TW200833057A - System and method for reducing fraud - Google Patents

Abstract

Pirated certificates may be published or become available in an environment which includes computer networks and websites. An information appliance connected to the environment searches for certificates in the environment. When a certificate is found in the environment, the appliance determines whether to alert an entity having an interest in the certificate.

Description

200833057 IX. Description of the invention: [Technical field to which the invention pertains] This invention relates to a method and system for reducing counterfeiting. [Prior Art] With the rapid expansion of the World Wide Web and the surge in commercial and other types of transactions occurring on the Global Information Network, it is determined that the person on the other end of the transaction is his or her own to participate in such transactions. The more important. The same is true when one of the ^ is an organization, such as a company.

One of the key issues for the owner and distributor of digital content is to allow only authorized parties to access content after it has been distributed by downloading it from the Internet (eg, the Internet) or through content distribution on the storage device. One way to avoid unauthorized access is to use a system for establishing the identity of the party before granting the content access to one party. Systems have been developed for this purpose, such as the Public Golden Yoga Infrastructure (PKI). In the PKI system, a trusted institution called a certificate authority (CA), Sx, is used for & credentials for personal and organizational identity. Parties wishing to establish a certificate of identity, such as organizations and individuals, may register the voucher body with sufficient evidence to prove their identity. After the CA has been certified as a party, the CA will issue a certificate to the party. The voucher typically includes the CA name of the issuing voucher, the name of the recipient voucher, the public key of the party, and the public key of the party signed (ie, encrypted) by the CA's private key. The relationship between the CA's private key and the public key is that any material using the public key signature can be decrypted by the private key and vice versa. The private key and the public key thus form a key pair. One of the dedicated and public-to-gun pairs for passwords is provided in rSA Security Inc. on June 14, 2002, filed 126995.doc 200833057, PKCS#1 v2.1: RSA Cryptography Standard, . The public key of the CA is publicly available. Therefore, when a party desires to verify that the credentials provided by the other party are authentic, the authenticator can simply use the CA's public key to decrypt the encrypted public key within the credentials. The decryption algorithm used to decrypt the signed public key within the voucher is also typically identified within the voucher. If the decrypted public key matches the unencrypted public key in the voucher, the public key of the party in the certificate voucher is undisturbed and verified as authentic based on the trust in the CA and the authenticity of the CA's public key. With the above mechanism, two parties who may not trust each other in other cases can establish trust by using the above procedure to verify the public key of the other party in the other party's credentials. Recommendation X.509 from the International Telecommunication Union (ITU) Telecommunication Standardization Sector (ITU-T) is a standard for specifying a credential framework, hereinafter referred to as the ''ITU X.509 Standard'. Detailed information about the voucher and its use can be found in this standard.

For ease of management, in larger organizations, higher-level CAs (called root CAs) can appropriately transfer responsibility for issuing certificates to several lower-level CAs. In the secondary hierarchy, for example, the top-level root CA issues a certificate to the lower-level CA to authenticate the public keys of the lower-level organizations. The lower-level organizations sequentially issue credentials to the parties through the registration process described above. The verification process begins at the top of the chain of credentials. The verifier will first use the public key of the root CA (known as real) to first verify the authenticity of the public key of the lower level CA. Once the authenticity of the lower level CA's public key has been verified, the verified public key of the lower level CA can be used to verify the authenticity of the party's public key for which the lower level has issued a certificate. The certificate issued by the root CA and by the lower level CA 126995.doc 200833057 then forms the two credential chains of the party with the verified identity. The credential level may of course include more than two levels, where each CA at a lower level than the root C A obtains its authorization from the higher level CA and has credentials containing the public key issued by the more south level CA. Therefore, in order to verify the authenticity of the other party's public key, it may be necessary to trace the path or key of the certificate to the root CA. In other words, to establish the identity of a party, the party wishing to prove identity may need to generate the entire voucher key from its own voucher to the root CA certificate. However, if the root certificate or public key is known to the authenticator, then the root certificate is not required. To verify the identity of a party, the authenticator will typically send a question (e.g., a random number) and request the other party to transmit his or her credentials and a response to the challenge (i.e., a random number encrypted with the other party's private key). When receiving the response and the ticket, the verifier can then decrypt the response using the public key in the voucher and compare the , , and σ fruits with the random number of the initial transmission. If the parties match, this means that the other party has the correct private key and therefore has proven his or her identity. If the decrypted response does not match the question, the authentication fails. Therefore, it is desirable to prove that one of his or her identities will need to have both a voucher and an associated private key. As the use of secure transaction credentials between multiple parties on the Internet grows, piracy also increases. For example, in the case of a global user sharing a file with a file-sharing network, the co-drying is a singular copy of the copyright owner's real product, such as pirated video, audio, and other types of data files. Shared files can also include removal of anti-copy software or other materials. Therefore, there is a danger that an attacker can obtain a voucher or credential chain and the associated private record by illegal means and cause damage in many ways. Such an attacker can make such pirated voucher or credential chain and associated special money available on the slot sharing network and website, such as the File Transfer Protocol (FTP) site, allowing unauthorized parties to enjoy privilege and protection through piracy. Content, such as media files. The available voucher or voucher chain and associated special funds can also be used by thieves to access the victim's bank account. It is therefore necessary to provide a solution to reduce or prevent such counterfeiting. SUMMARY OF THE INVENTION The falsification of illegal use of vouchers can be reduced by finding vouchers in an environment where the vouchers are illegally distributed and circulated or possible. When a credential is found, the recipient decides whether to warn the entity that is interested in the individual credential. In a specific embodiment, (d) performing at least one of the above actions. In this way, and as an optional feature, invalid credentials can be given to the silk, which in other cases may result in piracy. This reduces the forgery instance. In another embodiment, when a credential and its associated private key are found, it is decided whether to warn the entity that is interested in the individual credential. All patents, patent applications, articles, books, books, standards, other publications, documents, and events cited herein are hereby incorporated by reference in their entirety for all purposes. Any use of the definitions or terms between any incorporated publications, documents or events and the text of this document shall be governed by the definitions or terms used herein. [Embodiment] The voucher = line certificate as a true proof of the identity of the entity (CA) may decide to cancel the voucher during its validity for various reasons. Implementation Note 126995.doc 200833057 There are many ways to sell. Usually the credential verifier checks; the horse has been logged out. See the 5〇9 standard. No, "and

As mentioned above, the establishment of a party's true use of the gossip is not required, and the hang needs to be associated with the voucher to reinforce that sometimes the private key can be issued separately from the voucher or ^ (4) ° some time, in the remedy Before the measures are taken to curb the forgery of the certificate, it is necessary to search for the moths and the squad, and the car and the associated special key are both in trouble. The voucher body may adopt a policy in which all voucher is issued by A and the voucher issued or otherwise available shall be cancelled. Therefore, in the embodiment, any falsification that is made to reduce the vouchers issued or otherwise available requires the cancellation of any vouchers that are publicly available, whether or not the associated special funds have been found. The logout is frequently completed through the periodic update of the voucher logout list, the deregistered voucher list reference (eg its serial number). When a voucher reference appears on the voucher logout list, it cannot = now illegally access protected material or content or other types of forgery. Voucher Note The lock procedure is described in the ITU X.509 standard. BRIEF DESCRIPTION OF THE DRAWINGS Figure 1 is a block diagram showing an embodiment of the present invention. As shown, the information appliance 12 is connected to an environment in which pirated credentials can be found. The information appliance 12 searches for credentials within the environment 14, and when the credentials are found within the environment 14, the information appliance 12 warns that the credentials may be of interest. Credential mechanism servo state 16. The information appliance 12 can be any of a number of different types of devices that can be used to perform searches within the environment, including desktop, laptop, and pen computers, and cellular phones. Digital assistants, MP3 players and other types of digital media players, transponders and any other type of device that can be used to implement the search and notification server 16. Environment 丨 4 includes file sharing 126995.doc 200833057 Internet, Internet Internet sites, private networks, such as intra-organizational networks, and any other type of digital media or communication link that can find pirated voucher. As these types of digital media and communication channels increase, such media and channels It can also be used as a means of distributing pirated vouchers. Therefore, the useful device 12 also searches for such types of digital media and communication channels. In a particular embodiment, the appliance 12 notifies the credential authority server, and in other alternative embodiments, an entity other than the credential authority may be alerted or notified as long as such entity is concerned with the credential that the appliance 12 finds within the environment. Appliance 12 searches for files, files, and messages that are published or otherwise available within environment 14, and looks up credentials based on the type of credentials currently being used by various different credential authorities. If appliance 12 finds credentials in the environment & can be notified to the servo Figure 16. Figure 2 is a pair of descriptions of the day and night.

"3 (0x3)". The validity period of the voucher is defined in field 68. . The voucher 50 has a serial number of 66, which requires the appliance 12 to be tested first. This is illustrated in the flow chart of Figure 4. In some embodiments, the alert server i6 verifies that the credentials found within the environment 14 are authentic. Shown. 126995.doc -10- 200833057 Figure 4 is a flow chart illustrating an embodiment of the present invention. The information device 12 first logs into the environment 14 as shown in Figure ,, such as a file sharing or peer-to-peer network, or an internet website. Appliance 12 then searches for keywords that are frequently used in the certificate (step 102). The keywords that can be used for search include the product name, the name of the company that launched the product, and the products used to enhance online security. The name of the online auction site and the online electronic store is 1 step by step through the activities of the Internet and other media. The list of names that can be used for searching inevitably expands. If a voucher is found in the file or message (arrow 103), the file or message is downloaded to the file sharing network in a program (step 104). If the download fails, appliance 12 will return to the search program at step 102 to search for keywords. If the download is successful and completed (arrow 105), the appliance

The file or message can be renamed to have a common deputy name, such as ZIP, RAR, far, iso, bin, exe, as needed, and attempt to retrieve the desired information from the broadcast or message (step 106). The re-name of the file or message is for the following reasons. Sometimes an attacker of a hacker or security system can use an extension that does not describe the file to try to evade (4), because 4 people who are concerned about pirated credentials may only look for the type of Xiaoding. Therefore, if the file name does not correspond to the file type, it may be necessary to rename the slot file to the correct file name. Appliance 12 may also have a collection of algorithms, such as ZIP and RAR. Other possible archive formats, such as encyclopedias, can be found in publicly available sources. Other possible file library formats can be constructed using steganography. See publicly available sources, such as encyclopedias, for unpacking files or messages and steganographic methods for extracting information from files or messages. In addition, you can compress a specific file or message so that you can first extract the file or message from the file or message 126 126995.doc 200833057. In such cases, the appliance u is also decompressed (or as needed) in addition to the other steps that may be performed in conjunction with step 〇6. If it is still not possible to retrieve information from the found file or message, the appliance 12 returns to the search keyword (step 1〇2). New file types and corresponding capture algorithms can be used so that files or messages can appear in this type. These new capture algorithms may no longer fetch the calculus: within the set, which is within the set available to the appliance 12. Therefore, when it is not possible to use the available algorithms to retrieve information from files or messages in step ι 〇 6, the appliance 12 may need to search for the slave file on the Internet or the basin; ^, store + m / original Or an additional algorithm for the message tr. If these algorithms are found, they can be used for filing or message manipulation. The algorithms can then be added to the set of algorithms stored in the appliance 12 for use in the memory available to the state 12 so that the algorithm can be used in the future. If the retrieval is successful (arrow 107), the appliance 12 then looks up the voucher issuer name - in the specific embodiment, this can be performed by a specific shelf of the search voucher. Therefore, by searching for the block (4) shown in Figure 3, the bit can be determined to issue the found certificate: the cow related column ♦ 掬? , 丨益-土々 The name of the nickname (Step 108) 〇 丨 Find the name of the 丨 ( (arrow 1〇9), line function. If not found, continue to perform the W12 return to the search procedure of step 1G2 at step 110. In some specific embodiments, before the voucher institution of the voucher may be verified, first find the horse found: the mouth is said to be issued before the verification can occur, some of the ~ sister's ... real. However, ', two /, the physical examples may prove. For example, 'Voucher can use one of several pre-analyzed formulas, such as Base64 126995.doc -12. 200833057 and Distinguishing Encoding Rules ("DER"), so that the profiling needs to be considered. (Step 11〇). After that, the appliance 12 then determines whether the voucher is authentic (step 110). If the verification of the digital signature in the voucher fails, the appliance returns to the search procedure in the step. Then, the public signature of the voucher institution is used to verify the digital signature in the voucher, for example, FIG. The public key of the credential institution named in the block 62. As known to those skilled in the art, the public key of the credential authority is issued so that the appliance 12 can obtain the public key of the credential institution required to verify the signature in the voucher (step 110) The verification procedure is illustrated in Figures 5 and 6. If the digital signature in the verification voucher is correct, the appliance 12 infers that the voucher is legal (arrow m). In some cases, if g 12 has no verification procedure, the voucher in the environment is determined. Authenticity 2 If the same or similar evidence has been found before, there is no need to verify to decide whether to warn the interested parties, such as the issuing institution of the voucher. A specific "" The appliance 12 warns the voucher, which then cancels the voucher (step 112). Therefore, when the second voucher finds the same voucher in the environment, the appliance is not required to be followed by the warning entity 'however' Before the entity, you need to confirm the credential true f. This can be verified by verification. Otherwise, the attacker may use this to achieve the purpose of initiating the service attack rejection. Example =, the attacker can publish the fake voucher in the environment, which includes The number of the certificate issued by the attack target, even if the attacker does not have a special key corresponding to such a certificate, and then the target is subsequently cancelled; and the parties relying on such a certificate will refuse to use the certificate. Figure 5 is a flow chart showing the procedure for creating a digital signature. As shown in Figure 5, the message or file 152 to be signed is first provided, for example as described in Figure 2 126995.doc -13 - 200833057 Credential 50 (which contains the entity's public key and information about the entity). Generates noise 154 (eg, SHA or MD5) from the message or file using the hash algorithm specified in the voucher, Obtain a message or archive summary 156 (with the value Py75c%bn). Then use the signer's key, such as the certificate authority's private key 159, to encrypt the digest 158 by the encryption or signature algorithm specified in the voucher to obtain the digital sign. Chapter 6 " has a value of 3kjfgf*£$&), which can then be used as a digital signature 56 in the voucher 50 of Figures 2 and 3. The digital signature 160 and the initial message of the file 152 are then combined into one file: Signature file 162. Thus, if the procedure of Figure 5 is applied to the voucher 5 of Figure 2, the common key 52 and information 54 of Figure 2 are hashed and encrypted to produce a digital signature 56. The digital signature 56 thus generated is then combined with elements 52 and 54 to form the signature voucher 5 of Figure 2. Figure 6 is a flow diagram showing the flow of a program for verifying a digital signature in a voucher. As shown in Fig. 6, the initial message of the file 1 52 in the signature voucher 62 is first hashed in the hash program 1 64 using the hash algorithm specified in the voucher to generate the file or message digest 166, thereby obtaining the value Py75c%bn. The digital signature 160 (having a value of 3kjfgf*£$&) in the signature file 162 is also decrypted within the decryption program 168 using the encryption or signature algorithm specified in the voucher, using the public key 丨67 of the credential authority to A decrypted file 产生7〇 is generated, which may have a value of Py75c%bn. If the decrypted file 170 matches the archive or message digest 166' this means that the public key 167 used to decrypt the digital signature ι6 within the file ι62 forms a key pair with the voucher's private key 159 (see Figure 5), such that File 162 is true. Referring to Figure 4, if the voucher in the header 111 is legal or authentic by the successful verification of the digital signature in the voucher, the appliance 12 alerts the server 16. The server 16 can then include a credential reference within the credential logout list. Then, when the voucher logout list is updated after the next update, the voucher number 5 is then displayed in the updated voucher logout list so that voucher 5 will not be available for unauthorized access to protected material or content or other types of forgery. . (Step 丨丨).) The procedure for establishing and verifying the digital signature is explained in more detail in the standard of Ting!^ and .5〇9. The procedure for the cancellation of the voucher and the renewal of the voucher logout list is also described in the 509·509 standard.

Most credentials contain information on the time period during which the voucher is valid. In Figure 3, for example, the information 68 is included in the voucher 5〇 to indicate that the voucher is before the specified time on the 17th of January 1997 and the designated time on the 17th of 1999... 12 The voucher found contains instructions; the information that the horse is no longer valid due to the expiration of time, for example, the voucher will not be available: to achieve unauthorized access to the insured or the data or other types of forgery. The appliance 12 does not need to notify the feeder 16. Thus, in addition to the steps outlined in Figure 4, the appliance 1: also: information on the search vouchers to indicate whether the credentials are valid, such as by comparing the time period within the voucher valid for the current time and the voucher. If the time period within the voucher in which the voucher is valid has elapsed, the appliance 12 preferably does not warn the applicator !6, but if the time period has not passed, the device (4) warns the applicator 16. = The new 'a δ master list is usually distributed periodically by the certificate authority' to inform the public that the certificate is no longer valid after it is issued. If the stalk "has 12 found vouchers have been listed in the matching (four) « as k features' appliance 12 can search for the certificate of the certificate found in the environment 126995.doc -15· 200833057, the certificate list, regardless of whether the certificate Reference has been made to the list. Right, then appliance I2 does not need to notify server 16. Upon receipt of the credentials on the pin list, appliance 12 will notify server 16. In one embodiment, appliance 12 may include executable The computer code for implementing the above features, and the appliance 12 executes the code to perform the various functions described above. In another embodiment, the executable, brain or software code for performing the above functions may be stored in the figure W. The storage device 18 can be a removable type of memory (such as a flash memory card or any other type of removable non-volatile memory) that can be coupled to the appliance 12 via a connection. The program for implementing the above-mentioned features can be read and executed by the appliance 12, which is stored in the form of computer executable code stored in the storage i 8. Many file sharing networks and Source software so that software that is readily available for use can be used or used to log into the network and any of the websites in the case - or a plurality of specific embodiments of the software can be designed as a login program and program sequence for the migration login program (For example, the procedure described above with reference to the figure) can be automatically implemented by the appliance 12 without the need for an operator. - The software will be logged in by the appliance 12 and the following procedures, and no one needs to search for multiple The Internet and the website, and if the software specifies the known Internet address of the Internet site, the login process of the network or website is automatically implemented, for example, in a fixed sequence 'μ疋The program is stored in the memory of the appliance 12 or in the memory: 18 as described in Fig. 7. It can also be automated by the appliance n and the above- or other actions. For example, The software can be designed from 126995.doc -16 - 200833057 to search for programs in the order of the publishers (4) in the predetermined order stored in the repository 12 or the storage 18 of the appliance 12 (4). Keyword. Verifier With software design automation, it uses the algorithm specified in the voucher and the public key of the issuer within the voucher to verify the digits in the voucher. The common voucher's public key can be stored in the instrument for this purpose. 12 of the memory 2 〇 6 or the storage 18, as shown in Figure 7. The appliance η or the storage 18 can also store the sequence of previously found vouchers in the memory 2 〇 8 so that the appliance can be programmed into only Decide that the voucher found in the search has been verified, the second check a is true, and the previously found voucher is not automatically copied to the voucher organization or another interested party. The program can be automatically implemented, such as renaming, compressing or decompressing and parsing the software. The design system can execute algorithms for performing the programs in a ride-on mode, such as a fixed sequence, and wherein the patterns and algorithms are stored in memory 2〇2 or memory Μ Q 7 within appliance 12. Automated procedures may be advantageous because the credentials may then be searched and verified on a regular or continuous basis on a designated network or website, and may be reported as needed as described above. Alternatively, one or more programs may be executed using the appliance 12 operated by the operator while other programs are automatically executed. = The same credential institution may have a different policy as to whether the issued voucher should be cancelled. Some credential agencies may have a policy of whether or not the associated private key sentence should be issued by the 17 major sales, as described above with reference to FIG. ^ ^ The organization may have a government that should be revoked only when the associated private key is found. Figure 8 illustrates a specific embodiment in which the appliance 12 can be arbitrarily ordered in two different types of policies. As shown in FIG. 8, the program for searching for the key 126995.doc -17-200833057 (step 102), finding the keyword (arrow 103), and downloading the file (step 1〇4) is the same as the above procedure with reference to FIG. . The appliance 12 first uses the available algorithms in the memory 212 of Figure 7 to determine whether the "files can be retrieved from and retrieved from the file name (diamond 3 〇 2). If an available algorithm is used, the file can be opened and can be opened from it. Taking the information, the appliance 12 determines whether the file contains a private key or a public key certificate (diamond 3〇4). The private key or the public key can also use one of the established formats of the right key, such as Base64 and the distinction encoding rule. (''DER'), so that the appliance 12 can determine by format whether the archive contains a private key or a public key certificate. The established format can be stored in memory 210 or storage 18 of appliance 12, as shown in FIG. Alternatively, if the file contains an indication that the particular material in the file constitutes a private or public key certificate, this indication can be used for the decision. The decision action within diamond 302 can include renaming, compressing, or decompressing the file using the available algorithms in memory 212 of FIG. However, if the algorithm for the appliance cannot be used to open the slot (diamond 3() 2) or the information cannot be retrieved from the file, appliance 12 will have to search for the method that can be used as described above (v. 306). If the algorithm for opening or extracting information from the file cannot be found, the appliance 12 returns to the search keyword in step 1〇2. If an algorithm is found for opening or extracting information from the file, it is stored in the memory 212 of FIG. 7 for such an algorithm, and n returns to the diamond 302 to attempt to open and retrieve the file. News. If the file is determined to contain a private key (diamond 3G4), it is stored in the repository 214, and then the repository 216 (step 3ι〇) in Figure 7 is searched to find the four public certificate. The above-mentioned challenge response mechanism can be used to determine whether there is a match by using the special challenge 126995.doc 200833057 key and voucher stored in the repository 216. If no matching public key voucher is found in repository 216, appliance 12 returns to step 1 to perform more keyword searches. However, if a matching public key voucher is found within repository 216, appliance 12 proceeds to step 1-8 to find the voucher issuer name described above with reference to FIG. 4 (steps 1-8). If the file is determined to contain a public key certificate, the certificate is stored in the repository 216 (step 31). Also analyze the public key certificate to find Γ

Go to the voucher issuer name and check the CA policy to determine if a warning key associated with the voucher needs to be found (step 312). If the policy requires an associated special account, then the appliance will attempt to find a matching private key in the repository 2 > 4 by the above-mentioned challenge response mechanism (arrow 314, step 310). If no matching private key is found, then device I. Go back to step 102. If a matching private key is found, then appliance 12 proceeds to step 108' to find the voucher issuer name described above with reference to Figure 4 (step 108). If the policy is checked in step 312, once the published public is found The voucher will warn the interested party, and if the associated special gold wheel is not found, after the common voucher is found, the appliance 12 proceeds directly from step 312 to step 1〇8 (diamond 304) to find the above reference to FIG. The voucher issuer ^ said 0 Regardless of the CA policy, after finding the voucher issuer name (arrow 1〇9), if not completed, the appliance 12 then parses the voucher and verifies whether the voucher is true as described above with reference to FIG. 4 ( Step 11〇). If the voucher is authentic (arrow 111), the appliance 12 warns the matching CA so that the CA can revoke the voucher as described above with reference to Figure 4 126995.doc 19 200833057 (step 112). If the other party of attention is warned instead of the warning CA, this allows the party to take precautions. While the invention has been described by reference to the embodiments of the invention, it is understood that the invention may be modified and modified without departing from the scope of the invention as defined by the appended claims. BRIEF DESCRIPTION OF THE DRAWINGS Figure 1 is a block diagram showing an embodiment of the present invention. Figure 2 is a diagram showing the credentials of an embodiment of the present invention. Figure 3 is a more detailed illustration of the voucher of Figure 2. Figure 4 is a flow chart illustrating an embodiment of the present invention. Figure 5 is a flow diagram illustrating in more detail a feature within one embodiment of the present invention. Figure 6 is a flow diagram illustrating a procedure for verifying a digital signature useful for illustrating one feature of one embodiment of the present invention. Figure 7 is a block diagram illustrating different memories storing information useful for various flow diagrams of various embodiments of the present invention. Figure 8 is a flow chart illustrating another embodiment of the present invention. The same components in this application are labeled with the same numerals. [Main component symbol description] 12 Information appliance 14 Environment 16 Credential mechanism server 18 Storage 20 Connection 126995.doc -20- 200833057 50 52 54 56 152 159 160 162 166 167 170 202 204 206 208 210 212 214 216 Certificate Commons Key Information Digital Signature Message or File Dedicated Key Digital Signature Signature File/Signature Credential Message Summary Common Gold Record Decryption File Memory Memory Memory Memory Memory Storage Repository 126995.doc -21 ·

Claims (1)

200833057 X. Patent application scope · A computer-readable storage device that can be executed by a information appliance to implement an instruction program for reducing the pseudo-method in an environment, the information appliance is connected to the environment, and the method includes Searching for credentials within the environment; verifying at least some of the credentials found within the environment to determine whether the credentials are authentic; and/or verifying that at least one of the credentials found within the environment is authentic The alert focuses on one of the at least one credential entity. The computer readable storage device of claim 1, wherein the authenticity verification of the voucher is performed by verifying at least one of the plurality of voucher signatures. 3. A computer readable storage device as claimed, wherein the search searches for at least one name of a voucher issuer. 4. 5. 6. The computer of claim 3 can read the storage device, wherein the method further analyzes the name of the voucher issuer before the at least one voucher is verified and the name of the voucher issuer is found in the at least one voucher At least - a voucher. The computer of claim 4 can read the storage device, wherein the verification verifies at least one of the credentials of the interface to determine authenticity. a type of information appliance that includes code executable by the appliance to implement a method of reducing forgery in an environment, the environment comprising a computer network and a network, the information appliance being coupled to the environment, the method comprising: Search for credentials within the environment; verify individual credentials found within the environment to determine whether the credentials are authentic; and 126995.doc 200833057 verify that at least one of the credentials found in the territory of the selection p & / % is true疋 Whether to warn about one of the at least one voucher entity. 7. If the information appliance of claim 6 is requested, the entity has the right to modify one of the voucher logout lists to include a reference to one of the at least one voucher. The information appliance of claim 6, the method further comprising: checking whether the at least one voucher found and verified as authentic in the ring & or not, the portion of the voucher being determined according to whether the at least one voucher is valid or not entity. 9. The information appliance of claim 6 wherein the method further comprises checking whether the at least one voucher found and verified in the ring i brother is on the voucher close list of the entity t-related, wherein The decision determines whether to warn the entity based at least in part on whether the at least one voucher is found on the voucher logout list. Wherein the alpha-key certificate lock list is determined by the fact that the verification uses one of the entities, wherein the search includes renaming the ring, wherein the search is included in the environment, wherein the algorithm compresses or decompresses the " The executable code causes the appliance to be released or distributed from the information appliance of claim 9. U. If the information appliance of claim 6 is used, record 1 in gold. 12. At least one file in the territory of the information appliance of claim 6. 13. Perform the algorithm as in the information appliance file of claim 6. 14. For information such as the information appliance of claim 13. 15. The information appliance of claim 6 126995.doc 200833057 carries out at least one of the search, verification and decision-making without the need for a person to propose the information device of the sixth item, the method further comprising searching for the slave brother A retrieval algorithm that captures information from a voucher. In the month of the month, the information device of the item is selected, and the method is a special key. Searching for the environment 18. In the case of the information appliance of claim 17, the method #^^ contains at least one spot of the special key of the environment J found in the territory of the garment to match at least one of the certificates . 19. The information appliance of claim 18, wherein the method determines whether the entity is warned when at least one of the special accounts found in the ring 'matches at least one of the credentials found in the environment . 2. An information device as claimed in claim 6] wherein the method further comprises checking one of at least one of the credentials found in the environment. Policy, and according to the policy, decide whether to match the at least one certificate with a special account. a method of reducing forgery in an environment, comprising: connecting a - information H to the environment to search for credentials in the environment; and verifying at least some of the credentials found in the environment to Determining whether at least some of the voucher is authentic; and verifying that at least one of the voucher found within the environment is authentic, by the information appliance deciding whether to alert the entity to the at least one voucher. The method of claim 21, wherein the verification of the authenticity of the voucher verifies a digital signature in the at least some of the voucher. 23. The method of claim 21, further comprising the information appliance And wherein the information appliance checks whether the at least one credential found and verified to be authentic within the environment is still valid, wherein the determining determines whether to alert the entity based at least in part on whether the at least one credential found is valid. The method of 21, further comprising the information appliance, the information appliance checking whether the at least one credential found in the environment and verified as authentic is on a credential logout list associated with the entity, wherein the decision is based at least in part on Whether the at least one voucher is found on the voucher logout list to decide whether to warn the entity. 25. The method of claim 24, wherein the voucher logout list is published or distributed by the entity. Where the verification uses one of the entities to share the gold balance. 27. The method of claim 21, wherein the information is The search for the appliance is for at least one name of a voucher issuer. 28. The method of claim 27, further comprising the information appliance, the information appliance being found in the at least one voucher before verifying the at least one voucher The method of claim 28, wherein the verification verifies at least one of the parsings to determine authenticity. 3. The method of claim 21, wherein The search by the information appliance includes renaming at least one file in the environment. 126995.doc 200833057 31. The method of claim 21, the complex φ ^ , , and the fine search by the information appliance to the environment The file in the file implements an algorithm. 32. As in the method of claim 31, 1 the message is safe, and the error is detected by the information device including the 4-slot case-compression algorithm or decompression algorithm. The method of claim 21, wherein the connection, the search, the verification, and the shirt are automatically performed by the appliance at least without human intervention. 34. The method of claim 21 The _ step includes searching for a retrieval algorithm for extracting information from the credentials of C in the environment. 35. The method of claim 21, wherein the step _step comprises searching for a dedicated Jin Yu in the environment. The method of claim 35, the method comprising: matching at least one of the special funds found in the environment with at least one of the credentials found in the environment. A method of claim 36, wherein The decision determines whether the entity is alerted when at least one of the private keys found within the environment matches at least one of the credentials found within the environment. 38. As in the method of claim 21, further A policy of a credential authority that checks for at least one of the credentials found in the environment, and determines whether to match the at least one credential with a dedicated credit based on the policy. 39. A method of operating an information appliance connected to an environment, wherein: searching for credentials in the environment; determining the authenticity of the individual credentials found within the environment; and determining whether the warning concern has been determined to be true At least one of the 126995.doc 200833057 entities of the vouchers make a decision. 40. The method of claim 39, wherein the entity has the right to modify one of the voucher logout lists to include a reference to one of the at least one voucher. 126995.doc