Abstract: An information-processing method for application-specific processing of messages. A message is received. Whether the message is in a selected application format is ascertained. If not, the message is routed to a next location. If so, the message is routed to a selected application processor, processed by the processor, and routed to the next location.

Abstract: A computer system has a resource, a verification unit and an execution engine for running a body of program code having an associated signature. A cryptographic key is associated with the resource and when the code is to be loaded into the execution engine a verification operation is run on the signature using the cryptographic key associated with the resource. The execution engine is separate from the resource and when access to the resource is required by the code in the execution engine a further verification operation is conducted on the signature using the cryptographic key associated with the resource. Access to the resource by the code depends upon the result of the verification operation.

Abstract: A method and system for generating a cryptographically random number stream (100) is provided. A system includes a module (102) configured to provide at least two statistically random number streams (106) and (108) and an oscillator (104) operably coupled to the module (102). The oscillator (104) is configured to operate at a frequency which varies in response to physically unpredictable events and to select a current number from one of the at least two statistically random number streams (106) and (108) based on the oscillator's state. A process includes several steps. At least two statistically random number streams are provided (138). A current number is selected (140) from one of the at least two statistically random number streams based on the state of an oscillator operating at a frequency which varies in response to physically unpredictable events. The step of selecting (140) is repeated (142) to create the cryptographically random number stream.

Abstract: A system and method for processing server-to-client and client-to-server data communications using data processing devices (DPDs) in a small-area system, such as a local area network or smaller system. The DPDs act as proxies for the servers to which the transmissions are directed. The DPDs are connected to each other in a small-area system using interconnect devices, preferably forming a bidirectional ring network, so that received transmissions can be passed among the DPDs to the appropriate DPD. The resulting system allows the DPDs to perform processing on the incoming data communications, offloading this task from the destination servers. While the preferred embodiment is specifically drawn to DPDs that perform encryption/decryption, the disclosed system may implement any number of data processing applications on data that is being transmitted between clients and servers.

Abstract: A cryptographic security module holds a cryptographic key having a private part and a public part. The private part is held within the module and is usable only to sign messages generated within the module. The public part can be extracted from the module and is usable by a warranting authority to generate a warrant for the module. The module may be used to generate a new key and the private part of the cryptographic key used to generate a key-generation certificate by signing a key-generation message containing information by which the new key can be identified.

Abstract: A method and apparatus for the generation and use of a biometric cryptographic key to secure and retrieve data that involves combining a random key and the biometric information to generate a template, such that the cryptographic key needed to retrieve the data cannot be obtained from the combination unless the identical user submits his or her biometric information during a subsequent biometric scan at which time the cryptographic key is generated from a combination of the stored template and the scan, allowing the secured data to be released and/or decrypted. Thus, if the system containing the secured data were compromised it would be virtually impossible to decrypt the data because not enough information resides on the system to re-construct the cryptographic key.