this processing, the limitation on the length of a ciphertext to be processed can be eliminated. In this invention, a verifiable proof text using a public key by each substitution/decryption apparatus is verified by a verification apparatus (109) by using the public key. If one of a plurality of organizations to decrypt and shuffle ciphertexts has not correctly executed the operation, a third party can specify it and prove that the specified organization is unauthorized.Type: GrantFiled: June 8, 2012Date of Patent: November 12, 2013Assignee: NEC CorporationInventors: Jun Furukawa, Kazue Sako
-
Patent number: 8583928Abstract: A technique for providing message authenticity includes accepting transaction information, accepting a first data item used for authenticating an originating user, cryptographically processing the transaction information using only a second data item, wherein the entropy of the first data item is less than the entropy of the second data item, and authenticating the originating user using the first data item. The first data item can be a sequence of digits corresponding to those displayed on an external device, such as, for example, an RSA authorization token, credit card, etc.Type: GrantFiled: April 16, 2012Date of Patent: November 12, 2013Assignee: JP Morgan Chase BankInventors: Glenn Stuart Benson, Joseph R. Calaceto, Russell M. Logar
-
Patent number: 8578169Abstract: A system and method of signing a message to be sent from a first communication device to a destination via a second communication device. The message includes a first portion on the first communication device and a second portion on the second communication device. The method includes receiving at the second communication device the first portion of the message and a first signature for the first portion from the first communication device; combining the first portion and the second portion to form the message; obtaining a second signature for the message; and sending the first signature, the second signature and the message from the second communication device to the destination.Type: GrantFiled: September 28, 2011Date of Patent: November 5, 2013Assignee: Blackberry LimitedInventors: Neil Patrick Adams, Ravi Singh, Nikhil Vats, Alexander Sherkin
-
Patent number: 8572390Abstract: A method for transmitting data, a receiving method, related devices, and an aircraft equipped with the devices. The method includes determining an authentication word of the data; processing the data to obtain processed data; and transmitting the processed data on a transmission channel.Type: GrantFiled: March 27, 2007Date of Patent: October 29, 2013Assignee: Airbus Operations S.A.S.Inventors: Agnes Leclercq, Cecile Colle-Morlec
-
Patent number: 8566948Abstract: An acquisition unit of a user terminal acquires an initiator ID including a user ID and a computer ID. The initiator ID is transmitted by a transmitter unit, and then, received by a transmitter/receiver unit of a storage device. A LUDB stores information determining a LU corresponding to each user ID of several users. A masking unit refers to the LUDB to determine the LU corresponding to the user ID. If the received initiator ID differs from an initiator ID stored in a table corresponding to the determined LU, an access control unit refuses access to the LU by the user terminal.Type: GrantFiled: March 20, 2007Date of Patent: October 22, 2013Assignees: Kabushiki Kaisha Toshiba, Toshiba Solutions CorporationInventor: Kotaro Endo
-
Patent number: 8560853Abstract: Techniques relating to directed digital signing policy are described. In one instance, a system includes means for storing a document as a plurality of logical parts. The system also includes means for establishing a document configuration when a digital signature is applied to the document, and means for indicating whether the document configuration is subsequently altered.Type: GrantFiled: September 9, 2005Date of Patent: October 15, 2013Assignee: Microsoft CorporationInventors: Marcio De Mello, Mahmood A. Dhalla
-
Patent number: 8560854Abstract: A system for device enabled verifiable stroke and image based workflows comprises a plurality of portable computing devices, coupled by a network to a stroke and image workflow server. The portable computing devices include a display, stroke capture capability and a wireless communication capability. The portable computing devices are adapted to receive images, add stroke annotations to the received images, and send the annotated received images. The stroke and image workflow server is coupled to the network for communication with the portable computing devices. The stroke and image workflow server sends and receives documents from the portable computing devices, maintains a log for verification, and implements a paper like workflow and processing the documents. Essentially, this stroke and image workflow server implements paper like workflow and handles the overhead of processing electronic documents so that it is invisible to the user.Type: GrantFiled: September 8, 2009Date of Patent: October 15, 2013Assignee: Ricoh Co., Ltd.Inventors: Michael J. Gormish, John W. Barrus, Kurt W. Piersol, Richard D. Kosoglow
-
Patent number: 8560858Abstract: An apparatus and a method for an authentication protocol. In one embodiment, a server generates a sequence number, and a server message authentication code based on a server secret key. The server sends the sequence number, an account identifier, and the server message authentication code to the client. The client generates a client message authentication code over the sequence number, a request specific data, and a shared secret key between the client and the server. The client sends a request to the server. The request includes the sequence number, the account identifier, the server message authentication code, the request specific data, and the client message authentication code. The server determines the validity of the client request with the shared secret key.Type: GrantFiled: May 29, 2008Date of Patent: October 15, 2013Assignee: Red Hat, Inc.Inventor: James Paul Schneider
-
Patent number: 8560655Abstract: Methods and apparatus for identifying unwanted email messages by transmitting metadata with an outbound email message that indicates the total number of email messages sent by that sender in a predetermined time period, or alternatively indicates the total number of email messages which are equivalent to the outgoing message that have been sent. In addition the metadata may include an identification of the sender and a “pledge” made by the sender. A pledge may take the form of a binding commitment from the sender that the information contained in the metadata is accurate, and/or that the sender promises to abide by predetermined good conduct rules designed to limit unwanted email. The outgoing message may be further signed by the sender with a digital signature that provides means for verifying the content of the message and the pledge as well as the identity of the sender.Type: GrantFiled: May 23, 2008Date of Patent: October 15, 2013Assignee: Truemail Technologies, LLCInventors: James D. Logan, Charles G. Call
-
Patent number: 8553889Abstract: Each participant apparatus (103) encrypts a plaintext by using a secret key of secret key cryptography, encrypts the encryption key by a public key, and sends the plaintext and public key to a substitution/decryption apparatus (112). With this processing, the limitation on the length of a ciphertext to be processed can be eliminated. In this invention, a verifiable proof text using a public key by each substitution/decryption apparatus is verified by a verification apparatus (109) by using the public key. If one of a plurality of organizations to decrypt and shuffle ciphertexts has not correctly executed the operation, a third party can specify it and prove that the specified organization is unauthorized.Type: GrantFiled: June 8, 2012Date of Patent: October 8, 2013Assignee: NEC CorporationInventors: Jun Furukawa, Kazue Sako
-
Patent number: 8555074Abstract: A data acquiring unit acquires electronic data. A tamper-resistant chip includes a storing unit that stores a confidential key specific to a device, and a collecting unit that collects device information that is internal information of the device. An attaching unit attaches collected device information to acquired electronic data. An encrypting unit encrypts the electronic data with the device information attached, using the confidential key stored in the storing unit.Type: GrantFiled: January 17, 2007Date of Patent: October 8, 2013Assignees: PFU Limited, Fujitsu LimitedInventors: Kouichi Minami, Seigo Kotani
-
Publication number: 20130262871Abstract: A method and apparatus for maintaining a tamper proof device log are described. In one embodiment, the method comprises maintaining an embedded log in the device, the embedded log being a chain of log entries. In one embodiment, the method may also comprise publishing at least one log entry to a location external to the device.Type: ApplicationFiled: May 20, 2013Publication date: October 3, 2013Applicant: RICOH CO., LTD.Inventors: John Barrus, Michael Gormish, Sergey Chemishkian
-
Patent number: 8549310Abstract: The invention relates to methods and apparatuses for acquiring a physical measurement, and for creating a cryptographic certification of that measurement, such that its value and time can be verified by a party that was not necessarily present at the measurement. The certified measurement may also include corroborative information for associating the actual physical measurement process with the certified measurement. Such corroborative information may reflect the internal or external state of the measurement certification device, as well as witness identifiers of any persons that may have been present at the measurement acquisition and certification. The certification may include a signal receiver to receive timing signals from a satellite or other external source. The external timing signals may be used to generate the time included in the certified measurement, or could be used to determine the location of the measurement certification device for inclusion in the certified measurement.Type: GrantFiled: June 24, 2009Date of Patent: October 1, 2013Assignee: Walker Digital, LLCInventors: Jay S. Walker, Bruce Schneier, James A. Jorasch
-
Patent number: 8549307Abstract: Methods, systems, and apparatus are disclosed which enable flexible insertion of forensic watermarks into a digital content signal using a common customization function. The common customization function flexibly employs a range of different marking techniques that are applicable to a wide range of forensic marking schemes. These customization functions are also applicable to pre-processing and post-processing operations that may be necessary for enhancing the security and transparency of the embedded marks, as well as improving the computational efficiency of the marking process. The common customization function supports a well-defined set of operations specific to the task of forensic mark customization that can be carried out with a modest and preferably bounded effort on a wide range of devices. This is accomplished through the use of a generic transformation technique for use as a “customization” step for producing versions of content forensically marked with any of a multiplicity of mark messages.Type: GrantFiled: August 29, 2011Date of Patent: October 1, 2013Assignee: Verance CorporationInventor: Joseph M. Winograd
-
Patent number: 8543820Abstract: The tag generation apparatus of the present invention includes a hash unit (12) that applies a hash function to a message to generate a hash value, a random number encryption unit (14) that applies an encryption function having a first key to a random number that is independent of the message to generate a first intermediate variable, a masked encryption unit (15) that applies the encryption function having a second key to the sum of the random number and the hash value to generate a second intermediate variable, and a tag generation unit (16) that generates as the tag a value contained in bits of a predetermined number of bits that is less than or equal to the number of bits of the random number and that are extracted from the exclusive OR of the first intermediate variable and the second intermediate variable.Type: GrantFiled: April 26, 2010Date of Patent: September 24, 2013Assignee: NEC CorporationInventor: Kazuhiko Minematsu
-
Patent number: 8543826Abstract: A media access control (MAC) security apparatus for a local area network interface includes multiple independently controlled power domains, each of which enters and exits a reduced power state independent of others of the power domains. An encryption/decryption engine, located within a first of the power domains, generates encrypted data in response to received packets and cryptographic primitives. An authentication engine, located within a second of the power domains, performs authentication operations in response to the encrypted data. The encryption/decryption engine comprises an advanced encryption standard engine that forms the cryptographic primitives and is located within a third of the power domains. The third power domain enters the reduced power state for part of a period during which (i) the first power domain does not enter the reduced power state and (ii) the encryption/decryption engine is generating the encrypted data.Type: GrantFiled: August 21, 2012Date of Patent: September 24, 2013Assignee: Marvell International Ltd.Inventors: Guy T. Hutchison, Awais B. Nemat
-
Patent number: RE44670Abstract: A method for communicating information between at least a pair of correspondents, the method comprising the steps of each of the correspondents selecting a plurality of cryptographic algorithms known to each of the correspondents. One of the correspondents applies the algorithms in a predetermined manner to a message for producing a set of processed information. The set of processed information is transmitted to the other correspondent. The other correspondent applies complimentary operations of the cryptographic schemes in accordance with the predetermined manner for deriving information related to the message from the processed information.Type: GrantFiled: September 13, 2012Date of Patent: December 24, 2013Assignee: Certicom Corp.Inventors: Donald B. Johnson, Scott A. Vanstone