Abstract: A system and method are provided for enabling a password reset mechanism for a secured device that verifies a digital signature on a password reset message. The password reset message has been generated by a password reset service for an authorized administrator associated with the secured device. The password reset mechanism allows the authorized administrator to make a request to the password reset service for a password reset, and receive the password reset message such that a password reset can be performed at the secured device. In this way, the secured device's password can be reset absent a connection to a command and control center or other service.

Abstract: A system and method are provided for enabling a password reset mechanism for a secured device that verifies a digital signature on a password reset message. The password reset message has been generated by a password reset service for an authorized administrator associated with the secured device. The password reset mechanism allows the authorized administrator to make a request to the password reset service for a password reset, and receive the password reset message such that a password reset can be performed at the secured device. In this way, the secured device's password can be reset absent a connection to a command and control center or other service.

Abstract: A system and method are provided for enabling a password reset mechanism for a secured device that verifies a digital signature on a password reset message. The password reset message has been generated by a password reset service for an authorized administrator associated with the secured device. The password reset mechanism allows the authorized administrator to make a request to the password reset service for a password reset, and receive the password reset message such that a password reset can be performed at the secured device. In this way, the secured device's password can be reset absent a connection to a command and control center or other service.

Abstract: Accelerated computation of combinations of group operations in a finite field is provided by arranging for at least one of the operands to have a relatively small bit length. In a elliptic curve group, verification that a value representative of a point R corresponds the sum of two other points uG and vG is obtained by deriving integers w,z of reduced bit length and that v=w/z. The verification equality R=uG+vQ may then be computed as ?zR+(uz mod n)G+wQ=O with z and w of reduced bit length. This is beneficial in digital signature verification where increased verification can be attained.

Abstract: A system and method are provided for having a device in a communication system update an operational policy for the device by encoding a policy update in a virtual machine language used by a virtual machine on the device, having the policy update signed by a trusted entity, and sending a message comprising the signed policy update to the device to enable the device to implement the policy update using the virtual machine on the device. A system and method are also provided for updating an operational policy on a device in a communication system by receiving, at the device, a message comprising a signed policy update that has been signed by a trusted entity, the policy update being encoded in a virtual machine language used by a virtual machine on the device, verifying the signed policy update, and implementing the policy update using the virtual machine on the device when the policy update is verified.

Abstract: A system and method are provided for enabling a password reset mechanism for a secured device that verifies a digital signature on a password reset message. The password reset message has been generated by a password reset service for an authorized administrator associated with the secured device. The password reset mechanism allows the authorized administrator to make a request to the password reset service for a password reset, and receive the password reset message such that a password reset can be performed at the secured device. In this way, the secured device's password can be reset absent a connection to a command and control center or other service.

Abstract: A system and method are provided for having a device in a communication system update an operational policy for the device by encoding a policy update in a virtual machine language used by a virtual machine on the device, having the policy update signed by a trusted entity, and sending a message comprising the signed policy update to the device to enable the device to implement the policy update using the virtual machine on the device. A system and method are also provided for updating an operational policy on a device in a communication system by receiving, at the device, a message comprising a signed policy update that has been signed by a trusted entity, the policy update being encoded in a virtual machine language used by a virtual machine on the device, verifying the signed policy update, and implementing the policy update using the virtual machine on the device when the policy update is verified.

Abstract: Accelerated computation of combinations of group operations in a finite field is provided by arranging for at least one of the operands to have a relatively small bit length. In a elliptic curve group, verification that a value representative of a point R corresponds the sum of two other points uG and vG is obtained by deriving integers w,z of reduced bit length and that v=w/z. The verification equality R=uG+vQ may then be computed as ?zR+(uz mod n)+wQ=O with z and w of reduced bit length This is beneficial in digital signature verification where increased verification can be attained.

Abstract: A signature scheme is provided in which a message is divided in to a first portion which is hidden and is recovered during verification, and a second portion which is visible and is required as input to the verification algorithm. A first signature component is generated by encrypting the first portion alone. An intermediate component is formed by combining the first component and the visible portion and cryptographically hashing them. A second signature component is then formed using the intermediate component and the signature comprises the first and second components with the visible portion. A verification of the signature combines a first component derived only from the hidden portion of the message with the visible portion and produces a hash of the combination. The computed hash is used together with publicly available information to generate a bit string corresponding to the hidden portion.

Abstract: A potential bias in the generation of a private key is avoided by selecting the key and comparing it against the system parameters. If a predetermined condition is attained it is accepted. If not it is rejected and a new key is generated.

Abstract: The present invention provides a new trapdoor one-way function. In a general sense, some quadratic algebraic integer z is used. One then finds a curve E and a rational map defining [z] on E. The rational map [z] is the trapdoor one-way function. A judicious selection of z will ensure that [z] can be efficiently computed, that it is difficult to invert, that determination of [z] from the rational functions defined by [z] is difficult, and knowledge of z allows one to invert [z] on a certain set of elliptic curve points. Every rational map is a composition of a translation and an endomorphism. The most secure part of the rational map is the endomorphism as the translation is easy to invert. If the problem of inverting the endomorphism and thus [z] is as hard as the discrete logarithm problem in E, then the size of the cryptographic group can be smaller than the group used for RSA trapdoor one-way functions.

Abstract: A potential bias in the generation of a private key is avoided by selecting the key and comparing it against the system parameters. If a predetermined condition is attained it is accepted. If not it is rejected and a new key is generated.