"Nonce Stamp": SRI International Receives Security Technology Patent for Paper-based Transactions

2004-11-23 Thread R.A. Hettinga 




 
 November 23, 2004 08:01 AM US Eastern Timezone

SRI International Receives Security Technology Patent for Paper-based
Transactions

  MENLO PARK, Calif.--(BUSINESS WIRE)--Nov. 23, 2004--

 
 "Nonce Stamp" Offers Many Applications, Including Electronically
Downloaded Airline Tickets, Travelers Checks, Passports, Postage, Legal
Documents, and Event and Movie Tickets
  



 SRI International, a leading independent, nonprofit research institute
known for its pioneering innovations, today announced that it has been
issued a fundamental U.S. patent for its "nonce stamp" technology, which
can secure and authenticate paper documents against fraudulent creation and
use.

 U.S. Patent No. 6,820,201 covers SRI's information-based indicia
technology for securing and authenticating paper documents. The SRI
technology addresses the security issues inherent in today's popular
"print-at-home" documents, such as postage and movie tickets, which can be
readily counterfeited.

 The recently awarded patent and related pending SRI patents cover an
innovative use of a nonce (an element used to protect electronic
cryptography systems from being cracked) to protect paper-based documents.
The nonce is a unique number preprinted on a forgery-resistant material.
When the user wishes to print an article of value, such as a postage stamp,
the value of the nonce is combined with other information (e.g., the value
of the postage) and a digital certificate is created. The digital
certificate, in electronic or printed form, together with the nonce stamp,
provides cryptographically secure proof of the uniqueness and authenticity
of the certificate.

 The inventors are laboratory director Patrick D. Lincoln, Ph.D., and staff
scientist Natarajan Shankar, Ph.D., of SRI's Computer Science Laboratory.
"Most paper currency and other documents that have monetary value include
security features to prevent fraud. SRI saw the need to also secure today's
popular "print-at-home" documents to eliminate forgery and counterfeiting,"
said Dr. Lincoln. "Nonce stamps are a way of creating unique physical
representations of digital certificates that are easily authenticated and
that cannot be forged."

 About SRI International

 Silicon Valley-based SRI International (www.sri.com) is one of the world's
leading independent research and technology development organizations.
Founded as Stanford Research Institute in 1946, SRI has been meeting the
strategic needs of clients for almost 60 years. The nonprofit research
institute performs contract research and development for government
agencies, commercial businesses and nonprofit foundations. In addition to
conducting contract R&D, SRI licenses its technologies, forms strategic
partnerships and creates spin-off companies.
 Contacts
SRI International
Ellie Javadi, 650-859-4874
[EMAIL PROTECTED]
-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

feel free to capture keystrokes at will

2004-11-23 Thread Perry E. Metzger 

Judge dismisses keylogger case

By Kevin Poulsen, SecurityFocus Nov 19 2004 6:40PM
A federal judge in Los Angeles has dismissed charges against a
California man who used a keystroke logger to spy on his employer,
ruling that use of such a device does not violate federal wiretap
law. 

http://www.securityfocus.com/news/9978

-- 
Perry E. Metzger[EMAIL PROTECTED]

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

More on serial numbers in color printing

2004-11-23 Thread Perry E. Metzger 

Another article on serial numbers embedded in the output of color
printers and copiers:

http://story.news.yahoo.com/news?tmpl=story&cid=1093&e=4&u=/pcworld/20041122/tc_pcworld/118664

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Fyodor of Nmap regularly gets FBI subpoenas.

2004-11-23 Thread Perry E. Metzger 

Just got this in email -- I thought it might be of interest to the
readership.

Perry

Date: Tue, 23 Nov 2004 17:41:49 -0800
From: Fyodor <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: FBI Subpoenas
Message-ID: <[EMAIL PROTECTED]>

Dear Nmap hackers,

Let me first wish you Americans a happy Thanksgiving.  Meanwhile, I'm
hard at work on a holiday Nmap version which should be available by
Christmas.

But enough pleasantries -- I want to discuss a sobering topic.  With
increasing regularity this year, FBI agents from all over the country
have contacted me demanding webserver log data from Insecure.Org.
They don't give me reasons, but they generally seem to be
investigating a specific attacker who they think may have visited the
Nmap page at a certain time.  If they see that an attacker ran the
command "wget http://download.insecure.org/nmap/dist/nmap-3.77.tgz";
from a compromised host, they assume that she might have obtained that
URL by visiting the Nmap download page from her home computer.  So
far, I have never given them anything.  In some cases, they asked too
late and data had already been purged through our data retention
policy.  In other cases, they failed to serve the subpoena properly.
Sometimes they try asking without a subpoena and give up when I demand
one.

One can argue whether helping the FBI is good or bad.  Remember that
they might be going after spammers, cyber-extortionists, DDOS kiddies,
etc.  In this, I wish them the best.  Nmap was designed to help
security -- the criminals and spammers put my work to shame!  But the
desirability of helping the FBI is immaterial -- I may be forced by
law to comply with legal, properly served subpoenas.  At the same
time, I'll try to fight anything too broad (like if they ask for
weblogs for a whole month).  Protecting your privacy is important to
me, but Nmap users should be savvy enough to know that all of your
network activity leave traces.  I'm not the only one who gets these
subpoenas -- large ISPs and webmail providers receive them daily.
Most other major security sites probably do too.  Most of you probably
don't care if someone finds out that you downloaded Nmap, Nessus,
Hping2, John the Ripper, etc.  Nothing on Insecure.Org is illegal.
But for those of you who do care, there are plenty of mechanisms
available to preserve your anonymity.  Remember this security mantra:
defense in depth.

Cheers,
Fyodor

--
For help using this (nmap-hackers) mailing list, send a blank email to 
[EMAIL PROTECTED] . List archive: http://seclists.org

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]