Abstract: A method for superimposing attributes on files stored in a hierarchically organized file system, having at least one file and at least one directory, is disclosed. The method initializes an attribute data base (ADB) with one or more entries having a path descriptor referencing a file in a hierarchical database, an attribute, and an attribute association option describing how the attribute is associated with the file referenced by the path descriptor. The method simplifies maintaining systems employing file attributes to describe files by using the hierarchy of the file system to superimpose attributes on the files. The method provides for handling explicit, implicit, and static associations of attributes with files in the file hierarchy. The method is invoked by a file manager, such as an attribute supplying file hierarchy (ASFH), which resides in the operating system of a computer system having a processor, memory, and a system bus for passing data between the processor and memory.

Abstract: A system and method for data escrow cryptography are described. An encrypting user encrypts a message using a secret storage key (KS) and attaches a data recovery field (DRF), including an access rule index (ARI) and KS, to the encrypted message. The DRF and the encrypted message are stored in a storage device. To recover KS, a decrypting user extracts and sends the DRF to a data recovery center (DRC) that issues a challenge based on access rules (ARs) originally defined by the encrypting user. If the decrypting user meets the challenge, the DRC sends KS in a message to the decrypting user. Generally, KS need not be an encryption key but could represent any piece of confidential information that can fit inside the DRF. In all cases, the DRC limits access to decrypting users who can meet the challenge defined in either the ARs defined by the encrypting user or the ARs defined for override access.

Abstract: A cryptographic communications system and method is provided for access field verification. A key exchange field which includes an encryption of at least part of a first encryption key using a public portion of a second encryption key, an access field which includes an encryption of at least part of the first encryption key using a public portion of a third encryption key, and a verification field which is created from at least one value used to create at least one of the key exchange field and the access field are provided to a receiver. Using the verification field, the receiver verifies that at least part of the first encryption key contained within the key exchange field and at least part of the first encryption key contained within the access field are equivalent. If the receiver's verification is successful, the access field is determined to be authentic.

Abstract: A system and method for dam escrow cryptography are described. An encrypting user encrypts a message using a secret storage key (KS) and attaches a data recovery field (DRF), including an access rule index (ARI) and KS, to the encrypted message. The DRF and the encrypted message are stored in a storage device. To recover KS, a decrypting user extracts and sends the DRF to a data recovery center (DRC) that issues a challenge based on access rules (ARs) originally defined by the encrypting user. If the decrypting user meets the challenge, the DRC sends KS in a message to the decrypting user. Generally, KS need not be an encryption key but could represent any piece of confidential information that can fit inside the DRF. In all cases, the DRC limits access to decrypting users who can meet the challenge defined in either the ARs defined by the encrypting user or the ARs defined for override access.

Abstract: A system and method for key escrow cryptography for use in a system comprising a sender and a receiver. Only public escrow keys are stored in the sender and the receiver. The sender encrypts a message using a secret session key (KS), and generates a leaf verification string (LVS) by combining an unique program identifier (UIP), a public portion of a program unique key (KUpub), and a signature. The sender encrypts the KS using the KUpub to generate a first encrypted session key (EKS), and generates a first law enforcement access field (LEAF) by encrypting a combination of the first EKS and the UIP with a copy of a public portion of a family key (KFpub) stored in the sender. The encrypted message, the LVS, and the first LEAF are transmitted from the sender to the receiver. The receiver stores therein a public portion of the KEPF key (KEPFpub). The receiver extracts the UIP, KUpub, and the signature from the LVS, and then encrypts the KS using the extracted KUpub to generate a second encrypted session key (EKS).

Abstract: A system and method for auditing and controlling the use of a computer. An operating system and selected programs and data , referred to as approved applications and approved data , are stored on a protected media which cannot be modified by any ordinary user or application program, regardless of operating system privilege. The protected media can be modified by the operating system, as well as by an administrator using a trusted path mechanism. The trusted path mechanism establishes a reliable communication channel between the administrator and the computer system. The present invention may be configured to collect user audit data concerning user activity and system status and to write the audit data to the protected media. Also, the present invention may be configured to limit execution of application programs to the approved applications.