Abstract: A shared secret key distribution system which enables secure on-line registration for services provided by an application server through an application level security system or firewall utilizes an authentication token containing a server public key. The server public key is used to encrypt a client-generated portion of the shared secret key, and the encrypted client-generated key is sent to the server where it is recovered using a private key held by the server and combined with a server generated portion of the shared secret key to form the shared secret key. The server generated portion of the shared secret key is then encrypted by the client-generated portion of the shared secret key and transmitted to the client for recovery and combination with the client-generated portion of the shared secret key, at which time both the client and server are in possession of the shared secret key, which can then be used for mutual authentication and development of session keys to secure subsequent communications.

Abstract: A system and method for preventing counterfeiting of an identification or transaction card, and for verifying that the user of the card is an authorized user, involves the use of a unique, unalterable serial number and an exclusive OR function to generate a private key protected digital signature. The digital signature is stored on the card together with a card issuer record which contains sufficient information to authenticate the record. User authentication is provided by a personal identification number which is stored on the card. The personal identification number is generated by enciphering the serial number using a password as the key. The same card can be used to store a plurality of card issuer records, each including its own digital signature, and with user authentication for all records provided by a single personal identification number.

Abstract: A system and method for establishing secured communications pathways across an open unsecured network, without compromising the security of any parties to the communication, involves establishing secured gateways or firewalls between the Internet and any party which desires protection by 1.) using a smart card to distribute shared secret keys between a computer which serves as the above-mentioned firewall and a client node on the Internet; 2.) using the shared private keys to establish mutual authentication between the gateway and the smartcard; 3.) generating a session or temporary secret key for use in further communications between the gateway and the client node once communications have been established; and 4.) encrypting further communications using the session key.

Abstract: A cyber wallet in the form of stored and protected account information, which may be "carried" on a tamper resistant portable electronic storage medium such as a smartcard, or stored on the customer's computer (or personal digital assistant, PCMCIA card, or the like) together with the browser/mosaic software, is provide to a customer for the purpose of making electronic payments from the possessor of the wallet to a merchant at a remote site on the Internet. Security of the information contained in the wallet is provided by a public key file containing public keys to be used for encrypting the payment information into an authorization ticket which is sent by the wallet to the merchant, and then forwarded to the account servicer for decryption, the decryption key being in the form or a private key held only by the account servicer, and to which the merchant and other parties have no access.