Abstract: The consumption of organic solids with anaerobic digestion to generate usable gases including methane is made more efficient by maintaining the ideal digestion temperature, which is attained by combining the anaerobic digestion process with a halogen digester which produces heat energy and hydrogen gas. With a given biological feedstock four outputs can be generated (methane, hydrogen, electricity, and heat) in the ratio that makes the most economical sense. The process also provides a significant reduction in volume of output solids. The halogen oxidation process can be used on all the anaerobic digester effluent to extract more energy and oxidize a wet feedstock. If there are solids which are not easily digested with the anaerobic process, these solids can be diverted to the halogen digester to derive more energy from the feedstock. Pathogens common to other anaerobic digester effluents are removed.

Abstract: This invention provides a mechanism for performing secure configuration and data changes between a PSD and a hardware security module (HSM) using a communications pipe established between said PSD and said HSM. The data changes and configuration changes include but are not limited to installing, updating, replacing, deleting digital certificates cryptographic keys, applets, other digital credentials, attributes of installed objects, or other stored proprietary information.

Abstract: This system for executing a program to which access by a user is controlled by credentials includes a terminal (T), first memory means (F) associated with said program for storing at least first credentials specific to said user, access control means for authorizing access to said program in response to a match between said first credentials and second credentials applied via said terminal, and a security device (PSD) personal to said user, associated with said terminal and including second memory means (M) for secure storage of said second credentials. The terminal (T) includes at least some of credentials management means (CMP) including means for reading said second credentials and transmitting them to said access control means in response to presentation of a request to access said program, and credentials updating; means for selectively commanding the generation and loading into said first and second memory means (F, M) of new credentials replacing the credentials previously stored.

Abstract: A blocking Personal Security Device (PSD) is disclosed which is intended to protect the privacy of one or more contactless PSDs present within a common RF field generated by a contactless PSDs RF reader. The blocking PSD is programmed to exploit an anti-collision protocol used by the RF reader. The blocking PSD prevents the RF reader from accessing a contactless PSD within the common RF field by ignoring wait time commands and repeatedly responding to the RF reader's interrogations.

Abstract: A data processing system and method for generating and installing a master key replacement key and a new master key post issuance without using a potentially compromised master key to access a PSD's security executive.

Abstract: This system for executing a program to which access by a user is controlled by credentials includes a terminal (T), first memory means (F) associated with said program for storing at least first credentials specific to said user, access control means for authorizing access to said program in response to a match between said first credentials and second credentials applied via said terminal, and a security device (PSD) personal to said user, associated with said terminal and including second memory means (M) for secure storage of said second credentials. The terminal (T) includes at least some of credentials management means (CMP) including means for reading said second credentials and transmitting them to said access control means in response to presentation of a request to access said program, and credentials updating; means for selectively commanding the generation and loading into said first and second memory means (F, M) of new credentials replacing the credentials previously stored.

Abstract: This system for executing a program to which access by a user is controlled by credentials includes a terminal (T), first memory means (F) associated with said program for storing at least first credentials specific to said user, access control means for authorizing access to said program in response to a match between said first credentials and second credentials applied via said terminal, and a security device (PSD) personal to said user, associated with said terminal and including second memory means (M) for secure storage of said second credentials. The terminal (T) includes at least some of credentials management means (CMP) including means for reading said second credentials and transmitting them to said access control means in response to presentation of a request to access said program, and credentials updating means for selectively commanding the generation and loading into said first and second memory means (F, M) of new credentials replacing the credentials previously stored.

Abstract: The terminal includes a terminal module (1) and a personal security device (31). The terminal module (1) is adapted to receive high-level requests from an application (Fap) installed on an electronic unit. The high-level requests are independent of the personal security device (31). The terminal module (1) and/or the personal security device (31) includes a reprogrammable memory for storing and a unit for executing a filter program (F) translating the high-level requests into at least one of either (i) at least one sequence of exchanges of data between the terminal module (1) and the user or (ii) a sequence of at least one elementary command that can be executed by the personal security device, together with a unit for protecting the filter program (F, 62) to prevent any modification of the filter program by an unauthorized entity. The filter program includes a unit for identifying and/or authenticating the source of requests sent by the application (Fap) installed in the electronic unit.

Abstract: This patent application describes a data processing system and method for securely storing and retrieving a cryptographic secret from a plurality of network-enabled clients. The cryptographic secret is encrypted using a split key arrangement where a first key component is generated and stored inside a hardware security token and a second key component is generated and stored on a server. Random variables and dynamic passwords are introduced to mask the key components during transport. In order to gain access to the first password, the user is required to enter his or her PIN. The key encryption key is generated by performing a series of XOR operations, which unmasks the first and second key components on a client allowing generation of a symmetric key The symmetric key is used to encrypt the cryptographic secret at the user's normal client and decrypt the cryptogram at another client lacking the cryptographic secret.

Abstract: This invention provides a mechanism for performing secure configuration and data changes between a PSD and a hardware security module (HSM) using a communications pipe established between said PSD and said HSM. The data changes and configuration changes include but are not limited to installing, updating, replacing, deleting digital certificates, cryptographic keys, applets, other digital credentials, attributes of installed objects, or other stored proprietary information.

Abstract: This patent describes a data processing system and method for performing mutual authentications between two security tokens by generation of a common cryptographic key. The common cryptographic key is generated using unique identifiers associated with each security token that diversify a common master key. The generation process incorporates a message digest function such as SHA-1 and an XOR operator to arrive at the common symmetric key.

Abstract: A data processing system and method for generating and installing a master key replacement key and a new master key post issuance without using a potentially compromised master key to access a PSD's security executive.

Abstract: This invention describes a system and method for reducing financial risk associated with the use of credit and debit cards. The invention provides the ability for a customer to preset spending limits, notification and authorization limits and account suspension limits which a financial services provider uses. Transactions that exceed the customer entered preferences triggers a notification message, authorization request or suspends further transactions from occurring with the customer's account.

Abstract: This invention describes a system and method for reducing communications throughput latency caused by the low-level communications protocol and serial communications interface associated with the use of personal security devices. To improve the data throughput, a cache is created under the exclusive ownership of an API level program called a cache server. The cache server maintains access rights associated with the data transferred from the PSD into cache memory. Requests made by programs for cached PSD data are first verified for access rights and serviced by the cache server. Cryptographic techniques may be employed to prevent unauthorized monitoring of the contents of the cache.

Abstract: The system includes a first card-like unit adapted to communicate with a second unit giving only conditionally access to a function. Both units are capable of running software for generating a password by means of encryption of a plurality of dynamic variables produced separately but in concert (so as to have a predetermined relationship, such as identity, with one another) in the units. The encryption is carried out in each unit by a public algorithm using a dynamically varying encryption key. Each time an access request is issued by a card user, the key is modified as a function of the number of access requests previously formulated by the card user. Access to the function is granted when the passwords generated in the units have a predetermined relationship (such as identity) with each other.

Abstract: The system includes a first unit adapted to communicate with a second unit. The second unit grants conditional access to a function or service in accordance with an authentication operation. Both units are capable of running software for generating passwords by means of encryption of several dynamic variables as for example a time dependent variable and/or a variable representing the number of formulated authentication requests. The encryption may be performed using a dynamic key. In order to synchronize the values of the variables generated in concert but independently in the units, only some of the least significant digits of the variables are transferred from the card-like unit to the other unit, with the transfer being performed by adding the digits to the password.

Abstract: The system includes a first card-like unit adapted to communicate with a second unit giving only conditionally access to a function. Both units are capable of running software for generating a password by means of encryption of a plurality of dynamic variables produced separately but in concert (so as to have a predetermined relationship, such as identity, with one another) in the units. The encryption is carried out in each unit by a public algorithm using a dynamically varying encryption key. Each time an access request is issued by a card user, the key is modified as a function of the number of access requests previously formulated by the card user. Access to the function is granted when the passwords generated in the units have a predetermined relationship (such as identity) with each other.

Abstract: The system includes a first card-like unit adapted to communicate with a second unit. The second unit grants conditional access to a function or service in accordance with an authentication operation. Both units are capable of running software for generating passwords by means of encryption of several dynamic variables as for example a time dependent variable and/or a variable representing the number of formulated authentication requests. The encryption may be performed using a dynamic key. In order to synchronize the values of the variables generated in concert but independently in the units, only some of the least significant digits of the variables are transferred from the card-like unit to the other unit, with the transfer being performed by adding the digits to the password.

Abstract: A system provides for transmission of information between an article carrying information and an apparatus for processing the information, in which the article includes an arrangement for modulating the reflectance of at least one area of a liquid crystal device as a function of information to be transmitted to the processing apparatus. The system includes a reader having a station for receiving the article, and an optical arrangement at the station which is sensitive to the reflectance of the area of the liquid crystal device to form signals representative of information given out by the article. Also included is an arrangement for the transmission of these signals to the processing apparatus.

Abstract: This device validates participation of an individual in an operation where coded information on an information bearing medium must be read. It comprises: an input interface, processing means comprising means of validation on the basis of said participation, which means being adapted to prevent said validation if a variable numeric value contained in said information coincides with variable numeric values previously held in memory; at least one memory inaccessible from said input interface and managed by said processing means in order to store in memory, for a predetermined period, information representative of said variable numeric values, and input interface for outward transmission from the device of an output code X representative of participations validated by the processing means, and electric power source for the various electric circuits in the device. It applications are in televised, radio, or other games.