Abstract: Authenticating a user by presenting an authentication instruction to an individual via any computing device output interfaces, the authentication instruction selected from an identity authentication profile, receiving a response to the authentication instruction via any input methods supported by the computing device, the response including content provided through the performance of an action, determining a current action measurement for characteristics associated with the action, and a current content measurement for characteristics associated with the content, where the characteristics are associated with the authentication instruction, determining that each of the measurements matches a corresponding benchmark associated with the authentication instruction to within a predefined tolerance, where the benchmarks are selected from the identity authentication profile and performing the presenting, receiving, and determining steps for each of a predefined number of authentication instructions selected from the

Abstract: Authenticating a user by presenting an authentication instruction to an individual via any computing device output interfaces, the authentication instruction selected from an identity authentication profile, receiving a response to the authentication instruction via any input methods supported by the computing device, the response including content provided through the performance of an action, determining a current action measurement for characteristics associated with the action, and a current content measurement for characteristics associated with the content, where the characteristics are associated with the authentication instruction, determining that each of the measurements matches a corresponding benchmark associated with the authentication instruction to within a predefined tolerance, where the benchmarks are selected from the identity authentication profile and performing the presenting, receiving, and determining steps for each of a predefined number of authentication instructions selected from the

Abstract: A method and system for detecting authorized programs within a data processing system. The present invention creates a validation structure for validating a program. The validation structure is embedded in the program and in response to an initiation of the program, a determination is made as to whether the program is an authorized program. The determination is made using the validation structure.

Abstract: A system for identifying the authorized receiver of any particular copy of a document. More specifically, each particular copy of a document is fingerprinted by applying a set of variations to a document, where each variation is a change in data contents, but does not change the meaning or perusal experience of the document. A database associating a set of variants to a receiver is maintained. Thus any variant or copy of that variant can be traced to an authorized receiver.

Abstract: A multinode, multicast communications network has a distributed control for the creation, administration and operational mode selection operative in each of the nodes of the network. Each node is provided with a Set Manager for controlling either creation of, administration or access to a set of users to whom a multicast is to be directed. The Set Manager maintains a record of the local membership of all users associated with the node in which the Set Manager resides. A given Set Manager for each designated set of users is assigned the task of being the Set Leader to maintain membership information about the entire set of users in the multicast group. One of the Set Managers in the communications network is designated to be the Registrar which maintains a list of all the Set Leaders in the network. The Registrar insures that there is one and only one Set Leader for each set of users, answers inquiries about the membership of the sets and directs inquiries to appropriate Set Leaders if necessary.

Abstract: This invention deals with a safe key distribution and authentication in a data communication network (e.g. wireless LAN type of network).The network includes a network manager to which are connected, via a LAN wired circuit, one or more base stations. Individual remote stations are, in turn, wirelessly connected to an installed base station.One essential function for achieving security in such a network, is a mechanism to reliably authenticate the exchanges of data between communicating parties. This involves the establishment of session keys, which keys need to be distributed safely to the network components. An original and safe method is provided with this invention for key distribution and authentication during network installation, said method including using the first installed base station for generating a network key and a backbone key, and then using said first installed base station for subsequent remote station or additional base station installations while avoiding communicating said network key.

Abstract: In a communications system comprising a number of base stations, each base station communicating over a shared communication channel with a plurality of registered stations and controlling the network cell formed by said plurality of registered stations, a method is described for dynamically registering and deregistering mobile stations. Each station owns a unique address and is allocated a local identifier at registration time. Each network cell owns a unique cell identifier known to all registered stations belonging to this network cell. Base stations manage cell members data uniquely associating the unique address and the local identifier corresponding to each one of the mobile stations belonging to their network cell.

Abstract: In a communications system, a method is described allowing two users having established a communication session identified by a unique session freshness proof, to transmit and validate a new value of a variable by using an exchange certificate which combines the following elements: the new value of the variable, a common secret key known by both users, an exchange counter representative of the number of values of said variable transmitted between the two users during the current communication session and a session freshness proof. Protection against potential eavesdroppers and intruders is provided by combining cryptographically the elements of the exchange certificate.

Abstract: A packet communications network in which multicast transmissions are made reliable by transmitting acknowledgements to all neighbors of every receiving node, including the source node. This allows the relinquishment of message holding buffers as soon as all near neighbors acknowledge receipt of the message after only tile longest round trip time to the nearest neighbors, rather than the round trip to the furthest destination. Moreover, highly reliable ancillary point-to-point transmission facilities can be used to retransmit multicast messages indicated as being lost by failure of acknowledgment. Finally, network partitions occurring during the multicast procedure do not necessarily lose the multicast message to the remote partitions since any node receiving the message can insure delivery to all other nodes in that partition.

Abstract: A method and apparatus for providing authentication among a dynamically selected group of users in a communication system with a dynamically changing network topology. With this invention, freshness information and alleged identity information are transmitted from each of the users in the group using available paths in the network. A group key is then generated, and coded information, derived from the group key and the above transmitted information, is sent to each of the users. Each unit of coded information is accompanied by an identifying tag so as to identify which of the users is to use the appropriate unit of coded information. Each alleged user will then extract the group key from a corresponding coded information unit only if it shares an appropriate secret with a server. Without knowledge of the group key, a user cannot be authenticated.

Abstract: A method of verifying the authenticity of a message transmitted from a sender to a receiver in a communication system is partitioned into three stages. In the first stage, a key is secretly exchanged between the sender and receiver. This key is a binary irreducible polynomial p(x) of degree n. In addition, the sender and receiver share an encryption key composed of a stream of secret random, or pseudo-random bits. In the second stage, the sender appends a leading non-zero string of bits, which, in the simplest case, may be a single "1" bit, and n tail bits "0" to M to generate an augmented message, this augmented message considered as a polynomial having coefficients corresponding to the message bits. If the length of the message is known and cryptographically verified, then there is no need for a leading "1". The sender then computes a polynomial residue resulting from the division of the augmented message polynomial generated by the key polynomial p(x) exchanged by the sender and receiver.

Abstract: A packet communications system provides for point-to-point packet routing and multicast packet routing to limited subsets of nodes in the network, using a routing field in the packet header which is processed according to two different protocols. A third protocol is provided in which a packet can be multicast to the limited subset even when launched from a node which is not a member of the subset. The routing field includes a first portion which contains the route labels necessary to deliver the packet to the multicast subset. A second portion of the routing field contains the multicast subset identifier which can then be used to deliver the packet to all of the members of the multicast subset. Provision is made to backtrack deliver the packet to the last node identified before the multicast subset if that last node is itself a member of the subset.

Abstract: Method and apparatus for authenticating users (entities) of a computer network based on the entity's identification is described. Keys for each party of a potential session are derived by projections stored at each party's location. The projections are based on a partially computed function which can be in encryption by some key of the user identification or a multivariable polynomial or other function which is partially evaluated for one user's identification. Each user evaluates his projection with the other user/party's identification. The evaluated quantities are compared using a validation routine. The method requires only one basic piece of information, the projection to be distributed to each user, and does not need specific keys for specific users (or other users' information stored in one user's memory or global network). The method enables adding users to the system directory in a flexible way, without having to notify users of the addition.

Abstract: An arrangement of authenticating communications network users and means for carrying out the arrangement. A first challenge N1 is transmitted from a first user A to a second user B. In response to the first challenge, B transmits a first response and second challenge N2 to A. A verifies the first response. A then generates and transmits a second response to the second challenge to B, where the second response is verified. The first response must be of a minimum formf(S1, N1, . . . ),and the second response must be of the minimum formg(S2, N2, . . . ).S1 and S2 are shared secrets between A and B. f() and g() are selected such that the equationf'(s1,N1', . . . )=g(S2, N2)cannot be solved for N1' without knowledge of S1 and S2. f'() and N1' represent expressions on a second reference connection. Preferably, the function f() may include the direction D1 of the flow of the message containing f(), as in f(s1, N1, D1, . . . ). In such a case, f() is selected such that the equationf'(S,N1',D1', . . . )=f(S, N2, D1, .

Abstract: A method and system for detecting authorized programs within a data processing system. The present invention creates a validation structure for validating a program. The validation structure is embedded in the program and in response to an initiation of the program, a determination is made as to whether the program is an authorized program. The determination is made using the validation structure.