Abstract: The invention is a method for creating a self-authenticating value document at a senders location and for verifying it at a receivers location. At the senders location a document is created having a machine readable data field, a taggant containing extractable first tag data, and a storage medium with clear text data and the first tag data extracted from said taggant written on it. The clear text, first tag data and data from a machine readable data field collectively make up a document message. The document message is hashed with a hashing algorithm to create a first message digest. The first message digest is digitally signed with a private key to create a digital signature which is written on the storage medium in addition with the clear text data, and the first tag data.

Abstract: A method, and associated apparatus, for generating a pseudo-random number sequence. Determinations are made of compatible configurations of windmill generators for a selected windmill polynomial. Implementation of a windmill generator is made through use of word-oriented memory elements. Words stored in the memory elements are selectively outputted to form portions of a pseudo-random number sequence.

Abstract: A network prevents unauthorized users from gaining access to confidential information. The network has various workstations and servers connected by a common medium and through a router to the Internet. The network has two major components, a Network Security Center (NSC) and security network interface cards or devices. The NSC is an administrative workstation through which the network security officer manages the network as a whole as well as the individual security devices. The security devices are interposed, between each of workstation, including the NSC, and the common medium and operate at a network layer (layer 3) of the protocol hierarchy. The network allows trusted users to access outside information, including the Internet, while stopping outside attackers at their point of entry. At the same time, the network limits an unauthorized insider to information defined in their particular security profile. The user may select which virtual network to access at any given time.

Abstract: A method for assigning keys to a plurality of devices in a public key cryptographic system includes generating a set of more than one master private keys; calculating for each master private key a corresponding master public key; installing in each of the plurality of devices a corresponding device private key derived as a linear combination of at least two of the master private keys from the set of master private keys whereby knowledge of the corresponding device private key installed in any one of the plurality of devices is not sufficient to determine the corresponding device private key of any other of the plurality of devices. A device public key can be calculated as a corresponding combination of the master public keys.

Abstract: A computer implemented method and device for creating object keys to be used with a 4096-bit secret key block cipher data encryption process and a 2048-bit secret key digital signature process. The object keys are dynamic keys, i.e., changing throughout the encryption process. The dynamic object keys are composed of a static initial state that is created by the user and a method that modifies the keys based on seeding from a random session key object. The object key modification is performed for each plaintext data block so that each data block is encrypted using a different key. The initial state of the object key is also used in a block cipher encryption process to encrypt a 512-bit random session key. Data blocks of 64 bytes each are encrypted utilizing a different key, provided by the object key, for each block. The ciphertext (encrypted file) is transmitted into a keyed hashed function that utilizes a 2048-bit object key to produce a unique 2048-bit digital signature that is appended to the ciphertext.

Abstract: In an authentication system for companies, a server appends suitable verification data to an electronic document to be circulated through terminal units for persons in charge. Each terminal is allocated a unique function in advance and applies it to the verification data in turn when receiving the document. Upon receipt of the document that has been circulated through the persons in charge, the server examines the function-applied value appended to the document to determine whether the document has been circulated correctly through the persons in charge, or via the correct route.

Abstract: Certification and authentication services (electronic information signing and archiving services) are given when electronic commerce is carried out in an open network such as Internet. A system has a service supplying unit and service receiving units which are connected to one another through a communication network. In the system, the service supplying unit transmits contract information including a content of a contract to the service receiving units of the service receivers. Each of the service receiving units having received the contract information prepares one party-signed contract information in which the contract information is digitally signed by the service receiver and transmits the one party-signed contract information to the service supplying unit.

Abstract: An authentication method and process are provided. One aspect of the process of the present invention includes authorizing a first on-line revocation server (OLRS) to provide information concerning certificates issued by a certificate authority (CA) that have been revoked. If the first OLRS is compromised, a second OLRS is authorized to provide certificate revocation information, but certificates issued by the CA remain valid unless indicated by the second OLRS to be revoked.

Abstract: A transmission apparatus 100 includes a secret key storage unit 103 that stores three secret keys K1, K2 and K3, a secret key selection unit 104 that selects one secret key Ks from the secret keys, a message generation unit 106 for generating a message M used as a carrier for indicating a secret key, an encryption module 105 for generating a cryptogram Ca by encrypting the generated message M using the secret key Ks, an encryption module 107 for generating a cryptogram Cm by encrypting the message M using the message M itself as the secret key, and two transmission units 111 and 112 for transmitting the cryptograms Ca and Cm to the reception apparatus 200 to indicate the selected secret key Ks.

Abstract: A method and apparatus for use in encrypting and decrypting digital communications converting an initial block to final block based on freely selectable control information and secret key information. The apparatus or method having a plurality of units or steps operating on plain text or cipher text to provide a final block. The steps or methods including three modulo operations having unique modulus and meeting a specified constraint.

Abstract: A system and method are provided for using a second resource to store a data element from a first resource in a stack. A data element X.sub.N+1 and a signature S[N] are signed at a first resource to obtain a signature S[X.sub.N+1, S [N]], where N is an integer. The data element X.sub.N+1 and the signature S[N] are sent from the first resource to the second resource to be stored in a stack. The signature S[X.sub.N+1,S[N]] is stored at the first resource.

Abstract: A system and method are provided for storing a data element from a first resource in a queue at a second resource. A combination of a data element X.sub.N+1 and a signature S.sub.Q =S[N] are signed at a first resource to obtain a signature S[X.sub.N+1,S[N]], where N is an integer. The data element data element X.sub.N+1 and the signature S[X.sub.N+1,S[N]] are sent from the first resource to the second resource to be stored in the queue at the second resource. The signature S[X.sub.N+1,S[N]] is stored at the first resource as the new value for S.sub.Q.

Abstract: A new structure for a secret key cryptography algorithm uses double exclusive-or (XOR) encryption (e.sub.i =k1.sub.i XOR m.sub.i XOR k2.sub.1), analogue to a stream cipher arrangement, but providing data integrity protection. The double XOR encryption creates an inner sequence, for example s.sub.i =k1.sub.i XOR m.sub.i for the encryption process, s.sub.i =k2.sub.i XOR e.sub.i for the decryption process, which is unknown to the adversary and is used as a starting point for feedback on the very key streams used in the encryption of following bits of the message. In its preferred embodiment, this structure is the Frogbit data integrity algorithm which uses 10 independent pseudo-random sources. The Frogbit algorithm is well suited to the design and implementation of "semi-proprietary" ciphers, where the overall design is publicly known and peer-reviewed but a significant amount of the implementation specification is left open to private customization.

Abstract: A transmission apparatus 100 includes a secret key storage unit 103 that stores three secret keys K1, K2 and K3, a secret key selection unit 104 that selects one secret key Ks from the secret keys, a message generation unit 106 for generating a message M used as a carrier for indicating a secret key, an encryption module 105 for generating a cryptogram Ca by encrypting the generated message M using the secret key Ks, an encryption module 107 for generating a cryptogram Cm by encrypting the message M using the message M itself as the secret key, and two transmission units 111 and 112 for transmitting the cryptograms Ca and Cm to the reception apparatus 200 to indicate the selected secret key Ks.