Abstract: A security and access management system provides unified access management to address the specific problems facing the deployment of security for the Web and non-Web environment. Unified access management consists of strategic approaches to unify all key aspects of Web and non-Web security policies, including access control, authorization, authentication, auditing, data privacy, administration, and business rules. Unified access management also addresses technical scalability requirements needed to successfully deploy a reliable unified Web and non-Web security system. The security and access management system provides the technology required to support these key factors as they relate to Web and non-Web security. The security and access management system operates in combination with network and system security tools such as firewalls, network intrusion detection tools, and systems management tools to provide comprehensive security for the Web-enabled enterprise.

Abstract: A system and method for obtaining traceable anonymous digital cash from a bank using a trustee as a trusted third-party. A user establishes her identity with the trustee using a secret known by the user. The user transmits to the trustee information describing a blinded traceable digital coin. The user receives from the trustee a trustee token including a signature by the trustee on the blinded coin. The user transmits the blinded coin and the trustee token to a bank. The user receives a signature from the bank certifying the blinded coin. The user can then unblind the coin, and spend the coin at a merchant. The system and method support both tracing of the identity of a user from a coin, referred to as coin tracing, and generation of a list of all coins belonging to a given user, referred to as owner tracing. Both of these operations require very little computation and database access. To determine the identity of the user, the trustee can generate the list of coins associated with a user.

Abstract: Methods and apparatus are disclosed for demonstrating that a public/private key pair is cryptographically strong without revealing information sufficient to compromise the private key. A key pair can be shown to be cryptographically strong by demonstrating that its modulus N is the product of two relatively large prime numbers. In addition, a key pair can be shown to be cryptographically strong by demonstrating that N is cryptographically strong against Pollard factoring attacks, Williams factoring attacks, Bach-Shallit factoring attacks, and weighted difference of squares factoring attacks.

Abstract: The invention generates a random bit string from a sequence of readings taken from a potentially biased source of randomness, such as a random stationary source which can be represented as a biased die. A simulated unbiased source is generated from the potentially biased source, and a reading is taken from the simulated unbiased source. The reading is then converted to a bit string. Taking a reading from the simulated unbiased source may involve generating an integer pair (R,S), which depends on the sequence of readings from the random source, and represents a roll of value R on a simulated unbiased die U with S sides. The pair (R,S) is then converted into an output bit string bkbk−1 . . . b1 which is unbiased over sequences of readings from the random source.

Abstract: The invention provides improved techniques for multiplication of signals represented in a normal basis of a finite field. An illustrative embodiment includes a first rotator which receives a first input signal representative of a first normal basis field element (a0 a1 . . . am−1), and a second rotator which receives a second input signal representative of a second normal basis field element (b0 b1 . . . bm−1). A word multiplier receives output signals from the first and second rotators, corresponding to rotated representations of the first and second elements, respectively, and processes the rotated representations w bits at a time to generate an output signal representative of a product of the first and second elements, where w is a word length associated with the word multiplier. The rotated representation of the first element may be given by A[i]=(ai ai+1 . . .

Abstract: The invention provides apparatus and methods for use in basis conversion involving a dual basis, such as a dual of a polynomial basis or dual of a normal basis. The invention in an illustrative embodiment includes basis generators for generating elements of a dual of a polynomial or a normal basis of a finite field GF(qm), where q is a prime number or power of a prime number and m is an integer greater than or equal to 2. The basis generators can be used in “import” basis conversion, such as converting a representation in an external basis to a representation in an internal dual of a polynomial basis or dual of a normal basis, as part of a generate-accumulate algorithm, or in “export” basis conversion, such as converting a representation in an internal dual of a polynomial basis or dual of a normal basis to a representation in an external basis, as part of a generate-evaluate algorithm.

Abstract: A plaintext message to be encrypted is segmented into a number of words, e.g., four words stored in registers A, B, C and D, and an integer multiplication function is applied to a subset of the words, e.g., to the two words in registers B and D. The integer multiplication function may be a quadratic function of the form ƒ(x)=x(ax+b) or other suitable function such as a higher-order polynomial. The results of the integer multiplication function are rotated by lg w bits, where lg denotes log base 2 and w is the number of bits in a given word, to generate a pair of intermediate results t and u. An exclusive-or of another word, e.g., the word in register A, and one of the intermediate results, e.g., t, is rotated by an amount determined by the other intermediate result u. Similarly, an exclusive-or of the remaining word in register D and the intermediate result u is rotated by an amount determined by the other intermediate result t.

Abstract: A system, method, and data structure provide for securely synchronizing passwords and/or other information between systems. The password-related information is stored in the systems in a secure manner, and a user or some other, external agent participates actively in the transmission of a new password between systems. A password update file is communicated or shared between systems to synchronize passwords.

Abstract: A protocol for establishing the authenticity of a client to a server in an electronic transaction by encrypting a certificate with a key known only to the client and the server. The trust of the server, if necessary, can be established by a public key protocol. The client generates and sends over a communications channel a message containing at least a part of a certificate encrypted with the server's public key or a secret session key. The server receives and processes the message to recover at least part of the certificate, verifies and accepts it as proof of the client's authenticity.

Abstract: The invention provides techniques for implementing secure transactions using an instrument referred to as "executable digital cash." In an illustrative embodiment, a first user generates a piece of digital cash representing an offer made by that user. The piece of digital cash includes a digital certificate authorizing the first user to make specified transfers, and an offer program characterizing the offer. The piece of digital cash is broadcast or otherwise transmitted to one or more additional users, utilizing a mobile agent or other suitable mechanism, such that a given one of these users can evaluate the offer using the offer program. For example, a second user could execute the offer program with a specific bid as an input to determine what that user would receive upon acceptance of his bid.

Abstract: A method and apparatus for inhibiting unauthorized access to or utilization of a container or other protected device wherein a free standing lock or other control is provided, the state of which may be varied in response to receipt of a dynamic non-predictable code. The device may be a lock which when in a first state locks the container or other device, but which may switch to an unlocked state in response to verification that an authorized dynamic non-predictable code has been received. Alternatively, the control may be a mechanism integrally formed with the protected device which, when in a first state, inhibits and prevents normal operation of the device, permitting such operation when the mechanism is in its second state. The non-predictable code may be produced by a token carried by an authorized user, may involve query response operations, or may otherwise be generated in manners known in the art.

Abstract: A protocol for establishing the authenticity of a client to a server in an electronic transaction by encrypting a certificate with a key known only to the client and the server. The trust of the server, if necessary, can be established by a public key protocol. The client generates and sends over a communications channel a message containing at least a part of a certificate encrypted with the server's public key or a secret session key. The server receives and processes the message to recover at least part of the certificate, verifies and accepts it as proof of the client's authenticity.

Abstract: Methods and apparatus for providing secure user identification or digital signatures based on evaluation of constrained polynomials. In an exemplary user identification technique, a prover sends a verifier a commitment signal representative of a first polynomial satisfying a first set of constraints. The verifier sends the prover a challenge signal representative of a second polynomial satisfying a second set of constraints. The prover generates a response signal as a function of (i) information used to generate the commitment signal, (ii) a challenge signal, and (iii) a private key polynomial of the prover, such that the response signal is representative of a third polynomial satisfying a third set of constraints. The verifier receives the response signal from the prover, and authenticates the identity of the prover by evaluating a function of information contained in at least a subset of (i) the commitment signal, (ii) the challenge signal, (iii) the response signal and (iv) a public key of the prover.