Abstract: The DigiPass for the Web provides security for internet communication greater than that achieved by the use of a static password without requiring the user to install any software or to possess or use dedicated hardware of any kind. The user merely access an appropriate website which downloads an applet to the user's browser. This is a conventional function which is handled by the browser and does not require any expertise on the part of the user. The browser relies on a password known only to the user for authenticating the user to the browser/applet. The browser/applet interacts with the server to create an authentication key which is then stored on the user's computer. The user can invoke the authentication key dependent on the user's presentation to the browser/applet of the password. Since the password is not used outside the user-browser/applet interaction it is not subject to attacks by hackers.

Abstract: A magnetic field verifier apparatus includes a magnetic field detection element configured to produce a voltage signal in response to an applied magnetic field wherein the voltage signal corresponds to the strength of the applied magnetic field. Substantially identical circuit boards or units are connected to a central unit or mother board to place magnetic field detection elements of each board or unit in an mutually approximately orthogonal relationship. A microcontroller is in communication with the voltage signal. The magnetic field verifier apparatus is configurable to sense particular field strengths at various frequencies and store the readings to provide the user with a reliable verification that a particular magnetic field strength has been produced in a particular environment.

Abstract: The invention provides a method, apparatus, computer readable medium and signal which allows the usage of devices containing PKI private keys such as PKI-enabled smart cards or USB sticks to authenticate users and to sign transactions. The authenticity of the user and/or the message is verified. Furthermore the operation (authentication and/or signing) occurs without the need for an application to have some kind of a direct or indirect digital connection with the device containing the private key. In addition the operation occurs without the need for the PKI-enabled device containing the private key (e.g. a PKI smart card or USB stick) to either support symmetric cryptographic operations or to have been personalized with some secret or confidential data element that can be read by a suitable reader.

Abstract: Generation of an intense magnetic field to erase high coercivity magnetic media uses delivery of energy to a degaussing cavity. To conserve energy storage and delivery requirements and to obtain a desired magnetic strength generally uniformly within the cavity, strategic placement of supplemental turns at ends of the magnetic field generating coil wound around the cavity can promote uniformity. Construction of at least cavity ends from an adequate quantity of magnetically soft ferrous material can also promote uniformity. A combination of both approaches is possible.

Abstract: A magnetic field verifier apparatus includes a magnetic field detection element configured to produce a voltage signal in response to an applied magnetic field wherein the voltage signal corresponds to the strength of the applied magnetic field. A current source coupled to the magnetic field detection element provides a stimulating current for the magnetic field detection element that builds in a ramp-like progression. A microcontroller is in communication with the voltage signal wherein the microcontroller is configured to detect and control the ramping time of the magnetic field detection element and to sense after the ramping time the voltage signal from the magnetic field detection element. The magnetic field verifier apparatus is configurable to sense particular field strengths at various frequencies and store the readings to provide the user with a reliable verification that a particular magnetic field strength has been produced in a particular environment.

Abstract: The invention relates to a method to efficiently transmit a digital message over a unidirectional optical link, such as the link between a computer screen and a security token equipped with photosensitive elements. It is an object of this invention to provide a source coding scheme that is optimized for transmissions of alphanumerical data containing frequent occurrences of numerals and less frequent occurrences of non-numerical data. This is achieved by using a modified Huffman code for source coding, consisting of a nibble-based prefix-free binary code. The output of the coder is efficiently mapped onto a 6B4T channel code, wherein unused ternary codewords can be used to signal data-link layer events. This efficient signalling of data-link layer events, in turn, allows for a synchronization scheme based on repeated transmissions of a finite-length message, combined with an out-of-band clock signal.

Abstract: The invention describes a method and system for verifying the link between a public key and a server's identity as claimed in the server's certificate without relying on the trustworthiness of the root certificate of the server's certificate chain. The system establishes a secure socket layer type connection between a client and a server, wherein the server transmits information including the server's public key to the client while establishing the connection. Next, a first information is sent from the client to the server. The client and the server create an identical authentication key using a shared secret known to the server and the client. Next, the server transmits a first encrypted message to the client, wherein the first encrypted message includes the server's public key encrypted with the authentication key.

Abstract: The invention provides a method, apparatus, computer readable medium and signal which allows the usage of devices containing PKI private keys such as PKI-enabled smart cards or USB sticks to authenticate users and to sign transactions. The authenticity of the user and/or the message is verified. Furthermore the operation (authentication and/or signing) occurs without the need for an application to have some kind of a direct or indirect digital connection with the device containing the private key. In other words a digital connection that would allow an application to submit data to the card for signing by the card's private key and that would allow retrieving the entire resulting signature from the card is not required. In addition the operation occurs without the need for the PKI-enabled device containing the private key (e.g.

Abstract: The device of the present invention, having at least one activation button, is further equipped with a sensor adapted to detect conditions under which unintentional triggering of the activation button is likely. The sensor is operatively coupled with the activation button to suspend its effect when the target conditions are being detected. The undesired side-effects of false button activations, including battery drain and activation counter drift, are thus avoided, increasing the device's lifespan and user convenience. In a particular embodiment, the sensor is a decoy button located near the activation button, which serves to de-activate the activation button.

Abstract: The present invention relates to the field of pocket-size electronic devices, including credit card sized devices such as authentication tokens. It consists of an improvement of the well-known “raised ridge” to protect individual buttons from false key presses, obtained by applying embossing. A known problem with applying embossing to cards containing electronic components, is the fact that the embossing process may damage the components or the wiring inside the card. In the process according to the invention, an embossed ridge of a judiciously designed shape is used to avoid such damage.

Abstract: The present invention relates to the field of authentication of users of services over a computer network, more specifically within the paradigms of federated authentication or single sign-on. A known technique consists of associating different trust levels to different authentication mechanisms, wherein the respective trust levels give access to different information resources, notably to provide the possibility to protect more sensitive resources with a stronger form of authentication. The present invention provides a mechanism to allow the trust level to decrease without re-authenticating with the single sign on system, down to the level at which it is no longer sufficient to obtain access to a desired resource. Only then, the user needs to reauthenticate.

Abstract: A permanent magnet degausser includes at least one magnetic field generator comprising magnetic elements arranged near a media conveyance path and a conveyor for transporting magnetic media through a magnetic media conveyance path. A passive belt or protector plate may be provided to assist the passage of the magnetic media through the applied magnetic field. The conveyor may be a continuous motion conveyor belt including cleats for holding the magnetic media or a reciprocal media conveyor including magnetic storage media bin. The magnetic field generator may include permanent magnets of varying intrinsic coercivities and/or remanences.

Abstract: A permanent magnet degausser includes at least one magnetic field generator comprising magnetic elements arranged near a media conveyance path and a conveyor for transporting magnetic media through a magnetic media conveyance path. A passive belt or protector plate may be provided to assist the passage of the magnetic media through the applied magnetic field. The conveyor may be a continuous motion conveyor belt including cleats for holding the magnetic media or a reciprocal media conveyor including magnetic storage media bin. The magnetic field generator may include permanent magnets of varying intrinsic coercivities and/or remanences.

Abstract: The present invention is directed towards authentication tokens that are completely embedded in a non-conductive enclosure. The invention is based on the insight that it would be advantageous to separate the electronic data personalization of such tokens from the visual device personalization. The present application concerns an authentication token that allows communication with an external unit after the production of the nonconductive enclosure, in order to transmit or receive device identification data. As this communication need only take place during the manufacturing process, a low-power close-range transmission technique such as inductive coupling, capacitive coupling, or RFID communication suffices for this purpose. Accordingly, the present application discloses a method for manufacturing authentication tokens, and a token manufactured according to said method.

Abstract: The operations required to verify the origin and the authenticity of a software module for an electronic device can advantageously be divided between a general-purpose computer, hereinafter the host, having the electronic device attached to it, and the electronic device itself. More specifically, memory and processing intensive tasks such as syntax checking are done at the host, while security-critical tasks such as cryptographic verifications are done at the electronic device. The present invention thus provides a method for updating software on an electronic device in a trusted way, wherein verification steps are divided between a host system connected to the electronic device, and the electronic device itself. The present invention thus further provides a storage medium containing a program for a host system, causing this host system to perform verification steps with respect to a software update for an attached electronic device, and to appropriately interact with said electronic device.

Abstract: A magnetic field verifier apparatus includes a magnetic field detection element configured to produce a voltage signal in response to an applied magnetic field wherein the voltage signal corresponds to the strength of the applied magnetic field. A current source coupled to the magnetic field detection element provides a stimulating current for the magnetic field detection element that builds in a ramp-like progression. A microcontroller is in communication with the voltage signal wherein the microcontroller is configured to detect and control the ramping time of the magnetic field detection element and to sense after the ramping time the voltage signal from the magnetic field detection element. The magnetic field verifier apparatus is configurable to sense particular field strengths at various frequencies and store the readings to provide the user with a reliable verification that a particular magnetic field strength has been produced in a particular environment.

Abstract: The invention relates to a method to efficiently transmit a digital message over a unidirectional optical link, such as the link between a computer screen and a security token equipped with photosensitive elements. It is an object of this invention to provide a source coding scheme that is optimized for transmissions of alphanumerical data containing frequent occurrences of numerals and less frequent occurrences of non-numerical data. This is achieved by using a modified Huffman code for source coding, consisting of a nibble-based prefix-free binary code. The output of the coder is efficiently mapped onto a 6B4T channel code, wherein unused ternary codewords can be used to signal data-link layer events. This efficient signalling of data-link layer events, in turn, allows for a synchronization scheme based on repeated transmissions of a finite-length message, combined with an out-of-band clock signal.

Abstract: One or more pairs of magnet assemblages (14 and 16) are provided with magnetized segments (21-30) arranged in a Halbach-like array. The magnet assemblages (14 and 16) define a gap (18) through which magnetic data storage media (12) pass in a direction (20) across the segments (21-30). The magnetized sides (36) of the magnet assemblages (14 and 16) face each other thereby creating strong magnetic fields which degauss the magnetic data storage media (12) passing through the gap (18).

Abstract: The invention defines a strong authentication token that remedies a vulnerability to a certain type of social engineering attacks, by authenticating the server or messages purporting to come from the server prior to generating a one-time password or transaction signature; and, in the case of the generation of a transaction signature, signing not only transaction values but also transaction context information and, prior to generating said transaction signature, presenting said transaction values and transaction context information to the user for the user to review and approve using trustworthy output and input means.

Abstract: The present invention provides a method and a device to convert a time varying optical pattern emitted by a display into a digital data signal. More specifically the invention allows a handheld security token to convert a time-varying light intensity pattern emitted by a source such as a computer screen into a digital signal including a sequence of coded data symbols. The invention is based on the insight that the intensity of light emitted by regions of said source can be easily sampled by a simple low-cost processor if appropriate A/D conversion hardware converts the incident light into an electrical signal which is time varying, whereby the base frequency of this electrical signal is a function of the light intensity. Intensity levels used for channel coding and symbol clock can be recovered from the signal by the receiver.