Abstract: According to the present invention, piracy of secret data is prevented without an attack detecting circuit or data deleting circuit. In a secret data processing unit, a cell contains fluid in a sealed space. Code generators arranged in the sealed space receive a code generation request to generate codes specified by the pressure value of the fluid. A key generator disposed in the sealed space generates encryption keys/decryption keys specified by the generated codes. An encryptor/decryptor also disposed in the sealed space receives requests for secret data encryption/requests for encrypted secret data decryption, and outputs code generation requests to the code generator to encrypt the secret data/decrypt the encrypted secret data by using the generated encryption key/decryption key. Both codes and encryption keys/decryption keys generated and used, are not statically stored in the cryptographic processing unit.

Abstract: A recording medium in which a purchased image protected by a copyright or the like has been stored and a recording medium in which a user image has been stored is set, the purchased image as encrypted is decrypted and the images stored in both mediums are processed. The ID of a created image, user image data, link information representing encrypted purchased image data or the storage location of the purchased image data, and data specifying an image processing mode and the number of prints, are stored in a recording medium. In a DPE shop or the like, the purchased image data stored in the recording medium is decrypted, and the image processed by the user is reconstructed and printed in accordance with the data stored in the recording medium. A management center may give the allowance of use of the purchased image to the DPE shop, and the management center draws royalties from the accounts of individual DPE shops, sums the royalties and pays them into the accounts of individual proprietors of rights.

Abstract: The circuit uses a current sensing device that is controlled by the telephone line current. The telephone lines are connected to the contacts of a push-button switch, and a diode bridge is connected across contacts of the switch. Further, the circuit has a DC slow-release relay that is located across the output of the diode bridge. The telephone lines are also connected to the relay contacts of the DC slow release relay. A capacitor is placed across the telephone lines, and another capacitor is placed between the diode bridge and one of the relay contacts of the DC slow-release relay. The two capacitors act to shunt any radio frequencies that occur in the circuit as a result of an attempt to obtain information by RF saturation techniques.

Abstract: A method of producing a hardware agent being a single integrated circuit encapsulated within a semiconductor device package. The method comprises the steps of generating a device-specific key pair internally within the hardware agent, and verifying that the key pair is unique. After production, secure communications are established through transmission of at least one digital certificate, followed by a successful challenge and response communication exchange.

Abstract: The machine involves code wheels in cascade or in a maze with random or mixed circuits which operate a printing device to print the cipher conjugate of the letter on an operated key when the keyboard is connected to one end of the code wheel maze, and to print the plain conjugate of the letter in cipher when a key bearing such letter is operated with the keyboard connected to the other end of the code wheel maze. The printer is connected to the end of the code wheel maze opposite the end to which the keyboard is connected in both cases.

Abstract: The cryptographic system automatically and continuously changes the cipher equivalents representing plaintext characters so as to prevent any periodicity in the relationship. The system has a series of juxtaposed, rotatable, connection changing mechanisms to provide a large number of alternative paths for the passage of an electric current corresponding to a message character. Further, the system has parts for the irregular and permutative displacements of the members of a set of circuit changing mechanisms to thwart cryptanalysis. The juxtaposed cipher commutators are controlled by cam wheels of different diameters.

Abstract: A method of evaluating a cryptosystem to determine whether the cryptosystem can withstand a fault analysis attack, the method includes the steps of providing a cryptosystem having an encrypting process to encrypt a plaintext into a ciphertext, introducing a fault into the encrypting process to generate a ciphertext with faults, and comparing the ciphertext with the ciphertext with faults in an attempt to recover a key of the cryptosystem.

Abstract: A programmable crypto processing system (10) includes several processing resources (14, 16, 26) implemented on a single ULSI die. The processing system is both key and algorithm agile allowing for simultaneous execution of a variety of cryptographic programs through the use of background staging of the next program and context (key and state) during execution of a current program. The programmable crypto processing system includes a programmable crypto processor (17) for processing data units in accordance with a channel program, a crypto controller (11) for identifying a channel program, two interface processors (13, 15) for asynchronously receiving and transferring data units from and from an external host. Data units identify a particular channel program, and are processed in a selected processing engine in accordance the identified channel program.

Abstract: The crytographic system automatically and continuously changes the cipher equivalents representing plaintext characters so as to prevent any periodicity in the relationship. The system has a series of juxtaposed, rotatable, connection changing mechanisms to provide a large number of alternative paths for the passage of an electric current corresponding to a message character. Further, the system has parts for the irregular and permutative displacements of the members of a set of circuit changing mechanisms to thwart cryptanalysis.

Abstract: An apparatus is provided to handle classes of data in computer systems that must not be permitted to intermingle due to their security classifications or criticality of their data content, as in banking or safety applications. An isolated path is established for transmitting a given class of data between elements of the computer system with assurance that the data has been transmitted from the proper source, has been received by an authorized recipient and that unauthorized elements of the system have not intercepted or altered the data. Plug in type secure bus arbiter (SBA) module or bus arbiter interconnect module (10) with a controller (11) provide a way to isolate data without modification of the computer back plane or motherboard in a computer chassis (12). Modules can be used with commercial off the shelf (COTS) and non-development item (NDI) cards for a wide variety of standard computer printed circuit boards.

Abstract: A security apparatus including a number input device (302), an address register (312) responsive to the number input device, an encryption schema memory (316) addressable by the address register to produce an output code and a relative address code, and address incrementing logic (310) responsive the relative address code and operative to increment the address register. The apparatus also preferably includes a PIN register (304) coupled to the number input device, a public code register (306) coupled to the number input device, and merging logic (308) merging outputs of the PIN register and the public code register to be input to the address register. The apparatus also preferably includes an output shift register operative to shift out the output code of the encryption schema memory. The encryption schema memory can be read only memory, writeable memory, or both.

Abstract: An encryption chip is programmable to process a variety of secret key and public key encryption algorithms. The chip includes a pipeline of processing elements, each of which can process a round within a secret key algorithm. Data is transferred between the processing elements through dual port memories. A central processing unit allows for processing of very wide data words from global memory in single cycle operations. An adder circuit is simplified by using plural relatively small adder circuits with sums and carries looped back in plural cycles. Multiplier circuitry can be shared between the processing elements and the central processor by adapting the smaller processing element multipliers for concatenation as a very wide central processor multiplier.

Abstract: A secure video content processor ("SVCP") which receives encrypted digital video information and converts it into analog information for a monitor while preventing unauthorized access to the intermediate unencrypted digital data. The SVCP uses hardware envelopes to prevent unauthorized access to the decrypted digital stream. When a need arises to transmit digital data outside the hardware envelope, the digital data is encrypted and then decrypted when it re-enters a hardware protected section of circuitry.

Abstract: A mouse system (100) for authenticating a user and providing access to a computer (212) includes a pointing device and card reader (106) which share a computer interface port (222) of the computer (212). User information is read off the card (104), converted to pointing device codes, and provided to the computer (212). The computer reconverts the pointing device codes to user information to deny or grant access. The card reader (106) is capable of reading commercially available smart cards, credit cards, and other media having user information electronically stored on the card (104).

Abstract: A secure keypad device incorporating measures to prohibit electronic eavesdropping. Random interrogation of the rows and/or columns of a keypad matrix is employed to determine which key has been pressed. Implementation of the random interrogation process utilizes the mathematical factorial (!) function in conjunction with an algorithm that derives an interrogation sequence. A random number is generated and fed to an algorithm which will derive an interrogation sequence. The sequence is relayed to a keypad scanner which performs the actual interrogation in order to determine which key has been pressed. Further measures are taken to guard against electronic eavesdropping. For instance, the algorithm is designed to take the same amount of time for an unsuccessful key scan as it does for a successful key scan. Also, the time spent on an unpressed scan line is approximately equal to the time required to record a valid key press.

Abstract: A method and a device for facilitating authorized and simultaneously restraining unauthorized access to a multitude of alphanumeric sequences, for instance for credit cards, code keys and the like. According to the method every correct sequence (e.g. 5533) is encrypted by mathematically manipulating it by means of an encrypting sequence (7221) common to every correct sequence, so that every correct sequence is converted into a fictitious encrypted sequence. The credit card has a carrier (12-16) for carrying and exposing the fictitious sequence. A deciphering of the fictitious sequence is performed by a reversed mathematical manipulation of the fictitious sequence.

Abstract: The invention relates to protected keypad apparatus, in particular for machines actuated by insertion of an electronic smart card. The keypad proper (10) comprises n sensitive zones (Zi), each sensitive zone being associated with a respective sensor and with an individual processing circuit (14i) that includes in particular an encryption function. The sensor and the circuit form a monolithic unit. The apparatus further includes a driver unit (18) connected to each circuit (14i) via a bus (16). The circuits periodically and cyclically transmit encrypted signals indicating activation or non-activation of the sensitive zones.

Abstract: A television remote control unit including an IR (infra-red) transmitter with integral magnetic stripe ATM type credit card reader and method therefor for transmitting IR signals to a remote interactive location such as a television set or a TV cable remote control box. The remote control unit permits the user to swipe a credit card through the credit card reader so as to generate credit card transaction signals for transmission to the remote interactive locations. The remote control unit can be used in an interactive environment such as a hotel casino, a cable TV home shopping network, or an off track betting (OTB) environment.

Abstract: A secure touchscreen is provided, comprising a touchscreen and touchscreen controller for receiving inputs, a system controller, an encryption module and two external buses. The controller, system controller and encryption module are embedded in a mass of material to prevent unauthorized access of the inputs. Furthermore, the first external bus is used to operate and communicate with an external system in an encrypted mode, while the second external bus is used to operate and communicate with the external system in a normal mode.

Abstract: A method of using a hand-held device to produce an encryption/decryption application program for protecting information stored in a computer system by transmitting the produced encryption/decryption application program to the computer system through a communication measure subject to a corresponding communication protocol, permitting the encryption/decryption application program to be cleared from the computer system after the communication between the hand-held device and the computer system has been terminated.

Abstract: A docking method for establishing secure wireless connection between computer devices is presented. The technique assumes that at least one of the computer devices comprises a portable device. Further, a docking area or docking port is associated with the other computer device. Means are provided for automatically establishing wireless connection between the portable device and the second device when the portable device is brought within the docking port (or docking area) of the second device. This automatic establishing of wireless connection includes communicating an address identifier between the portable device and the second device once the portable device is "docked." If desired, an encryption key can also be exchanged with the address identifier to allow for encryption of information communicated between the devices. After docking, the first device can be removed from the docking area (or docking port) without affecting the wireless connection between the first device and the second device.

Abstract: A technique to dynamically configure a Secure Processing Unit (SPU) chip in a secure manner using a capability table, which defines the functions that an SPU can perform. The capability table employs a digital signature to ensure the authenticity of the source and contents of the table. It also contains information which identifies the SPU for which the table is intended and a time-stamp indicating the time by which the table must be loaded into an SPU.

Abstract: A portable security device is disclosed which can be carried by an individual and connected directly to telephone circuits to both authenticate that individual and encrypt data communications. The invention can operate as an electronic "token" to uniquely identify the user to a network, to a computer system or to an application program. The "token" contains the complete network interface, such as a modem, which modulates the data and provides the circuitry required for direct connection to the network. Furthermore, this "token" will not permit communications to proceed until the device, and optionally the user, have been identified by the proper authentication. The token also contains all of the cryptographic processing required to protect the data using data encryption or message authentication or digital signatures or any combination thereof.

Abstract: Disclosed is a method enabling the generation, by means of voice frequencies, of a sequence of several characters and the high-speed transmission of these characters. This method comprises the step of the elimination, during transmission, of the blanks between two successive characters when these characters are distinct or are encoded distinctly.

Abstract: A secure video content processor ("SVCP") which receives encrypted digital video information and converts it into analog information for a monitor while preventing unauthorized access to the intermediate unencrypted digital data. The SVCP uses hardware envelopes to prevent unauthorized access to the decrypted digital stream. When a need arises to transmit digital data outside the hardware envelope, the digital data is encrypted and then decrypted when it re-enters a hardware protected section of circuitry.

Abstract: An encryption module for encrypting financial and other sensitive data may be conveniently interposed in series between a personal computer and the keyboard associated therewith. An application program designed to run on the PC is configured to prompt the user to enter his PIN or other confidential data into the encryption module; consequently the confidential data need not be transmitted in an unencrypted fashion, and need not reside on the PC hard drive in an unencrypted form.

Abstract: Apparatus and methods are provided for transacting secure purchase and bill payment transactions.

Abstract: A semiconductor device used to store encryption/decryption keys at manufacture in combination with digital certificates to ensure secured communications between the semiconductor device and another device. The semiconductor device comprising (i) a non-volatile memory capable of storing the encryption/decryption keys and at least one digital certificate, (ii) an internal memory capable of temporarily storing information input into the semiconductor device from the other device and possibly encryption and decryption algorithms, (iii) a processor for processing the information and (iv) a random number generator for generating the encryption/decryption keys completely internal to the semiconductor device.

Abstract: An apparatus and method are disclosed for encoding and transferring data from a transmitter to a receiver, using the human body as a transmission medium. The transmitter includes an electric field generator, a data encoder which operates by modulating the electric field, and electrodes to couple the electric field through the human body. The receiver includes electrodes, in physical contact with, or close proximity to, a part of the human body, for detecting an electric field carried through the body, and a demodulator for extracting the data from the modulated electric field. An authenticator, connected to the receiver, processes the encoded data and validates the authenticity of the transmission. The apparatus and method are used to identify and authorize a possessor of the transmitter. The possessor then has secure access to, and can obtain delivery of, goods and services such as the distribution of money, phone privileges, building access, and commodities.

Abstract: A method of producing a hardware agent being a single integrated circuit encapsulated within a semiconductor device package. The method comprises the steps of generating a device-specific key pair internally within the hardware agent, and verifying that the key pair is unique. After production, secure communications are established through transmission of at least one digital certificate, followed by a successful challenge and response communication exchange.

Abstract: A fuel dispenser-credit card reader control system for controlling the fuel dispensing process and accepting payment for the fuel dispensed through a card reader is disclosed. The dispenser controller has a microprocessor with read-only-memory for storing operating routines and command code and read-and-write-memory for storing responses. Configuration circuits translate the communication language of the dispenser controller into a communication protocol readable by the dispensers such that the dispensing process of various dispenser brands can be controlled and payment for the fuel accepted. A feature of the disclosure is that the controller includes a command for transmitting an encrypted PIN number data block from the card reader to a site controller without analyzing the data, manipulating the data, or permanently storing the data.

Abstract: An apparatus for protecting the confidentiality and security of sensitive data which has been encrypted as it is being processed in data communications systems. The apparatus uses a metallic plate which covers the encryption circuitry and a memory in which the encryption key is stored and includes circuitry which erases the stored encryption key when an attempt is made to remove the protective cover. The metallic plate is formed into top and bottom cover plates for the top side and bottom side respectively of a printed circuit board which are secured together with a screw. An integrated circuit, which is located within the top and bottom cover plates stores the encryption key, an erase circuit and a switch which changes position when the screw is rotated causing a signal to be generated by the erase circuit which erases the encryption key stored in the integrated circuit.

Abstract: An apparatus and method for voice privacy for cellular phones includes generic connection points to make it universal for most cellular phones. The connection points include the speaker and microphone and the microphone input and speaker output of the cellular phone. A scrambling or encryption circuit or process is used to secure the audio before it is transmitted over the network, and the unsecured audio once received. Side-tone added by the cellular phone and network echo of the scrambled audio to be transmitted is removed by, for example, adaptive echo cancellation, and unscrambled side-tone is presented to the speaker. The apparatus can be implemented in a digital signal processor.

Abstract: A portable security device is disclosed which can be carried by an individual and connected directly to telephone circuits to both authenticate that individual and encrypt data communications. The invention can operate as an electronic "token" to uniquely identify the user to a network, to a computer system or to an application program. The "token" contains the complete network interface, such as a modem, which modulates the data and provides the circuitry required for direct connection to the network. Furthermore, this "token" will preferably not permit communications to proceed until the device, and optionally the user, have been identified by the proper authentication. The token also contains all of the cryptographic processing required to protect the data using data encryption or message authentication or digital signatures or any combination thereof.

Abstract: The present invention relates to a system and method for securing sensitive data on mass storage devices. The system and method use an encryption device to encrypt sensitive data that is to be stored on the mass storage devices. A plurality of cryptographic keys are provided to ensure that only authorized personnel have the ability to access the encrypted data.

Abstract: An adapter (10) for a cellular telephone includes a first coupling apparatus (21) disposed on a first surface (30) of the adapter (10). The first coupling apparatus (21) is for engaging coupling apparatus disposed on a rear surface of the cellular telephone. The adapter (10) also includes an earpiece (40) coupled to a side (33) of the adapter (10) and a second coupling apparatus (23, 24) disposed on a second surface (32) of the adapter (10). The second coupling apparatus (23, 24) engages coupling apparatus disposed on a power source. The earpiece (40) comprises a speaker electrically coupled to connections on a connector for tapping an external audio output of a cellular telephone. The speaker (40) is constrained to maintain a position within one-half centimeter of the side (33) of the adapter (10). An outer shell of the earpiece (40) is connected to the side (33) of the adapter (10) and protrudes therefrom by a distance of less than a centimeter.

Abstract: Screen (10) for a user interface of a television schedule system and process consists of an array (24) of irregular cells (26), which vary in length, corresponding to different television program lengths of one half hour to one-and-one half hours or more. The array is arranged as three columns (28) of one-half hour in duration, and twelve rows (30) of program listings. Some of the program listings overlap two or more of the columns (28) because of their length. Because of the widely varying length of the cells (26), if a conventional cursor used to select a cell location were to simply step from one cell to another, the result would be abrupt changes in the screen (10) as the cursor moved from a cell (26) of several hours length to an adjacent cell in the same row. An effective way of taming the motion is to assume that behind every array (24) is an underlying array of regular cells. By restricting cursor movements to the regular cells, abrupt screen changes will be avoided.

Abstract: A mailing system is includes of a mailing machine operating under the control of a microcontroller having a communication port with a first channel and a second channel. The mailing system also includes a meter vault which operates under the control a microcontroller mounted in a secure housing and having a communication port with a first channel and a second channel. A printer is included which operates under the control of a microcontroller mounted in a secure housing and having a communication port having a first channel and a second channel. A printer interface is included for providing a number of independent communication paths. A first path provides communication between first channel of the mailing machine and the first channel of the meter vault. A second path provides communication between the second channel of the mailing machine and the second channel of the printer, and a third path for providing communications between the second channel of meter vault and the first channel of the printer.

Abstract: Video data is edited by forming a plurality of vertically oriented video clips for each frame of video data, with each clip being positioned in its associated stacks in a hierarchy from background to foreground at the relative time of occurrence of the associated frame; with the stacks being displayed on a video display, whereby a cursor is used to capture one or more successive video clips in a given stack, for moving the video clip(s) to another of the stacks, for rearranging the video clips amongst the stacks to achieve a desired effect. Audio data is also formed into a plurality of audio clips, each for positioning at an end of an associated stack of video clips, whereby the cursor is used for capturing and moving the audio clips amongst the stacks of video clips for obtaining a desired effect.

Abstract: A system including a storage medium containing encrypted information comprises: (a) a control unit for selecting information to be retrieved from the storage medium; (b) a storage medium reader for reading the selected information from the storage medium; and (c) a decryption device for decrypting at least portions of the selected information using a decryption key. The decryption key is defined, at least in part, by rules and/or data which are read from the storage medium by the storage medium reader. A different and unique key is associated with each separate item or file of encrypted information.

Abstract: A cryptographic framework consists of four basic service elements that include a national flag card, a cryptographic unit, a host system, and a network security server. Three of the four service elements have a fundamentally hierarchical relationship. The National Flag Card (NFC) is installed into the Cryptographic Unit (CU) which, in turn, is installed into a Host System (HS). Cryptographic functions on the Host System cannot be executed without a Cryptographic Unit, which itself requires the presence of a valid National Flag Card before it's services are available. The fourth service element, a Network Security Server (NSS), can provide a range of different security services including verification of the other three service elements. The framework addresses national policies governing cryptography, where such policies can be independently developed and maintained using a such a framework.

Abstract: A device for the securing of information systems, notably for a system used in the field of microcomputers, comprising at least one SCSI port having means for the enciphering of confidential information travelling through the system and comprising a peripheral communicating with the information system by an SCSI bus that has an interface between the SCSI bus and a bus internal to the peripheral, placing information management and storage means in a state of communication with the enciphering means contained in the peripheral as well as with an interface between a user and the peripheral, making it possible to provide the security services for the confidential information travelling through the peripheral, independently of the standards of the bus and operating system used by the information system.

Abstract: A personal computer system is described, having security features enabling control over access to data retained in such a system. The system has a normally closed enclosure, at least one erasable memory element for selective activation to active and inactive states and for receiving and storing a privileged access password when in the active state, an option switch operatively connected with the erasable memory element for setting the erasable memory element to the active and inactive states, a tamper detection switch operatively connected with the erasable memory element for detecting opening of the enclosure, and a system processor operatively connected with the erasable memory element for controlling access to at least certain levels of data stored within the system by distinguishing between entry and non-entry of any stored privileged access password.

Abstract: Each copy of software is assigned a unique identifying code pattern which is printed on all documents produced with that software by a high resolution printer. The unique identifying code pattern is a plurality of spaced apart marks having a size no greater than about 300 dpi, and is therefore, at best, barely noticeable to the human observer. The "invisible signature" is also reproduced on documents made by unauthorized copies of software which can therefore be traced. Preferably, the unique identifying code is replicated multiple times over the document using an error correcting code to assure that at least one replication will be clear of matter selected for printing by the software. A high resolution scanner extracts and identifies the code patterns printed on the document.

Abstract: A portable security device is disclosed which can be carried by an individual and connected directly to telephone circuits to both authenticate that individual and encrypt data communications. The invention can operate as an electronic "token" to uniquely identify the user to a network, to a computer system or to an application program. The "token" contains the complete network interface, such as a modem, which modulates the data and provides the circuitry required for direct connection to the network. Furthermore, this "token" will not permit communications to proceed until the device, and optionally the user, have been identified by the proper authentication. The token also contains all of the cryptographic processing required to protect the data using data encryption or message authentication or digital signatures or any combination thereof.

Abstract: A semiconductor device for storing encryption/decryption keys at manufacture in combination with digital certificates to ensure secured communications between the semiconductor device and another device. The semiconductor device comprising a non-volatile memory for storing the encryption/decryption keys and at least one digital certificate, internal memory for temporarily storing information input into the semiconductor device from the other device and possibly encryption and decryption algorithms, a processor for processing the information and a random number generator for generating the encryption/decryption keys completely internal to the hardware agent.

Abstract: The present invention is embodied in a Secured Processing Unit (SPU) chip, a microprocessor designed especially for secure data processing. By integrating keys, encryption/decryption engines and algorithms in the SPU, the entire security process is rendered portable and easily distributed across physical boundaries. The invention is based on the orchestration of three interrelated systems: (i) detectors, which alert the SPU to the existence, and help characterize the nature, of a security attack; (ii) filters, which correlate the data from the various detectors, weighing the severity of the attack against the risk to the SPU's integrity, both to its secret data and to the design itself; and (iii) responses, which are countermeasures, calculated by the filters to be most appropriate under the circumstances, to deal with the attack or attacks present.

Abstract: Methods and apparatus are provided for electronically configuring hardware features and options. A computer chip encoding method is provided in which a predetermined code or encryption sequence is uniquely associated with a computer chip. This code is used to modify a hardware configuration by enabling new features or options. The systems and methods reduce manufacturing and inventory costs by allowing a generic product to be produced which is then customized to meet the needs of the user. In addition, features and options of a data processing system can be dynamically upgraded without interruption of service or hardware replacement.

Abstract: An encryption module for encrypting financial and other sensitive data may be conveniently interposed in series between a personal computer and the keyboard associated therewith. An application program designed to run on the PC is configured to prompt the user to enter his PIN or other confidential data into the encryption module; consequently the confidential data need not be transmitted in an unencrypted fashion, and need not reside on the PC hard drive in an unencrypted form.

Abstract: A single remote control transmitter can advantageously control three units including a cable tuner/descrambler, a video recorder/player and a television receiver. One of these three units, preferably the video recorder/player, is a master unit. It receives remote control signals from a hand held remote control transmitter. The master unit is initialized using on screen prompts to learn the remote control signals for the other units which are slaves. The prompts ask the user to operate various controls on the remote control transmitter of the proposed slave unit, while receiving and analyzing the remote control transmissions. This permits the master unit to build a translation table for control of the slave units. The master unit may include a read only memory of remote control codes for a number of possible slave units. The master unit can abort the initialization process if it recognizes the requested remote control transmission is according to one of the remote control codes stored in the memory.