Abstract: A file editing system that provides a high file content secrecy, a file version management, and an asynchronous editing is disclosed. For a high file content secrecy, the block data of files managed by a file management server device are enciphered in units of blocks, and a client device obtains the block data of the desired file in enciphered state, deciphers the obtained block data in units of blocks, carries out an editing of the desired file to obtain editing data, enciphers the editing data in units of blocks, and transmits the enciphered editing data to the file management server device.

Abstract: A method and system of generating random numbers using imaging transducers of a charge coupled array. Noise signals detected by a first and a second imaging transducers of the array are processed together to yield a first value; noise signals detected by a third and a fourth imaging transducers are processed together to yield a second value; the first and second values are processed together to yield the random number.

Abstract: A system for certifying authorizations includes an authorizing computer and an authorized computer interconnected by a computer network. The authorizing computer creates a public key pair comprising a new public key and a new private key, and creates an authorization certificate that certifies that a holder of the authorization certificate is authorized to perform an action referred to in the authorization certificate. The authorization certificate includes the new public key. The authorizing computer causes the authorization certificate and the new private key to be transmitted to the authorized computer. The authorized computer receives the authorization certificate and the new private key and decrypts messages using the new private key as evidence that the authorized computer has obtained the authorization certificate legitimately.

Abstract: A system for managing a digital content, particularly a digital content to which a copyright is claimed, and a system for supplying a public-key which is used in the management of the digital content are provided. The digital content management program is embedded to an operating system of a user apparatus as a micro kernel, a watch program or a watch command which is linked to the digital content management program is transmitted to the user apparatus by using a network or data broadcasting, and thereby, the illegitimate usage of the digital content is watched. A visible watermark is added to the digital content when illegitimately utilized, to restrain later usage. Even in regular usage, the route of copying or transferring the digital content can also be ascertained by adding an invisible watermark. Further, a public-key is put in a public-key distribution screen to be distributed by the network or broadcasting.

Abstract: A system for open electronic commerce having a customer trusted agent securely communicating with a first money module, and a merchant trusted agent securely communicating with a second money module. Both trusted agents are capable of establishing a first cryptographically secure session, and both money modules are capable of establishing a second cryptographically secure session. The merchant trusted agent transfers electronic merchandise to the customer trusted agent, and the first money module transfers electronic money to the second money module. The money modules inform their trusted agents of the successful completion of payment, and the customer may use the purchased electronic merchandise. A certificate data signed by a trusted authority is stored in a tamper proof electronic processing device, which certificate includes a unique device ID and a public key of the device, in addition to device owner ID data.

Abstract: The invention relates to a method of importing information, in particular application information, onto a chip card which has a memory with a directory. The information being transferred onto the chip card comprises data and code, and it is often necessary to distribute these data and the code to different files in the directory. The method of the invention establishes whether the data and the code have been placed properly in the various files. The invention makes it possible to verify whether the information has been placed in the proper location allocated to it in the memory of the chip card. When an application is to be placed onto a chip card, the information is loaded into the chip card memory but is no allowed to be used until its location on the card is verified. Verification is accomplished by calculating an electronic fingerprint of the information and it's location.

Abstract: A digital wallet stores an cryptographically camouflaged access-controlled datum, e.g., a private key encrypted under the user's PIN. Entry of the correct PIN will correctly decrypt the stored key. Entry of certain pseudo-valid PINs will also decrypt the stored key, but improperly so, resulting in a candidate key indistinguishable from the correct key. Such pseudo-valid PINs are spread thinly over the space of PINs, so that the user is unlikely to realize a pseudo-valid PIN via a typographical error in entering the correct PIN. In existing wallet technologies, which lack pseudo-valid PINs, only the correct PIN produces a decrypted key; thus, hackers can find the correct PIN by entering all possible PINs until a key is produced. The present invention's plurality of candidate keys prevent a hacker from knowing when he has found the correct key. In addition, hacker detection may be moved off-line into devices accepting messages signed with candidate keys, and/or the lockout threshold may be increased.

Abstract: A transaction evidencing system includes a personal computer (PC) comprising a processor, memory and hard drive, with a plurality of non-metering application programs that selectively run on the PC. An unsecured printer is operatively coupled to the PC for printing in accordance with the non-metering application programs. A portable vault card that is removably coupled to the PC is programmed to generate tokens generation and perform transaction accounting. An application interface module in the PC, which interfaces with the non-metering application programs, issues a request for digital tokens in response to requests for indicia from a non-metering application program. A secure communications module in the PC, which securely communicates with the vault card when the vault card is coupled to the PC, sends the request for digital token to the vault card and receives a digital token generated by the vault card.

Abstract: A method and apparatus for simultaneously encrypting and compressing data identifies an encryption key and uses the encryption key to identify one compression algorithm from a set of compression algorithms. The data is then compressed according to the one compression algorithm.

Abstract: A cryptographic information and communication system of the knapsack type characterized by secret logical segregation of the key sets into sections by different construction methods, where different transformations are applied to different sections, and characterized by non-constant number of subset sum solutions to ciphertext, where resolution protocols are employed when necessary to resolve non-unique subset sum solutions at the decryptor.

Abstract: A rolling code transmitter is useful in a security system for providing secure encrypted RF transmission comprising an interleaved trinary bit fixed code and rolling code. A receiver demodulates the encrypted RF transmission and recovers the fixed code and rolling code. Upon comparison of the fixed and rolling codes with stored codes and determining that the signal has emanated from an authorized transmitter, a signal is generated to actuate an electric motor to open or close a movable barrier.

Abstract: A transaction evidencing system includes a plurality of computer systems operatively configured to form a network with one of the computer systems functioning as a server and the remaining computer systems functioning as clients. Each of the computer systems includes a processor, memory and storage media. At least some of the storage means includes non-metering application programs that are selectively run on the client computer systems. An unsecured printer is operatively coupled to at least one of the computer systems for printing in accordance with the non-metering application programs. A portable vault card, which is removably coupled to the server computer system, includes digital token generation and transaction accounting processing. The client computer systems issue requests for digital tokens to the server computer system in response to requests for indicia from the non-metering application programs.

Abstract: A network security device 10 is connected between a protected client 12 and a network 100. The network security device 10 negotiates a session key with any other protected client. Then, all communications between the two clients are encrypted. The inventive device is self-configuring and locks itself to the IP address of its client 12. Thus, the client 12 cannot change its IP address once set and therefore cannot emulate the IP address of another client. When a packet is transmitted from the protected host, the security device 10 translates the MAC address of the client to its own MAC address before transmitting the packet into the network. Packets addressed to the host, contain the MAC address of the security device. The security device 10 translates its MAC address to the client's 12 MAC address before transmitting the packet to the client 12.

Abstract: A method for an issuer party to issue DSA-like secret-key certificates that can be blinded only restrictively. The method includes the step of generating a secret key (x.sub.0,y) and a public key (descr(G.sub.q), g, h.sub.0, g.sub.1, descr((.cndot.))), wherein q is a prime number, Gq is a group of order q, in which computing discrete logarithms is substantially infeasible, but in which multiplication, determination of equivalence of elements and generation of substantially random numbers is relatively easy, descr(G.sub.q) is a description of G.sub.q including q, descr((.cndot.)) is the description of a hash-function (.cndot.) for which computing inverses is substantially infeasible, x.sub.0, and y are elements of the ring, of integers modulo q, g is an element of order q in the group, G.sub.q, h.sub.o is equal to g.sup.x.sbsp.0 ; and g.sub.1 is equal to g.sup.y. The method further includes the step of issuing to a receiver party a secret-key certificate (r,a) in on a public key h in G.sub.

Abstract: A RSA encryption scheme includes a modulus in which at least one set of bits is of a predetermined configuration. The configuration may be selected to replicate the identity of the recipient or other information normally transmitted between the parties or may be information stored by the sender to allow only the balance of the modulus to be transmitted with the sender subsequently reconstructing the modulus.

Abstract: A method and system for enabling the use of a single client certificate to be used in SNA communications to ensure security such that the certificate cannot be intercepted and reused yet still allowing the use of a single certificate for multiple applications. This avoids the need for a connected trusted third party or a multiplicity of user id and password pairs.

Abstract: A message guaranty system for having a reliable third party (evidence preparing server) prepare evidence information attesting to the transmission and reception of a message by a transmitting and a receiving terminal. When the transmitting terminal furnishes the target message with evidence information before transmitting them to the destination, the system attests to the transmission and reception of that message once they are completed. When a message is to be sent illustratively from a workstation (WS) 1 to a workstation (WS) 2, the third-party evidence preparing server on the network first prepares transmission evidence based on a request from the WS 1 and sends it to the WS 1. The WS 1 sends the message along with the evidence to the WS 2. The evidence preparing server then prepares reception evidence based on a request from an evidence verifying server (a third party) acting for the WS 2.

Abstract: An apparatus and process for hiding the secondary image within the primary image and generating a high quality hard copy of the unified elemental image of a variety of media. The process comprises the steps of rasterizing the first image into an first elemental image and rasterizing the second image, compensated with its own inverse, into an second elemental image. The first elemental image and the second elemental image are merged into a unified elemental image based on a predetermined decoding and compensating principle, resulting in the second elemental image being hidden within the first elemental image. An output image is created based on the unified elemental image where the primary image is visible to an un-aided eye while the secondary image is hidden from the un-aided eye.

Abstract: A copy prevention method and apparatus of a digital magnetic recording/reproducing system performs the copy prevention function by encoding to insert a marker involving copy prevention function information and executing the function and allows a program supplier to realize a desired copy prevention function of various patterns, in which the marker formed by a control word for scrambling audio and video bit straps and copy prevention information for preventing an illegal copy is encrypted by an encoded key to be multiplexed with the audio and video bit strips scrambled by the control word. The marker transmitted is detected from the bit strips to be decrypted and analyzed by the encoded key to determine whether the copy is permitted or not, so that the detected marker is updated to be recorded on a video tape and the control word is produced from the marker to perform the descrambling to supply the result to a monitor to be displayed.

Abstract: .[.A copy prevention method and apparatus of a digital magnetic recording/reproducing system performs the copy prevention function by encoding to insert a marker involving copy prevention function information and executing the function and allows a program supplier to realize a desired copy prevention function of various patterns, in which the marker formed by a control word for scrambling audio and video bit straps and copy prevention information for preventing an illegal copy is encrypted by an encoded key to be multiplexed with the audio and video bit strips scrambled by the control word. The marker transmitted is detected from the bit strips to be decrypted and analyzed by the encoded key to determine whether the copy is permitted or not, so that the detected marker is updated to be recorded on a video tape and the control word is produced from the marker to perform the descrambling to supply the result to a monitor to be displayed.