Abstract: A method and apparatus for public key management is accomplished when an associated authority provides, from time to time, a public key of at least one of a plurality of certificate authorities to a client. The associated authority provides the public key in a trustworthy manner over an on-line communication path and/or a store and forward communication path, which may be done using a self-signed signature public key certificate. Upon receiving the public key, the client maintains it in a storage medium associated with a client cryptographic engine. When a client application needs a security-related operation to be performed, it evokes the client cryptographic engine via an application program interface. Upon being evoked the client cryptographic engine determines whether a public key certificate associated with the security-related operation is verified as authentic based on the public key of at least one of the plurality of certification authorities.

Abstract: A method and apparatus for securing and accessing data elements within a database is accomplished by securing a symmetric key based on an encryption public key. This may be done for the entire database or portions thereof. Once a symmetric key is secured, the computing system may receive a data element for storage in a database. When a data element is received, the computing device retrieves the secured symmetric key and then decrypts it based on a decryption private key. Having decrypted the secured symmetric key, the recaptured symmetric key is used to secure the data element. The securing is done utilizing an encryption algorithm and the symmetric key. Once the data element has been secured, it is stored in the database. To retrieve a secured data element from the database, a request for access must be received. Once a request is received, the computing device retrieves a secured data element in response to the request.

Abstract: A method and apparatus for accessing user specific encryption information is accomplished upon receiving a request for access to user specific encryption information from a requesting entity. Based on the identity of the requesting entity and/or the type of request, a server determines the requesting entity's authorized level of access to user specific encryption information. Based on the authorized level of access, the requesting entity is provided with controlled access to the user specific information.

Abstract: A method of generating a substitution box (S-box) involves generating an S-box with desired characteristics, forming a new S-box with another column such that the new S-box has the desired characteristics as well, and continuing to add columns in these ways until the S-box has the proper size.

Abstract: A method of encrypting or decrypting an input message block of binary data of predetermined length 2n into an output message block by dividing the message block into two equal size halves, performing one or more transformation rounds on the message block halves, each transformation round further comprising the steps of determining a key, processing the first half data block using a hash function to obtain a modified first half data block of length n, and combining the modified first half data block with the second half data block to obtain a modified second half data block of length n; and, lastly, appending the first modified half data block to the second modified half data block to obtain the output message block.

Abstract: The invention allows for transporting, in different degrees of security strength, a symmetric key encrypted using an asymmetric encryption technique, and along with this transporting ciphertext derived from plaintext encrypted under this symmetric key. The encryptor encrypts the plaintext using a symmetric whose strength is commensurate with the trust level of the environment in which the encryptor is located. The encryptor encrypts this symmetric key for one or more intended recipients using an asymmetric technique commensurate with a high-trust environment. In the case of the encryptor residing in the low-trust environment, the encryptor additionally encrypts this symmetric key using an asymmetric encryption public key of the originator itself (or alternatively, that of a third party). Decryption equipment in all environments uses the decryption process corresponding to an algorithm identifier included by the originator.