Abstract: Apparatus for routing local calls around the local exchange carrier includes an intelligent call diverter (ICD) which stores the Automatic Number Identification Code (ANI) of the calling telephone, and a headend for handling routing of telephone calls. When long distance calls are to be routed separately from local calls, the ICD determines whether an outgoing call is local or long distance, and routes the call accordingly. The ICD provides the ANI along with the long distance calls to the headend, and forwards local calls to the local exchange carrier (LEC). When the headend will operate as a competitive local exchange carrier (CLEC), the long distance calls and the local calls are routed to the headend by the ICD along with the ANI. The headend routes the long distance calls and the ANI to the appropriate interexchange carrier and the local calls and the ANI to the LEC or to another CLEC customer's telephone.

Abstract: The present invention relates to a securized, multifunction, acquisition and processing terminal more particularly usable in the banking sector, in connection with games and/or in the electronic management of documents, characterized in that it comprises:a mother board (13), having an interfacing bus with one or more standardized connectors to which can be connectedstandard input/output modules,at least one specific input/output module permitting the performance of specific functions incorporating at least one dedicated circuit, said module as its main function the supplying of the mother board with preorganized informations, in real time, concerning the specific functions and able to leave to said mother board any developed software processing of said informations.

Abstract: A digital camera for embedding authentication information to detect the identity of a photographed image into an image. By supplying the authentication information integrally with image data, the verifier is enabled to verify the image data without saving the authentication information. Particularly, by converting the light inputted through an optical system to an electric signal, a CCD outputs an analog signal of an image which is converted to a digital signal. In response to the digital signal of the image, a digital camera having a region dividing unit divides the digital image into first and second regions. Authentication information is generated from data in the first region, which information is then encrypted. The encrypted authentication information is embedded into the second image region. The first and second image regions are then combined.

Abstract: A system and method for controlling and monitoring remote distributed processing systems from one or more control processing systems by downloading agent-application programs from the control processing systems to remote control middleware modules on the distributed processing systems, where the control processing systems have a library of available agent-application(s). The agent-application(s) are compiled by or at the direction of the remote control middleware and executed within operational parameters determined by the control processing systems.

Abstract: A finite field inverse circuit (600) for use in an elliptic curve processor (12). The finite field inverse circuit (600) comprises a control circuit (610) and a data circuit (660). The data circuit (610) comprises a data multiplexer (668) for coupling the contents of one of three registers (662, 664, 680) to a finite field arithmetic logic unit (122). A first plurality of bits representing the finite field element to be inverted is initially loaded into a first one of the three registers. The control circuit (660) comprises a shift register (614) suitable for storing a second plurality of bits representing a size of the finite field element to be inverted.

Abstract: A security node disposed in the telecommunications network connecting calling and called parties transforms information (which can be voice, data, facsimile, video and other types of calls or messages) encrypted in a first format to (a) encrypted information in a different format or to (b) non-encrypted information, and vice-versa. The node is accessible from any location connected to the network. By routing calls or messages originated by the calling party and destined for the called party via the security node, and providing appropriate control signals to the node, the information may be encrypted only over a portion of the transmission path between the parties, and clear over the remainder of the transmission path. Alternatively, the information may be encrypted in different portions of the path using different encryption algorithms.

Abstract: A secure touchscreen is provided, comprising a touchscreen and touchscreen controller for receiving inputs, a system controller, an encryption module and two external buses. The controller, system controller and encryption module are embedded in a mass of material to prevent unauthorized access of the inputs. Furthermore, the first external bus is used to operate and communicate with an external system in an encrypted mode, while the second external bus is used to operate and communicate with the external system in a normal mode.

Abstract: A data exchange unit is arranged in a server. Service data provided as an application service is converted into a predetermined format on the basis of the attribute data of a terminal as a communication partner and transmitted. With this processing, the application service can be provided while absorbing the relative difference in processing capability terminals. When the service data is converted into a predetermined format on the basis of the attribute of a communication network connected to the terminal and transmitted, the application service can be provided while absorbing the relative difference in communication capability among communication networks.

Abstract: A customizable data acquisition device (DA) and a data collection system (DCS). The DA is remotely located for attachment to a variety of I/O devices, and uses an RF transceiver with a primary cache. A centrally located or mobile DCS with a secondary cache communicates with one or more DA's and stores DA data in the secondary cache. The DA has a programmable controller and an I/O interface capable of attaching to a variety of I/O devices. The DA primary cache holds data for bulk transfers to the DCS to minimize DA/DCS data transmission traffic. The DCS secondary cache accumulates data from the DA and allows data queries by multiple independent application programs (which may be located on the DCS, other DCSs, or remote host systems) without requiring retransmission of data from the DA for each query. Applications can query cached data in the secondary cache, and optionally query the primary cache or query the I/O device via the DA.

Abstract: A message authorization system in which a sender sub-system and a verifier sub-system each have inherent secret information and inherent public information set corresponding to the secret information, the sender sub-system including an authorization data producing unit for producing authorization data dependent on the public information of the verifier sub-system and the secret information of the sender sub-system, and the verifier sub-system including a data verification unit for verifying authorization data received jointly with an electronic document from the sender sub-system based on the public information of the sender sub-system.

Abstract: A distributed garbage collection system and method is disclosed that is compatible with local ref-count or full garbage collection and that ensures that no local object's storage is deleted by the local garbage collector unless it is certain that there are no actual or potential remote references to that local object. The disclosed system and method are implemented in the context of a transparent distributed object system in which communications between objects in different processes are enabled by dedicated proxy objects that are linked to corresponding remote objects via a pair of transport objects. Additional proxy holder objects and proxy holder proxies ensure that objects for which third-party object references are passed (i.e., where one object in a first process passes a remote object in a second process a reference to a third object in a third process) are not collected until a direct link is established between the remote object in the second process and the third object in the third object space.

Abstract: A method for transforming an original message into a final message by including an untrusted service, includes the steps of identifying at least one sensitive term from the original message; replacing the at least one sensitive term with a standard token to create a sanitized message; storing the at least one sensitive term; transmitting the sanitized message to a provider of the untrusted service; performing the untrusted service on the sanitized message to create a serviced message; merging the serviced message with the at least one sensitive term stored in the storing step to create the final message.

Abstract: A device driver (104) is used to provide a fail-safe interface between a plurality of client applications and a cryptographic card. Device driver (104) ensures separation between red data, black data, and command data. Device driver (104) uses objects and object handles to control data flow. Device driver (104) uses several simplex channels to control data flow. Each channel is managed separately using its own object, and each channel has unique access protection through the object handles. Within device driver (104), the simplex channel interfaces are kept separate and functional separation of the data and command memory is maintained to provide fail-safe data isolation.

Abstract: The invention provides a digital data shuffling/de-shuffling system so that information data is not understood or deciphered by unauthorized third party. Included are a system for generating plural bits of digital data to be transmitted, a circuit network 7 having a plurality of input terminals #1 through #8 and output terminals #11 through #18 equal to the number of bits to be transmitted and a plurality of switching circuits S for selectively cross connecting or non-cross connecting between two lines out of a plurality of transmission lines a.sub.1 through a.sub.8 interconnecting the corresponding input and output terminals, and a control circuit P for controlling the plurality of switching circuits S. The control circuit P is controlled to shuffle the data applied to the input terminals #1 through #8 for providing the shuffled output from the output terminals #11 through #18.

Abstract: A system for a pipeline cascaded content addressable memory CAM system for sequentially processing input data includes an input register, a CAM core, cascade logic and an output register. As the memory association functions produce matches in the CAM core, the cascade logic in parallel composites data associated with each matching CAM core. Each cascade processes a separate data input simultaneously then passes on the cumulative results to the next stage.

Abstract: A storage device or drive such as a disk or tape drive including a nonvolatile erasable semiconductor memory which stores parameters which control the operation of the storage device. Through a user interface on a host computer, the user is capable of changing the parameters which are used to control the storage device, allowing the user to configure the operation of the storage device in any manner desired. The parameters which are changeable within the storage device relate to responses to the detection of errors within the storage device, data encryption algorithms, the stopping of a disk from spinning, the caching of the storage device, and data compression algorithms. The storage drive also has the capability to perform a stand-alone formatting operation. After formatting a storage medium with the assistance of the host computer, the formatted medium is read by the drive and stored in the nonvolatile memory of the storage drive.

Abstract: The invention relates devices and methods for creating a cryptographically assured timestamp that can be verified by a party that was not present during the creation of the timestamp. The timestamp is applied to physical documents, and other substrates capable of receiving an optically detectable mark, that are to be transmitted to temporally or spatially distant recipients.

Abstract: A cryptographic framework consists of four basic service elements that include a national flag card, a cryptographic unit, a host system, and a network security server. Three of the four service elements have a fundamentally hierarchical relationship. The National Flag Card (NFC) is installed into the Cryptographic Unit (CU) which, in turn, is installed into a Host System (HS). Cryptographic functions on the Host System cannot be executed without a Cryptographic Unit, which itself requires the presence of a valid National Flag Card before it's services are available. The fourth service element, a Network Security Server (NSS), can provide a range of different security services including verification of the other three service elements. Several different configurations that support policy within a cryptographic system allow the framework to be adapted to various connection schemes involving, at least, the cryptographic unit and the policy, including dedicated applications, e.g.

Abstract: A method and apparatus for determining and removing the error in the SPS measurement of the Global Positioning System due to ionospheric delay. The disclosed technique utilizes semi-codeless technique to provide high accuracy GPS measurements. The delay of the P code is varied and the signals are cross correlated until a maximum value is reached. When the cross correlation of the L1 and L2 signals is at a peak value, the relative delay between the L1 and L2 signals is proportional to the ionospheric delay. The derived ionospheric delay may be accounted for in measurement analysis of the L1 signal to provide for a high precision position solution. The semi-codeless correlator also provides the L1-L2 carrier phase measurement for wide-lane applications.

Abstract: In a smartcard having a subscriber identity module ("SIMI") that cooperates with a mobile station to effect communication with a telecommunications network, a system for, and method of, disabling the smartcard. The system includes: (1) data commnications circuitry that transmits a code uniquely identifying the smartcard from logic circuitry within the smartcard to the telecommunications network via the mobile station, the code employable by the telecommunications network to search a disable database associated therewith, the telecommunications network returning a disable command if the code is found in the disable database and (2) disabling circuitry that incapacitates the logic circuitry to prevent an operation thereof, the smartcard being incapacitated with respect to the telecommunications network and systems independent of the telecommunications network.

Abstract: Disclosed are a method and a system for the securing of the transmission of data elements between a sensor delivering pulses and a recorder processing these pulses. This method and system are applicable especially to a chronotachograph for heavy road vehicles. The principle of the disclosed method relies on a permanent exchange of enciphered data elements between a recorder module comprising the recorder and a sensor module comprising the sensor. The exchange is done at the initiative of the recorder module which sends command messages X?C(M.sub.C)! enciphered according to a first code C to the sensor module. The sensor module acknowledges the command and then, in turn, generates enciphered return messages X?C'(M.sub.R)!, either in order to indicate the acknowledgement of the command or to transmit pulses from the sensor with a view to their processing by the recorder. The recorder module then deciphers and verifies the return messages (M.sub.

Abstract: A method and apparatus for substantially reducing electromagnetic radiation from a backplane used to interconnect multiple communication modules. Data signals to be transmitted onto the backplane are first scrambled using a pseudorandom code sequence, to reduce energy peaks in the radiation spectrum and to spread energy over a wider bandwidth. Signals received from the backplane are descrambled using an identical pseudorandom code sequence. Data rate synchronization is provided by recovery of a data clock signal from the received scrambled signals, and data frame synchronization is provided by transmitting data frame headers as non-scrambled data. At a receiver module, the frame headers are detected and used to reset the descrambling operation.

Abstract: In a data transmission system in which a cyclic redundancy checksum value is derived in respect of each block of data bit values to be transmitted over the system, the checksum value in respect of blocks of data bit values intended for preselected ones only of the stations of the system is preloaded with a predetermined or netkey value to be used by the preselected stations such that only those stations can correctly decode the signals intended for them.

Abstract: A data scramble transmission system with a data transmission link coupled between sending and receiving ends is provided. The link adopts transmission frames each of which is constituted by data and control bits periodically added to the data.

Abstract: A decoder excludes an encryption code or key from decrypted or non-decrypted program output data. Decrypted program representative data is generated from an input datastream containing encrypted program data and an associated encryption code. The encrypted program data is decrypted using the encryption to provide decrypted program data. An output datastream is formed containing the decrypted program data but excluding the encryption code. The encryption code may be excluded by submitting non-encryption code data for the encryption code. The output datastream may also contain ancillary date formed to support decoding of the decrypted program data.

Abstract: A method and apparatus for implementing facsimile transmission over data networks is disclosed. In accordance with the preferred embodiment, the invention receives a modulated compressed facsimile message, which is then demodulated, decompressed and stored as a file. Thereafter, it is compressed for data transmission and sent to a server for transmission over a data network. At the receiving end, the file is decompressed and then re-compressed and modulated for transmission to a receiving facsimile machine.

Abstract: For testing the intactness of stored data, intact data corresponding to the data to be tested from a component of the processing facility in a certain operating state of the processing facility in the intact state are first stored in a test device. To check the intactness of the data to be tested in a component a key is produced in the test device for each test, said key being different from those of prior tests. Using this key and a cryptographic algorithm one prepares two cryptograms. One cryptogram is prepared from the data to be tested by the component of the processing facility in which the data to be tested are stored. The other cryptogram is prepared from the intact data by the test device. After that the two cryptograms are compared with each other. If the cryptograms match, the data to be tested match the intact data and thus have no undesirable changes.

Abstract: In a communication system having a function or performance feature to be protected, the periodic transmission of encoded interrogation information is initiated by a security routine to ensure that the function or performance feature is protected. The protected function is activated and further-executed only if reply information which is also encoded is received from a connected crypto-unit in a predetermined time span after a transmission of the interrogation information.

Abstract: An apparatus and method for using network address information to improve the performance and increase the functionality of network transactions. is disclosed. In a client network interface device having a processor and a memory coupled to the processor, the memory having stored therein sequences of instructions which when executed by the processor cause the processor to perform the steps of: 1) accessing a first server over a secure data communication line to obtain a client encryption key, 2) accessing a second server over an unsecure data communication line to establish a connection with the second server, 3) encrypting information sent to the second server over the connection using the client encryption key obtained from the first server, and 4) decrypting information received from the second server over the connection using the client encryption key obtained from the first server.

Abstract: Disclosed is a method enabling the generation, by means of voice frequencies, of a sequence of several characters and the high-speed transmission of these characters. This method comprises the step of the elimination, during transmission, of the blanks between two successive characters when these characters are distinct or are encoded distinctly.

Abstract: Data is compressed/encrypted for communication between application programs without addition of any modification to the application programs. In a communication system where a plurality of personal computers are connected to each other using communication lines, a personal computer is provided with a communication program and an application program, the application program uses a command offered by the communication program for transmission and reception of data with another personal computer, a hooking program for discriminating the command related to the data communication issued by the application program is provided and, after the hooking program has compressed or encrypted the data of application program depending on a type of the command, the command is transferred to the communication program.

Abstract: A system and method for automatically securely generating and programming an MS and SAMS with the sensitive authentication information while significantly reducing the risk of misappropriation of the sensitive authentication information. The risk of misappropriation is reduced since the sensitive authentication information (or other sensitive information) need not be pre-programmed into the MS, or if it is pre-programmed, the sensitive authentication information can be re-programmed, thereby reducing the potential access to the information by unauthorized people before the MS is sold. In addition, the risk of misappropriation is reduced since the generation and programming system and method is performed automatically using a secured communication technique.

Abstract: The present invention concerns a method for the numerical scrambling by permutation of data bits in a programmable circuit comprising a control unit and at least one data bus (DBUS) to transmit data between the control unit and several memory circuits. It consists of having data on the bus either in a scrambled form or in an unscrambled form according to whether it is instructions data or not. And data in some of the memories is scrambled. The present invention also concerns a method for realising a permutation circuit.

Abstract: Secure transmission of data is provided between a plurality of computer systems over a public communication system, such as the Internet. Secure transmission of data is provided from a customer computer system to a merchant computer system, and for the further secure transmission of payment information regarding a payment instrument from the merchant computer system to a payment gateway computer system. The payment gateway system evaluates the payment information and returns a level of authorization of credit via a secure transmission to the merchant which is communicated to the customer by the merchant. The merchant can then determine whether to accept the payment instrument tendered or deny credit and require another payment instrument. An architecture that provides support for additional message types that are not SET compliant is provided by a preferred embodiment of the invention. A server communicating bidirectionally with a gateway is disclosed.

Abstract: The present invention encompasses a method of storing ternary data that includes the steps of (1) initializing a conversion register by storing binary-to-ternary mask data in a conversion register; (2) storing ternary data in a content addressable memory (CAM) by inputting a single bit binary data to the conversion register, and converting the binary data into two bits of ternary data using the conversion register; and (3) simultaneously storing the two bits of ternary data in first and second memory cells. For subsequent searching, the method further includes the steps of searching for a match of input search binary data to the stored contents of the CAM; providing a match valid output responsive to the input search binary bits matching any of the stored contents; and generating an address corresponding to a location in the CAM where the match is found.

Abstract: A home banking system comprises a video games entertainment console 10 having a processor 12, a display driver 14, connection means 16 for connection to a television set 17, and an input/output device 20. Such a conventional console 10 is converted to a home banking terminal by an encrypting modem 24 connected into the cartridge slot 26 of the console 10, the encrypting modem having a cartridge slot 30 into which an application cartridge 32 carrying a home banking program can be loaded.

Abstract: The invention relates to methods and apparatuses for acquiring a physical measurement, and for creating a cryptographic certification of that measurement, such that its value and time can be verified by a party that was not necessarily present at the measurement. The certified measurement may also include corroborative information for associating the actual physical measurement process with the certified measurement. Such corroborative information may reflect the internal or external state of the measurement certification device, as well as witness identifiers of any persons that may have been present at the measurement acquisition and certification. The certification may include a signal receiver to receive timing signals from a satellite or other external source. The external timing signals may be used to generate the time included in the certified measurement, or could be used to determine the location of the measurement certification device for inclusion in the certified measurement.

Abstract: Technology is now available permitting consumers to make amateur-or even professional-grade copies of photographs. For wedding and portrait photographers, in particular, the business of making duplications is fundamental to their livelihoods. The threat of such copying is felt strongly. To redress these concerns, a machine-readable marking is provided on emulsion films, photographic papers, and the like. The marking encodes digital information, yet is essentially imperceptible to the human eye. A photographic duplication kiosk can be constructed to read this embedded information and, if warranted by the embedded information, to disable the kiosk's copying function. An exemplary embodiment pre-exposes the photographic product with a spatial domain representation of the embedded data, and may include rotationally symmetric one-or two-dimensional patterns. Numerous other implementations are similarly practical.

Abstract: This invention is a system for producing and distributing new decryption keys to verifiers. Verifier decryption key updates are printed in a secure manner on paper or postcards and mailed to the owners of the verifiers. The paper or postcards containing the verifier decryption key is scanned into the verifier and the verifier's key file is updated.

Abstract: A method for purchasing and delivering goods over a network is comprised of the steps of identifying a digital good to be purchased. A purchase price for the digital good is negotiated. After the negotiation step, an authenticated purchase request is sent to the merchant. The merchant encrypts the desired digital good and calculates a first cryptographic checksum for the encrypted good. The encrypted digital good and the first cryptographic checksum together with a timestamp are then transmitted to the customer. The customer calculates a second cryptographic checksum for the received encrypted digital good. The customer creates an electronic payment order containing information identifying the transaction, the second cryptographic checksum, credentials, and the timestamp. The electronic payment order is transmitted to the merchant.

Abstract: An analog optical encryption system based on phase scrambling of two-dimensional optical images and holographic transformation for achieving large encryption keys and high encryption speed. An enciphering interface uses a spatial light modulator for converting a digital data stream into a two dimensional optical image. The optical image is further transformed into a hologram with a random phase distribution. The hologram is converted into digital form for transmission over a shared information channel. A respective deciphering interface at a receiver reverses the encrypting process by using a phase conjugate reconstruction of the phase scrambled hologram.

Abstract: In a decoding processing circuit of a digital signal receiver, a first comparison circuit detects that a prefix of packet data is inputted in a shift register on the basis of a count value of a counter circuit. In response to the result of detection, a pseudo-random binary sequence generation circuit outputs a pseudo-random binary sequence on the basis of a data group number and a data packet number outputted from the shift register and key data previously extracted by a key data fetch circuit. When a second comparison circuit detects that block data in the data packet is inputted in the shift register, an exclusive OR circuit exclusively ORs the pseudo-random binary sequence with receive data, so that decoded data is inputted in the shift register.

Abstract: A system and method for selectively restricting wireless ciphering communications within a telecommunications system is disclosed. A ciphering database contains flags corresponding to the ciphering restrictions on particular geographical areas. After consulting the particular flag for an area, a ciphering mode is determined either restricting ciphering or allowing it within that geographical or geopolitical area.

Abstract: Mobile assisted handover of an encrypted traffic connection between linked base stations of a private radio communications network are provided in a system including a plurality of base stations and a mobile terminal. The mobile terminal detects a signal quality of a received beacon transmission from a private base station of the private radio communications network while an encrypted traffic connection is underway with another base station of the private radio communications network. The beacon transmissions are received and a signal quality detected during idle frames of the ongoing traffic connection. The mobile terminal may also detect signal quality of the ongoing traffic connection and transmit it to the base station. The detected signal quality and identification of the beacon transmitting private base station are provided to the private radio communications network which determines whether a handover should be initiated.

Abstract: An apparatus and method for controlling the feature set of a programmable device by assigning each programmable device a unique serial number, correlating a secret key with each serial number, and keeping that information in a secure location, such as at the manufacturer. Each optional feature set for the programmable devices is assigned a unique code, and software associated with the programmable device operates according to the feature set identified in the feature set code, if an authentication procedure is passed. The authentication procedure utilizes a secure cryptographic algorithm to calculate an authentication code based on the secret key and the authorized feature set for a programmable device. The authentication code is stored in the programmable device. Periodically, the programmable device automatically self checks itself by recalculating the authentication code. If it matches with the authorized authentication code, the authentication procedure is passed.

Abstract: An apparatus and device for continuously scrambling audio while transmitting or receiving synchronization data. When transmitting, synchronization data will be substituted for scrambled audio but the audio scrambling will continue during those time periods so that once the substituted synchronization data is stopped, the scrambled audio will pick up at a point correlated to the then existing condition of a time dependent scrambling algorithm. The receiver will descramble the scrambled audio but will replay past scrambled audio to replace portions in the received signal that would be otherwise occupied by the synchronization data. In this manner, the quality of received audio is enhanced.

Abstract: In a communication system using quantum cryptography for the distribution of a key, two stations each independently modulate a single-photon signal. The single-photon signal is transmitted to the two stations from an external source, and passes through the stations in series. The signal subsequently passes onto a third station which detects the state of the signal, and compares it with the state of the signal as originally transmitted. This third station communicates the results of the comparison to the two stations, and the two stations establish a shared secret key for the subsequent encryption of traffic between the stations. Both the source of the single-photon signal and the single-photon detector may be combined in a transmitter station (Alice).

Abstract: A multiple function individual intelligent communication platform is disclosed which supports the subscriber at the subscriber's location. Tremendous functionality is incorporated into a single system capable of interfacing with standard telephone equipment, as well as personal computers, infrared remote control sensors, televisions, VCRs, microphones, speakers, and other I/O devices.

Abstract: A method is disclosed for verifying that a check user, a credit card holder, or an account user is authorized to complete a transaction. The issuer of the check or credit card or the verifying entity assigns a security code formula to each user, consisting of two variables: a base code number separated into two parts; and one or more arithmetic modes. The authorized user will calculate a verification code number in a two step process using the two parts of the base code and the check number or transaction amount; he then places it on the check or the transaction slip. Verification can be performed by the issuer, who ensures that a correct verification code number has been entered on the check or transaction slip.

Abstract: An encoding technique of the invention protects software programs and hardware designs from being copied, tampered with, and its functions from being exposed. The software programs and hardware designs (collectively called programs) thus encoded still remain executable. The encoding technique employs the concept of complexity of programs and produces proximity inversion in terms of functions contained in the programs, while preserving the behaviors. Various embodiments are possible to achieve this encoding which includes, for example, cascading and intertwining of blocks of the programs.