摘要:
A method and system for generating and printing an indicium, such as a postal indicium, on an object such as a mail piece. Other printed material, such as an address block, on the object is scanned, and the scanned image is processed to abstract characterizing information descriptive of the other printed material. Alternatively, the image to be processed can be obtained by filtering the original image wit a print/scan filter which simulates printing and scanning processes. The characterizing information can be text-based or image-based. Image-based characterizing information can be measurements of word lengths, counts of outliers in images of characters, or descriptions of the shape of the other printed material. The characterizing information is combined with other information, such as postal information and the combined information is then cryptographically authenticated with a digital signature or the like. An indicium representative of the authenticated information is then printed on the object. The object's relationship to the indicium can be verified by regenerating the characterizing information from the other printed material and comparing the regenerated characterizing information with characterizing information recovered from the indicium. Thus, copies of the indicium cannot easily be used, without detection, on other objects which do not include the other printed material.
摘要:
A method and system for generating and printing an indicium, such as a postal indicium, on an object such as a mail piece. A digital image of other printed material, such as an address block, on the object is obtained, and the image is processed to abstract characterizing information descriptive aspects of the other printed material. The aspects can be measurements of word lengths, counts of outliers in images of characters, or descriptions of the shape of the other printed material. The characterizing information is combined with other information, such as postal information, and the combined information is then cryptographically authenticated with a digital signature or the like. An indicium representative of the authenticated information is then printed on the object. The object's relationship to the indicium can be verified by regenerating the characterizing information from the other printed material and comparing the regenerated characterizing information with characterizing information recovered from the indicium. Thus, copies of the indicium cannot easily be used, without detection, on other objects which do not include the other printed material.
摘要:
Methods and systems for verification of indicia that do not require key management systems, and in which revocation of key pairs is easily performed without adding costs to the verification process are provided. Indicia are generated and authenticated utilizing an identity-based encryption (IBE) scheme. A key generating authority generates a private key for a PSD, distributes the private key securely to the PSD, and provides public information for use by a verification service when verifying cryptographic digital signatures generated with the private key. The corresponding public key is a string consisting of PSD information that is provided as part of the indicium. The verification service can verify the signature of each indicium by obtaining the public key string from the indicium, and utilizing the key generating authority's public information.
摘要:
Methods and systems that prevent completion of postdated financial transactions until the specified future date is provided. A portion of the information necessary to complete a financial transaction is encrypted utilizing an identity-based encryption (IBE) scheme. The encryption key used to encrypt the information is associated with the date on which the transaction is authorized to be completed. The encrypted information is provided to the payee. The issuing bank provides a daily decryption key that allows decryption of information encrypted using the key associated with the corresponding date. Thus, only when the maturity date of the transaction has arrived will the payee or depositing bank be able to obtain the decryption key that will decrypt the encrypted information necessary to complete the transaction. Since the encrypted information can not be decrypted until the date associated with the encryption key, the financial transaction can not be completed until such date.
摘要:
Methods and systems for verification of indicia that do not require key management systems, and in which revocation of key pairs is easily performed without adding costs to the verification process are provided. Indicia are generated and authenticated utilizing an identity-based encryption (IBE) scheme. A key generating authority generates a private key for a PSD, distributes the private key securely to the PSD, and provides public information for use by a verification service when verifying cryptographic digital signatures generated with the private key. The corresponding public key is a string consisting of PSD information that is provided as part of the indicium. The verification service can verify the signature of each indicium by obtaining the public key string from the indicium, and utilizing the key generating authority's public information.
摘要:
Methods and systems for providing confidentiality of communications sent via a network that is efficient, easy to implement, and does not require significant key management. The identity of each node of the routing path of a communication is encrypted utilizing an identity-based encryption scheme. This allows each node of the routing path to decrypt only those portions of the routing path necessary to send the communication to the next node. Thus, each node will only know the immediate previous node from which the communication came, and the next node to which the communication is to be sent. The remainder of the routing path of the communication, along with the original sender and intended recipient, remain confidential from any intermediate nodes in the routing path. Use of the identity-based encryption scheme removes the need for significant key management to maintain the encryption/decryption keys.
摘要:
Methods and systems for providing confidentiality of communications sent via a network that is efficient, easy to implement, and does not require significant key management. The identity of each node of the routing path of a communication is encrypted utilizing an identity-based encryption scheme. This allows each node of the routing path to decrypt only those portions of the routing path necessary to send the communication to the next node. Thus, each node will only know the immediate previous node from which the communication came, and the next node to which the communication is to be sent. The remainder of the routing path of the communication, along with the original sender and intended recipient, remain confidential from any intermediate nodes in the routing path. Use of the identity-based encryption scheme removes the need for significant key management to maintain the encryption/decryption keys.
摘要:
A method and system for selecting a characterizing algorithm to be used to characterize blocks of printed material. A digital image of printed material, such as an address block, on an object is obtained, and the image is processed to extract characterizing information descriptive of aspects of the printed material. An indicium representative of the information is then printed on the object. The object's relationship to the indicium can be verified by regenerating the characterizing information from the printed material and comparing the regenerated characterizing information with characterizing information recovered from the indicium. A particular algorithm is selected from a predetermined group of characterizing algorithms by determining an estimate for the robustness of each algorithm.
摘要:
Elliptic curve hash functions are provided which do not require a pre-existing hash function, such as that required by the MuHash. The elliptic curve hash functions can be built from scratch and are collision free and can be incremental. In one embodiment, rather than a pre-existing hash function, the identity function with padding is used; and in another embodiment, rather than a pre-existing hash function, a block cipher with a fixed non-secret key is used.
摘要:
An asset management system is provided, which includes a hardware module operating as an asset control core. The asset control core generally includes a small hardware core embedded in a target system on chip that establishes a hardware-based point of trust on the silicon die. The asset control core can be used as a root of trust on a consumer device by having features that make it difficult to tamper with. The asset control core is able to generate a unique identifier for one device and participate in the tracking and provisioning of the device through a secure communication channel with an appliance. The appliance generally includes a secure module that caches and distributes provisioning data to one of many agents that connect to the asset control core, e.g. on a manufacturing line or in an after-market programming session.