Abstract: A tree is used to partition stateless receivers in a broadcast content encryption system into subsets. Two different methods of partitioning are disclosed. When a set of revoked receivers is identified, the revoked receivers define a relatively small cover of the non-revoked receivers by disjoint subsets. Subset keys associated with the subsets are then used to encrypt a session key that in turn is used to encrypt the broadcast content. Only non-revoked receivers can decrypt the session key and, hence, the content.

Abstract: A tree is used to partition stateless receivers in a broadcast content encryption system into subsets. Two different methods of partitioning are disclosed. When a set of revoked receivers is identified, the revoked receivers define a relatively small cover of the non-revoked receivers by disjoint subsets. Subset keys associated with the subsets are then used to encrypt a session key that in turn is used to encrypt the broadcast content. Only non-revoked receivers can decrypt the session key and, hence, the content.

Abstract: A tree is used to partition stateless receivers in a broadcast content encryption system into subsets. Two different methods of partitioning are disclosed. When a set of revoked receivers is identified, the revoked receivers define a relatively small cover of the non-revoked receivers by disjoint subsets. Subset keys associated with the subsets are then used to encrypt a session key that in turn is used to encrypt the broadcast content. Only non-revoked receivers can decrypt the session key and, hence, the content.

Abstract: A method and system for preserving the integrity of a negotiation that includes providing an architecture which includes a center A, and a plurality of users B.sub.1, B.sub.2, . . . , B.sub.n. each user B.sub.i generates an input X.sub.i, which is input to the center A. The center A computes and publishes a function F(X.sub.1, X.sub.2, . . . , X.sub.n) based on the input messages it receives. Each user B.sub.i (1<=i<=n) communicates with the center A, exclusively. Center A publishes additional information which lets each of the users verify that F was computed correctly, and prevents a coalition of any one subset of the users from learning anything which cannot be computed just from the output of the function, F(X.sub.1, . . . ,X.sub.n), and from their own inputs, or information about the inputs of other users.

Abstract: A system and method for aggregating rankings from a plurality of ranking sources to generate a maximally consistent ranking by minimizing a distance measure. The ranking sources may be search engines executing queries on web pages that have been deliberately modified to cause an incorrect estimate of their relevance. The invention supports combining partial rankings.

Abstract: A tree is used to partition stateless receivers in a broadcast content encryption system into subsets. Two different methods of partitioning are disclosed. When a set of revoked receivers is identified, the revoked receivers define a relatively small cover of the non-revoked receivers by disjoint subsets. Subset keys associated with the subsets are then used to encrypt a session key that in turn is used to encrypt the broadcast content. Only non-revoked receivers can decrypt the session key and, hence, the content.

Abstract: A method for tracing traitor receivers in a broadcast encryption system. The method includes using a false key to encode plural subsets representing receivers in the system. The subsets are derived from a tree using a Subset-Cover system, and the traitor receiver is associated with one or more compromised keys that have been obtained by a potentially cloned pirate receiver. Using a clone of the pirate receiver, the identity of the traitor receiver is determined, or the pirate receiver clones are rendered useless for decrypting data using the compromised key by generating an appropriate set of subsets.

Abstract: An encryption key matrix has rows grouped into segments, with a set of one segment per column establishing a slot. Slots are assigned to device manufacturers, with the keys of the slots then being assigned to decryption devices made by the respective manufacturer. In generating the slots, the number “q” of segments in a column is first defined such that a predetermined maximum number of devices can be revoked devices (in that all the keys held by the device are revoked) while ensuring that a good device remains a functional device with a probability of at least (1?Q), wherein Q is a predefined device confidence. Once the number “q” of segments has been defined, the slots themselves are defined in a provably non-discriminatory fashion using an error-correcting code such as a Reed-Solomon code.

Abstract: A tree is used to partition stateless receivers in a broadcast content encryption system into subsets. Two different methods of partitioning are disclosed. When a set of revoked receivers is identified, the revoked receivers define a relatively small cover of the non-revoked receivers by disjoint subsets. Subset keys associated with the subsets are then used to encrypt a session key that in turn is used to encrypt the broadcast content. Only non-revoked receivers can decrypt the session key and, hence, the content.

Abstract: A method for secure multi-party function evaluation with a non-limiting application to the holding of auctions. The outcome of an auction can be determined by an auctioneer without learning any information about the bids, except for the bid which determines the clearing price, and without learning any information about the bidders, except for the winning bidder. The security of this information is maintained even after the conclusion of the auction. Moreover, the bidders can individually and privately verify that the auction was conducted correctly, thereby establishing a mechanism for trust. The method is well-suited to the holding of privacy-protected auctions over computer networks because of its high efficiency, requiring only a single round of interactive communication without any communication among the bidders. Furthermore, the bulk of the computation and data communication or the protocol can be done in advance of the auction itself, and is adaptable to distribution via stored media.

Abstract: A system, method, and computer program product for automatically determining in a computationally efficient manner which objects in a collection best match specified target attribute criteria. The preferred embodiment of the invention enables interruption of such an automated determination at any time and provides a measure of how closely the results achieved up to the interruption point match the criteria. An alternate embodiment combines sequential and random data access to minimize the overall computational cost of the determination.

Abstract: A system and method for aggregating rankings from a plurality of ranking sources to generate a maximally consistent ranking by minimizing a distance measure. The ranking sources may be search engines executing queries on web pages that have been deliberately modified to cause an incorrect estimate of their relevance. The invention supports combining partial rankings.

Abstract: A tree is used to partition stateless receivers in a broadcast content encryption system into subsets. Two different methods of partitioning are disclosed. When a set of revoked receivers is identified, the revoked receivers define a relatively small cover of the non-revoked receivers by disjoint subsets. Subset keys associated with the subsets are then used to encrypt a session key that in turn is used to encrypt the broadcast content. Only non-revoked receivers can decrypt the session key and, hence, the content.

Abstract: A method for tracing traitor receivers in a broadcast encryption system. The method includes using a false key to encode plural subsets representing receivers in the system. The subsets are derived from a tree using a Subset-Cover system, and the traitor receiver is associated with one or more compromised keys that have been obtained by a potentially cloned pirate receiver. Using a clone of the pirate receiver, the identity of the traitor receiver is determined, or the pirate receiver clones are rendered useless for decrypting data using the compromised key by generating an appropriate set of subsets.

Abstract: An encryption key matrix has rows grouped into segments, with a set of one segment per column establishing a slot. Slots are assigned to device manufacturers, with the keys of the slots then being assigned to decryption devices made by the respective manufacturer. In generating the slots, the number “q” of segments in a column is first defined such that a predetermined maximum number of devices can be revoked devices (in that all the keys held by the device are revoked) while ensuring that a good device remains a functional device with a probability of at least (1−Q), wherein Q is a predefined device confidence. Once the number “q” of segments has been defined, the slots themselves are defined in a provably non-discriminatory fashion using an error-correcting code such as a Reed-Solomon code.

Abstract: A method is provided for authentication of encrypted messages. A non-malleable public-key encryption technique is employed, so that an eavesdropper cannot employ an encrypted message, previously overheard, to generate a message which, when sent to a recipient, which would pass as a message originating from a valid sender. In a preferred embodiment, a protocol is provided in which, in response to a message authentication request from a sender, a recipient sends the sender a string, encrypted according to the sender's non-malleable public key. The sender decrypts the string using its private key, and sends the recipient a message which is a function of the string and the message to be authenticated. Because of the non-malleability of the public keys, an eavesdropper cannot impersonate the sender or the recipient and produce a disinformation message which would nevertheless contain the correct authorization string.