Abstract: A method for time stamping a digital document employs a two-part time stamp receipt. The first part of the time stamp receipt includes identifying data associated with a document and a nonce. The second part of the time stamp receipt includes a time indication and the nonce. The nonce serves as a link between the first and second parts.

Abstract: A method for time stamping a digital document is disclosed. The document originator creates a time stamp receipt using the document and the current time. The time stamp receipt is submitted to a time stamping authority having a trusted clock. The time stamping authority validates the time stamp receipt by comparing the time value specified in the time stamp receipt to the current time. If the time value specified in the time stamp receipt is within a predetermined time window, the time stamping authority cryptographically binds the time value and document, or the time value and some representation of the document, e.g., by signing the time stamp receipt with its private signature key.

Abstract: A time stamping protocol has two stages referred to as the ticketing stage and the certification stage. During the ticketing stage, the document or other identifying data is sent to the TSA. The TSA generates a “ticket” based on the document or other identifying data and a time indication derived from a trusted clock. The ticket, which serves as an unsigned time stamp receipt, is transmitted back to the document originator. During the certification stage, the holder of the ticket requests a certified time stamp receipt by presenting the ticket to the TSA. The TSA verifies the ticket and generates a signed time stamp receipt, called the ticket stub, which is then transmitted back to the document originator. The ticket stub serves as a “universal time-stamp” that the holder of the ticket stub can use to prove the date of the document.

Abstract: A time stamping protocol has two stages referred to as the ticketing stage and the certification stage. During the ticketing stage, the document or other identifying data is sent to the TSA. The TSA generates a “ticket” based on the document or other identifying data and a time indication derived from a trusted clock. The ticket, which serves as an unsigned time stamp receipt, is transmitted back to the document originator. During the certification stage, the holder of the ticket requests a certified time stamp receipt by presenting the ticket to the TSA. The TSA verifies the ticket and generates a signed time stamp receipt, called the ticket stub, which is then transmitted back to the document originator. The ticket stub serves as a “universal time-stamp” that the holder of the ticket stub can use to prove the date of the document.

Abstract: A method for time stamping a digital document is disclosed. The document originator creates a time stamp receipt by combining the document or other identifying data and a digital time indication. The time stamp receipt is submitted to a time stamping authority having a trusted clock. The time stamping authority optionally validates the time stamp receipt and then computes the age of the time stamp receipt. The time stamping authority creates an aged time stamp receipt by combining the identifying data and time indication contained in the submitted time stamp receipt with the computed age of the time stamp receipt. The time stamping authority cryptographically binds the time information and identifying data in the aged time stamp receipt, e.g., by signing the combination of the identifying data, time indication, and computed age with a private signature generation key.

Abstract: A time-stamping protocol for time-stamping digital documents uses a time-based signature key. A document or other identifying data is sent to a time stamping authority TSA. The TSA has a time-based signature key that the TSA uses to sign time stamp receipts. The signature key is associated with a fixed time reference that is stored in a public key certificate also containing the public verification key. Upon receiving the document, the TSA creates a time stamp receipt by computing a time difference between the time reference associated with the signature key and the time the document was received. The time difference is appended to the document to create a time stamp receipt and the receipt is then signed by the TSA and transmitted to the requestor.

Abstract: The invention discloses how a text document can be marked through the insertion of inter-word blank characters for the purpose of becoming authenticateable. First, text to be marked is edited so as to obtain a canonical form of it conforming to a model. Then, from this canonical form of the text and a secret-key used as inputs, a unique combination of inter-word blank characters positions is computed in which extra blanks are inserted thus, obtaining a marked text document. Authentication of a received marked text document is performed by a recipient, sharing the secret-key, further comparing the received text document to the marked text document so that if they are matching exactly the received text document is accepted as authentic or rejected as fake if not. The invention allows to merge the information necessary to authenticate a text document into the body of the document itself which works as well on soft-copy and hard-copy text documents.

Abstract: A method of marking an original text document in which existing inter-word blank characters are altered is disclosed. A reversible transform is first applied so that inter-word intervals become exclusively comprised of odd numbers of blank characters. Transformed original text is then split in two subsets and an authentication pattern is merged into first subset by adding inter-word blank characters. A blurring pattern is computed which further modify the number of blank characters so as to hide the authentication pattern. Second subset is blurred too before subsets are recombined to obtain a marked text susceptible of authentication. A method of authenticating a text document marked according to the here above method is also disclosed. The system and the methods of the invention permit that a text document be authenticable while authentication pattern is imbedded, and deeply hidden, into the text document itself.

Abstract: A method for time stamping a digital document is disclosed. The document originator creates a time stamp receipt by combining the document and a digital time indication. The time stamp receipt is submitted to a time stamping agent having a trusted clock. The time stamping agent optionally validates the time stamp receipt and then computes the age of the time stamp receipt. If valid, the time stamping agent certifies the time stamp receipt by signing the time stamp receipt with a private signature key. The private signature key is selected from a group of signature keys by the time stamping agent based on the computed age of the time stamp receipt.

Abstract: Computer user authentication and cryptographic key protection through the use of personal entropy (PE) is implemented using a PE answering algorithm which enables a user of a computing system to generate secret values from answers to questions previously created by the user. The questions are displayed to the user on a user interface (UI), and the user is prompted to select a subset of the questions to answer. When the user provides answers for the selected subset, an attempt is made to generate the secret value from a portion of the subset and possibly other information. If the secret value cannot be generated from at least a portion of the selected subset, the user is prompted to select a second subset of the displayed questions and provide answers to the selected second set of questions. When the user provides answers to the second selected subset of questions, an attempt is made to generate the secret value from a portion of the first and second sets of answers and possibly other information.

Abstract: A method and apparatus for ensuring that a key recovery-enabled (KR-enabled) system communicating with a non-KR-enabled system in a cryptographic communication system transmits the information necessary to permit key recovery by a key recovery entity. In a first embodiment, data is encrypted under a second key K that is generated as a one-way function of a first key K′ and a key recovery block KRB generated on the first key K′. The key recovery block KRB and the encrypted data e(K, data) are transmitted to the receiver, who cannot decrypt the data without regenerating the second key K from the first key K′ and the key recovery block KRB. In a second embodiment, data is encrypted under a second key K that is generated independently of the first key K′. A third key X, generated as a one-way function of the first key K′ and a key recovery block KRB generated on the second key K, is used to encrypt the XOR product Y of the first and second keys K′, K.

Abstract: Authentication is provided for secure devices with limited cryptography, particularly for devices which do not have the capability to do public-key cryptography and generate random numbers. An initialization process is disclosed for limited-power Devices which are unable to perform public-key cryptography and generate random-numbers, as well as for full-power Devices which have the capability to do public-key cryptography and generate random numbers. A Challenge-Response procedure is also disclosed for ensuring the secure state of a device.

Abstract: Authentication is provided for secure devices with limited cryptography, particularly for devices which do not have the capability to do public-key cryptography and generate random numbers. An initialization process is disclosed for limited-power Devices which are unable to perform public-key cryptography and generate random-numbers, as well as for full-power Devices which have the capability to do public-key cryptography and generate random numbers. A Challenge-Response procedure is also disclosed for ensuring the secure state of a device.

Abstract: A method, system and apparatus are described which utilize a trusted third party, or Certification Authority (CA) in the generation of a reliable seed to be used in the generation of prime numbers used in public key cryptography. The inclusion of the trusted third party allows for an independent third party to police against first party attacks on the security of the system without increasing the overhead of the system significantly.

Abstract: The invention discloses how a text document can be marked through the insertion of inter-word blank characters for the purpose of becoming authenticateable. First, text to be marked is edited so as to obtain a canonical form of it conforming to a model. Then, from this canonical form of the text and a secret-key used as inputs, a unique combination of inter-word blank characters positions is computed in which extra blanks are inserted thus, obtaining a marked text document. Authentication of a received marked text document is performed by a recipient, sharing the secret-key, further comparing the received text document to the marked text document so that if they are matching exactly the received text document is accepted as authentic or rejected as fake if not. The invention allows to merge the information necessary to authenticate a text document into the body of the document itself which works as well on soft-copy and hard-copy text documents.

Abstract: A method of marking an original text document in which existing inter-word blank characters are altered is disclosed. A reversible transform is first applied so that inter-word intervals become exclusively comprised of odd numbers of blank characters. Transformed original text is then split in two subsets and an authentication pattern is merged into first subset by adding inter-word blank characters. A blurring pattern is computed which further modify the number of blank characters so as to hide the authentication pattern. Second subset is blurred too before subsets are recombined to obtain a marked text susceptible of authentication.

Abstract: A method, system and apparatus for generating primes (p and q) for use in cryptography from secret random numbers and an initialization value whereby the initial secret random numbers are encoded into the generated primes. This eliminates the need to retain the initial secret random numbers for auditing purposes. The initialization value may also be generated from information readily available, if so desired, resulting in additional entropy without the requirement of storing additional information.

Abstract: A method and apparatus for cryptographically transforming an input block into an output block. The input block has a first block size and is partitionable into a plurality of input subblocks having a second block size that is a submultiple of the first block size. To encrypt or decrypt, the input subblocks are passed through respective first substitution functions controlled by one or more keys to generate a first plurality of modified subblocks. The first plurality of modified subblocks are then passed through a mixing function to generate a second plurality of modified subblocks, each of which depends on each of the first plurality of modified subblocks. Finally, the second plurality of modified subblocks are passed through respective second substitution functions controlled by one or more keys to generate a plurality of output subblocks that are combinable into an output block.

Abstract: Authentication is provided for secure devices with limited cryptography, particularly for devices which do not have the capability to do public-key cryptography and generate random numbers. An initialization process is disclosed for limited-power Devices which are unable to perform public-key cryptography and generate random-numbers, as well as for full-power Devices which have the capability to do public-key cryptography and generate random numbers. A Challenge-Response procedure is also disclosed for ensuring the secure state of a device.

Abstract: A method and apparatus for an advanced symmetric key cipher for encryption and decryption, using a block cipher algorithm. Different block sizes and key sizes are supported, and a different sub-key is used in each round. Encryption is computed using a variable number of rounds of mixing, permutation, and key-dependent substitution. Decryption uses a variable number of rounds of key-dependent inverse substitution, inverse permutation and inverse mixing. The variable length sub-keys are data-independent, and can be precomputed.