Abstract: A method for creating, storing and reading a new certificate type for certification of keys is provided. In the new certificate type, several certificates, containing a minimum quantity of redundant data fields, are collated to form one certificate and all redundant information on the certificates is eliminated. An embodiment of the new certificate type is the group certificate. The group certificate is used where several keys are to be issued at the same time for the same user by the same certification instance. By means of the group certificate, all redundant data elements are eliminated and all data elements for a set of several keys subject to certification are grouped into one certificate. This substantially reduces the memory requirement, and handling of the certificates is simplified for the communication partners. A further embodiment of the new certificate type is the basic and supplementary certificate combination.

Abstract: A system and associated protocols for communication between two entities across a computer network operate such that the identities of the two entities remain concealed from each other, while ensuring that no third party is able to trace the existence of a conversation between them. The two entities correspond to each other through pseudonyms. The protocols are designed with an object to distribute trust so that an identity is not revealed by the compromise of any one agent involved in the execution of the protocol. No one agent can establish a correlation between a pseudonym and a physical address.

Abstract: When an electronic document is made available for review by other entities, it is often convenient to store the document in a repository or database managed by a third party. A system is provided in which the originator of the document is able to ensure the integrity and security of its document filed with a third party repository without having to trust the administrator of the repository. Both the document originator and the repository administrator have vault environments which are secure extensions of their respective work spaces. The vault of the document originator encrypts a document that it receives from the originator, prior to forwarding it on to the vault of the repository. On receipt of the encrypted document, the repository's vault signs the encrypted document itself before storing the document in the electronic repository and returning to the originator's vault proof of deposit of the encrypted document.

Abstract: Methods for transferring among key holders in encoding and cryptographic systems the right to decode and decrypt messages in a way that does not explicitly reveal decoding and decrypting keys used and the original messages. Such methods are more secure and more efficient than typical re-encoding and re-encryption schemes, and are useful in developing such applications as document distribution and long-term file protection.

Abstract: In a time stamping system formed by a client device and a server device, the client device includes a digest generation unit for generating a plurality of digests for a plurality of digital documents, a digest combining unit for combining the plurality of digests generated by the digest generation unit, a unified digest generation unit for generating a unified digest from the plurality of digests as combined by the digest combining unit, a transmission unit for transmitting a time stamping request containing the unified digest generated by the unified digest generation unit, to the server device, and a reception unit for receiving a time stamp token for the plurality of digital documents from the server device. The server device generates the time stamp token containing a time stamped digital document obtained by combining the unified digest and a time information acquired in response to the time stamping request, and a digital signature for the time stamped digital document.

Abstract: This invention report describes the architecture of a system, which undertakes in a new way the dynamic generation of symmetrical keys and the confidential synchronization of encryption components which use these keys. The basis is formed by the principle of the one-time-pad, with which absolute confidentiality can be ensured in theory. The difficulties with practical implementation of a pure one-time-pad can be avoided by expansions.

Abstract: This invention provides methods and apparatus for protecting data transmitted using standard compression techniques such as Huffman coding. After input data is preprocessed (filtered, quantized, etc.), the data is encoded using a Huffman coder based on Huffman codes or code books which have been scrambled to change the order of the code books and/or codes from established standard Huffman code books and/or codes. When the transmitted information is received by a Huffman code receiver, the received data may be decoded using the scrambled Huffman code book/codes to obtain the data that was transmitted by the transmitter.

Abstract: A method for encrypting and decrypting two-dimensional data is provided using a selected fractal a square fractal key matrix size and associated fractal computation initialization values. The fractal key matrix is computed iteratively, changing fractal parameters as necessary, to obtain a full rank fractal key matrix. Data to be encrypted is buffered in a two-dimensional matrix to allow matrix multiplication between the buffered data matrix and the fractal key matrix. The encrypted data, the encrypted data matrix dimensions, and the fractal parameters necessary to regenerate the fractal key are transmitted to a receiver that recreates the fractal key from the fractal parameters. The receiver additionally generates the fractal key matrix inverse. The data is decrypted by a matrix multiplication of the encrypted data and the fractal key matrix inverse.