Abstract: Methods and apparatuses are disclosed for securing cryptosystems against external monitoring attacks by reducing the amount (and signal to noise ratio) of useful information leaked during processing. This is generally accomplished by incorporating unpredictable information into the cryptographic processing. Various embodiments of the invention use techniques such as reduction of signal to noise ratios, random noise generation, clock skipping, and introducing entropy into the order of processing operations or the execution path. The techniques may be implemented in hardware or software, may use a combination of digital and analog techniques, and may be deployed in a variety of cryptographic devices.

Abstract: Methods and apparatuses are disclosed for securing cryptosystems against external monitoring attacks by reducing the amount (and signal to noise ratio) of useful information leaked during processing. In general, this is accomplished by implementing critical operations using “branchless” or fixed execution path routines whereby the execution path does not vary in any manner that can reveal new information about the secret key during subsequent operations. More particularly, various embodiments of the invention include: implementing modular exponentiation without key-dependent conditional jumps; implementing modular exponentiation with fixed memory access patterns; implementing modular multiplication without using leak-prone multiplication-by-one operations; and implementing leak-minimizing multiplication (and other operations) for elliptic curve cryptosystems.

Abstract: A user inputting his access code (e.g., PIN or password) into an computing environment to access a transaction is at risk of losing the access code to an attacker who has physical or electronic access to the computing environment. To minimize this risk, the access code can be entered via a plurality of user-selectable fields, each of which takes on a series of values, the initially displayed values of which are established in a random or otherwise unpredictable manner. The user then uses a mouse, keyboard, or other input device to increment each of the selectable fields until the access code is correctly entered. Because of the randomization of the initial state, an attacker tracking the locations or number of mouse clicks or other navigation actions can not determine the finally entered access code by, e.g., computing an offset from a known initial state.

Abstract: The present invention provides an apparatus and method for confirming, timestamping, and archiving documents using telecopiers (e.g., facsimile machines). A user sends a document to a timestamping service via facsimile, which archives the transmission with a timestamp. A submission receipt, containing size-reduced images of the submission and a document identification value (DIV), is prepared and sent to the sender. The DIV can later be submitted to the timestamping service to obtain verification that the document was received at the indicated time. In addition, the invention allows for various other forms of document transmission, document identification, and timestamp verification. The invention is thus useful in any situation where it is desired to prove that a document was in existence at a given time. Other embodiments of the invention provide senders of facsimile and telecopier transmissions with confirmation that their transmissions were received successfully.

Abstract: A digital wallet stores an cryptographically camouflaged access-controlled datum, e.g., a private key encrypted under the user's PIN. Entry of the correct PIN will correctly decrypt the stored key. Entry of certain pseudo-valid PINs will also decrypt the stored key, but improperly so, resulting in a candidate key indistinguishable from the correct key. Such pseudo-valid PINs are spread thinly over the space of PINs, so that the user is unlikely to realize a pseudo-valid PIN via a typographical error in entering the correct PIN. In existing wallet technologies, which lack pseudo-valid PINs, only the correct PIN produces a decrypted key; thus, hackers can find the correct PIN by entering all possible PINs until a key is produced. The present invention's plurality of candidate keys prevent a hacker from knowing when he has found the correct key. In addition, hacker detection may be moved off-line into devices accepting messages signed with candidate keys, and/or the lockout threshold may be increased.

Abstract: A method and system for generating improved command progress indicator including the steps of establishing at a location of a display at least one computer-generated graphic indicator associated with at least one computer executable operation in a first-state appearance, the graphic indicator having a first-state appearance and a dynamic second-state appearance, signaling the computer to conduct an operation, altering the appearance of the computer-generated graphic indicator from the first-state appearance to the dynamic second-state appearance while the computer is conducting the operation, and restoring the appearance of the computer-generated graphic indicator from the dynamic second-state appearance to the first-state appearance when the computer has completed the operation.

Abstract: In many computer applications, sensitive information must be kept on an untrusted machine. Such information must be protected against attackers, as well as against partially trusted entities to be given partial, but not total, access to the stored information. This invention provides a method, apparatus and computer-readable data structure for inhibiting an attacker from accessing or corrupting information stored by an untrusted machine. More specifically, in a log file generated during a process in which the untrusted machine is in limited communication with a trusted machine, entries generated prior to the attack remain secure (they cannot be modified without detection), even though subsequent entries can not be trusted. One embodiment of the invention also allows a partially trusted verifier to read and verify entries in the log file, but not to change them without detection.

Abstract: Methods and apparatus are provided for selecting advertisements and other information from a computer network database based on user defined preferences and transmitting the selected advertisement in background mode over a communications link between the computer network and a local computer with minimal interference with other processes communicating over the communications link. This method includes monitoring the communications link and transmitting portions of the advertisement when the communications link line utilization is below a preestablished threshold. Methods and apparatus are also provided for displaying or otherwise presenting the selected advertisements on the user's computer. Additional methods and apparatus are provided for selecting and presenting information stored on a local storage media based on user defined preferences.