Abstract: An object of the present invention is to provide a marking forming apparatus, a method of forming a laser marking on an optical disk, a reproduction apparatus, an optical disk, and a method of manufacturing an optical disk, capable of providing a greatly improved copy prevention capability as compared to prior known construction. To achieve this object, in the optical disk of the invention, for example, a marking is formed by a laser on a reflective film of a disk holding data written thereon and at least position information of the marking or information concerning the position information is written on the disk in an encrypted form or with a digital signature appended thereto.

Abstract: Logon certificates are provided to support disconnected operation within the distributed system. Each logon certificate is a secure package holding credentials information sufficient to establish the identity and rights and privileges for a user/machine in a domain that is not their home domain. When a user/machine attempts to connect to the system at a domain other than the home domain of the user/machine, the user/machine presents a logon certificate that evidences his credentials. The domain where the user/machine attempts to connect to the system, decrypts and unseals the secure package as required to obtain the credentials information contained therein. If the user/machine has sufficient credentials, the user/machine is permitted to connect to the system. If the user/machine lacks sufficient credentials, the user/machine is not permitted to connect to the system.

Abstract: The present invention teaches a method of generating a secret identification number from a random digital data stream. The method comprises the step of initially selecting a first and a second group of bytes from the random digital data stream, wherein the first and second groups of bytes have a first and second numerical value. Subsequently, a first maximal length LFSR feedback term is looked up from a list in response to said first numerical value, while a second maximal length LFSR feedback term is looked up from the list in response to said second numerical value. The method additionally comprises the step of generating a cyclic redundancy code feedback term in response to executing a cyclic redundancy code check on a third group of bytes selected from the random digital data stream.

Abstract: A method, apparatus, and storage medium for encoding data. According to one embodiment, the data is encrypted with a variable encryption technique, and the encryption is varied to prevent oversaturation of a processor. According to another embodiment, a method, apparatus, and storage medium for decoding data. Encrypted data is received and decrypted, wherein the encrypted data has been generated by encrypting the data with a variable encryption technique, wherein the encryption is varied to prevent oversaturation of a processor.

Abstract: A program representative packetized datastream is generated from an input packetized datastream representing a plurality of programs. Program content packets comprising a desired program selected from the plurality of programs are identified. Condensed program specific information (CPSI) suitable for use in identifying and assembling the identified packets is formed. The resulting CPSI and the identified packets are formed into a datastream. Program specific information packets and program content packets are also extracted from a packetized datastream and stored on a storage medium.

Abstract: Implemented preferably within a video camera, a secure data capture device is used to prevent a captured data clip from be fraudulently altered without detection. The secure data capture device performs "time-bracketing" and/or "sequence ordering" operations to preserve data integrity through implementation of two registers incorporating a "State of the Universe" ("SOTU") number and a "sequence" number, respectively. Time-bracketing is performed by digitally signing a running hash value representing the data clip appended to the SOTU number before the digital signature is "timestamped". Sequence ordering is performed by digitally signing the digest of the data frame or multiple data frames along with the sequence number.

Abstract: Methods and apparatus are disclosed for re-initializing a secure password series based on an iterated hash function. User login information is communicated over an insecure network connection or other transmission medium between a client and a server. The server provides an indication that a first login series based on a first password has reached a predetermined minimum number of remaining hash function iterations. This indication could also be generated by the client. In either case, the client responds to the indication by generating an initialization signal which relates the first login series based on the first password to a second login series based on a second password. The initialization signal may be generated as the exclusive-or of the results of applying a first number of hash function iterations to the first password and a second number of hash function iterations to the second password.

Abstract: Electronic trading cards are composed of a plurality of individual trading card files encoded on a single data storage device such as a computer diskette or laser disk, each with an associated deciphering key code for deciphering encrypted data in the individual trading card files, and each with a file transfer code which allows individual trading card files to be transferred from one collector to another, without the transferring collector retaining a copy for his or her own use after a transfer is made. The electronic trading cards are organized and viewed using an electronic binder that provides full featured database functions such as sorting, graphic presentation, and the like. The electronic binder tracks the number of identical electronic trading card files possessed by a collector such that he or she will be aware that duplicates or triplicates are available. The electronic binder also has provisions for updatable guides which can provide card valuation and prediction information.

Abstract: A system and method for secure group communication via multicast or broadcast transmission. In preferred embodiments, the system of the invention implements a secure multicast group consisting of senders, receivers, a group security controller (GSC), and at least one trusted intermediary (TI) server. The GSC and each TI server are responsible for maintaining the security of the group by authenticating and authorizing all other members of the multicast as well as managing the group key(s) (Kgrp(s)) that are used to encrypt the messages multicast to the group. Any member of the group may have more than one role at a time. For example, senders may also be receivers, and the GSC may be combined with one of the senders. Each TI server is a trusted intermediary, which is a special type of sender and receiver.

Abstract: The present invention relates to a system and method for securing sensitive data on mass storage devices. The system and method use an encryption device to encrypt sensitive data that is to be stored on the mass storage devices. A plurality of cryptographic keys are provided to ensure that only authorized personnel have the ability to access the encrypted data.

Abstract: A plurality of certification authorities connected by an open network are interrelated through an authentication and certification system for providing and managing public key certificates. The certification system with its multiple certification and its policies constitute a public key infrastructure facilitating secure and authentic transactions over an unsecure network. Security services for applications and users in the network are facilitated by a set of common certification functions accessible by well-defined application programming interface which allows applications to be developed independently of the type of underlying hardware platforms used, communication networks and protocols and security technologies.

Abstract: An information terminal includes a secure microprocessor and secure non-volatile memory. Data such as authorization data and other service provider related data for subscription information services are certified as to source, and portions thereof decrypted as necessary by the secure processor according to a service provider key and loaded into secure non-volatile memory. The secure data is loaded by multiple service providers or by subscribers themselves, each service provider being adaptably allocated a number of non-volatile storage cells of predetermined length. In this manner, scarce non-volatile memory resources may be conserved and yet made accessible to multiple information service providers upon demand or as requirements change. Once certified by a trusted entity, several information service providers may individually change or modify the reconfigurable memory of the present invention by remote, addressed communication without the intervention of head-end apparatus.

Abstract: Process for the broadcasting of programmes with progressive conditional access and separation of the information flow, as well as the corresponding receiver,In order to form the elementary flow, groups of m successive elements of the multiplex are taken and for forming the complimentary flow groups of p successive elements of the multiplex are taken.Application to television with entitlement checking.

Abstract: A system and method of managing multiple users of an open metering system, wherein the users have different access privileges, includes the steps of providing a user password system for vault access; programing the vault with a plurality of transition states operatively relating to the user password system; assigning vault functional access to each user password first entered into the user password system; and performing a requested vault function when an entered user password under which the request is made has been assigned vault functional access for the requested vault function. The vault is manufactured in a first state in which the user password system is not activated and the activates the user password system upon entry of an initial user password which changes the vault to a second state that accepts requests for vault functions.

Abstract: A method for improving a radio location system based on time-of-arrival. Time-of-arrival radio location systems are limited in ultimate accuracy by signal-to-noise ratio and by the time varying multipath environment in which they must operate. These systems time stamp some feature of an arriving signal, from a transmitter, in order to calculate a range or a hyperbolic line-of-position. Some feature of the received signal must be identified which can provide repeatable readings, in order for a time-of-arrival system to be reliable. The present invention teaches techniques which maintain a high signal-to-noise ratio while identifying a feature of the received signal which is least affected by multipath. The technique uses correlation peak/envelope information to estimate the leading edge of the correlation function, then enhances discrete samples at the leading edge of the correlation function to yield high signal-to-noise ratio readings.

Abstract: An subsystem processor for converting an input audio signal to complex audio samples for QADM processing by a modem for communication with a remote modem is disclosed. The audio process comprises a decorrelator for processing the input audio to generate a residual signal, an adaptive scaler for adaptively scaling the residual signal to generate a scaled residual signal, a randomizer for phase-randomizing the scaled residual signal to generate a complex signal with randomized phases, and a limiter for limiting the complex signal with randomized phases, such that the complex signal is transmitted by the modem to a remote modem.

Abstract: A method of playing a game that has a puzzle and a conforming device. The puzzle includes ciphertext indicia and a number of designated spaces corresponding with the ciphertext for displaying a developing solution. The ciphertext is a message encrypted according to some substitutional and/or transpositional encipherment scheme. At each stage of solving, the ciphertext and developing solution show what has been correctly solved and what remains to be solved. The conforming device verifies the correctness of correct guesses and corrects incorrect guesses without prejudicing future guesses. There are manifold types of messages, encipherment schemes, developing solutions and conforming devices. Some puzzles and conforming devices are made by a computerized method. The game can be played by one player or several players in competition. It can be played using a game board or other apparatus or by using a computer with an interactive computer program. To solve a puzzle, a puzzle solver first forms a guess-pair.

Abstract: A method and apparatus is disclosed for determining the remanent noise in a magnetic medium by, for example, DC saturation of a region thereof and measurement of the remaining DC magnetization. A conventional magnetic recording transducer may be used to determine the remanent noise. Upon determination, the remanent noise may then be digitized and recorded on the same magnetic medium to thereby "fingerprint" the magnetic medium. This "fingerprint" may then be later used to verify and authenticate the magnetic medium as being an original. The magnetic medium may be of a type adapted to record information magnetically or, even more broadly, any magnetic surface or substance that can be sensed through its magnetic field. In such manner, any magnetic medium, or any object having an associated magnetic medium, may be "fingerprinted" including credit cards, computer program diskettes, magneto-optic discs, videotapes, cassette tapes, bank checks, stock certificates, etc.

Abstract: An international cryptography framework (ICF) allows manufacturers to comply with varying national laws governing the distribution of cryptographic capabilities. The invention is concerned primarily with the application certification aspects of the framework where an application that requests cryptographic services from the ICF service elements is identified through some form of certificate to protect against the misuse of a granted level of cryptography. The levels of cryptography granted are described via security policies and expressed as classes of service. A cryptographic unit, one of the ICF core elements, can be used to build several certification schemes for application objects. The invention provides various methods that determine the strength of binding between an application code image and the issued certificates within the context of the ICF elements.

Abstract: A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users .?.suspected of unlawful activities while protecting the privacy of law-abiding users.!., wherein each user is assigned a pair of matching secret and public keys. According to the method, each user's secret key is broken into shares. Then, each user provides a plurality of "trustees" pieces of information. The pieces of information provided to each trustee enable that trustee to verify that such information includes a "share" of a secret key of some given public key. Each trustee can verify that the pieces of information provided include a share of the secret key without interaction with any other trustee or by sending messages to the user. Upon a predetermined request or condition, e.g., a court order authorizing the entity to monitor the communications of a user .?.suspected of unlawful activity.!., the trustees reveal to the entity the shares of the secret key of such user.