Abstract: A cryptographic key split combiner, which includes a number of key split generators for generating cryptographic key splits and a key split randomizer for randomizing the cryptographic key splits to produce a cryptographic key, and a process for forming cryptographic keys. Each of the key split generators generates key splits from seed data. The key split generators may include a random split generator for generating a random key split based on reference data. Other key split generators may include a token split generator for generating a token key split based on label data, a console split generator for generating a console key split based on maintenance data, and a biometric split generator for generating a biometric key split based on biometric data. All splits may further be based on static data, which may be updated, for example by modifying a prime number divisor of the static data. The label data may be read from a storage medium, and may include user authorization data.

Abstract: A cryptographic key split combiner, which includes a number of key split generators for generating cryptographic key splits and a key split randomizer for randomizing the cryptographic key splits to produce a cryptographic key, and a process for forming cryptographic keys. Each of the key split generators generates key splits from seed data. The key split generators may include a random split generator for generating a random key split based on reference data. Other key split generators may include a token split generator for generating a token key split based on label data, a console split generator for generating a console key split based on maintenance data, and a biometric split generator for generating a biometric key split based on biometric data. All splits may further be based on static data, which may be updated, for example by modifying a prime number divisor of the static data. The label data may be read from a storage medium, and may include user authorization data.

Abstract: A process of encrypting an object includes applying a hash algorithm to the object, generating a random number, combining a first plurality of splits including the random number to form a working split, encrypting the object using the working split, combining a second plurality of splits not including the random number to form a value, encrypting the random number using the value, encrypting the hashed object according to a signature algorithm using a user private key, encrypting the hashed object according to a selected algorithm using the working split as a key, forming a header including information that can be used to decrypt the object, encrypting the header, and adding the encrypted header to the encrypted object. The pluralities of splits include a fixed split, a variable split, and a label split corresponding to a selected label. The header includes the encrypted random number, a label, and a digital signature.

Abstract: A communication system, which includes an origination space, a communications channel, and a destination space associated with the origination space via the communications channel. The origination space includes an encryption engine for generating an output symbol Ot based on an input symbol It and means for receiving an encrypt key, an encrypt text/key relation, and the input symbol. The destination space includes a decryption engine for generating a decrypted symbol I′t based on the output symbol received from the origination space via the communications channel and means for receiving a decrypt key and a decrypt text/key relation. The encrypt text/key relation controls the encryption engine such that Ot=&agr;N(t)+&pgr;N[&agr;N−1(t)+&pgr;N−1[&agr;N−2(t)+ . . . +&pgr;2[&agr;1(t)+&pgr;1[It+&agr;0(t)]] . . . ]], mod W, where &agr;N, &agr;N−1, . . .

Abstract: An RF identification system, including an identification tag having a unique RF signature, a source for generating RF energy, and a detector for reading the signature when the identification tag is illuminated the RF energy generated by the source. The identification tag includes a base formed from an electrically non-conductive material and metal particles distributed randomly in the base. Detected signatures may be stored for later comparison against detected signatures for identification purposes. Biometric data may be read and associated with corresponding signatures to identify and link objects with persons.

Abstract: A communication system, which includes an origination space, a communications channel, and a destination space associated with the origination space via the communications channel. The origination space includes an encryption engine for generating an output symbol O.sub.t based on an input symbol I.sub.t and means for receiving an encrypt key, an encrypt text/key relation, and the input symbol. The destination space includes a decryption engine for generating a decrypted symbol I'.sub.t based on the output symbol received from the origination space via the communications channel and means for receiving a decrypt key and a decrypt text/key relation. The encrypt text/key relation controls the encryption engine such that O.sub.t =.alpha..sub.N (t)+.pi..sub.N [.alpha..sub.N-1 (t)+.pi..sub.N-1 [.alpha..sub.N-2 (t)+ . . . +.pi..sub.2 [.alpha..sub.1 (t)+.pi..sub.1 [I.sub.t +.alpha..sub.0 (t)]] . . . ]], mod W, where .alpha..sub.N, .alpha..sub.N-1, . . . , .alpha..sub.1, .alpha..sub.

Abstract: A system for increasing the security of a computer system, while giving an individual user a large amount of flexibility and power. To give users the most power and flexibility, a standard object that has the capability to embed objects is used. To allow users even more flexibility, a standard object tracking mechanism is used that allow users to distribute multiple encrypted embedded objects to other individuals in a single encrypted object. By effecting compartmentalization of every object by label attributes and algorithm attributes, multi-level multimedia security is achieved.

Abstract: A system for the secure communication of a message from a transmitting user to a receiving user using a split key scheme. Each user generates a key component using a cryptographic engine. The key component is a pseudorandom sequence of bits with an appended error detection field which is mathematically calculated based on the pseudorandom sequence. This key component is then sent out on a communications channel from the transmitting user to the receiving user. The receiving user also sends its key component to the transmitting user. Each location performs a mathematical check on the key component received from the other location. If the key component checks pass at both locations, the transmit key component and the receive key component, including the error detection fields, are combined at both locations, forming identical complete keys at both locations.

Abstract: A proximity detection device for protection of personnel against exposure to hazardous radio frequency radiation. The device works by detecting the presence of people, either the operator or bystanders, who are in the system antenna's radio frequency radiation hazard zone. Upon detection, the device triggers a timer that delays the activation of alarm circuitry for a brief period of time. This time delay is instituted to minimize the triggering of nuisance alarms by a momentary intrusion in the hazard zone. If a presence is still detected after the delay time, pulsing visual and audible alarms are triggered to alert the system operator of the dangerous situation. The alarms remain activated for a timed period, allowing the operator to clear the hazard zone.

Abstract: An access control system which uses a password token scheme for controlling user access to data within computer systems. The key component in the access control system is an optical token card that is capable of receiving optically encoded information directly from the CRT display of a standard personal computer and processing the information for use in identification and authentication procedures, cryptographic key management schemes, and administrative procedures such as maintaining audit trails. This design permits the use of much longer strings of challenge input data without the addition of peripheral readers to the system.

Abstract: A portable voice and data encryption device designed to be used with normal wideband telephone and cellular telephones, computers and facsimile machines to transmit voice and data in encrypted form. The V/DED comprises a voice and data encryption module, an encryption and control module, and a modem module. The modem module can adapt its data rate to account for the changes in the signal strength between the sending and receiving sites. The encryption and control module senses the change in data rate of the modem module during transmission and synchronizes the activities of the voice and data module so that the amount of data being produced for encryption and transmission matches the data rate being experienced by the modem module. The V/DED very simply connects to the wall jack of a normal PSTN with the computer, telephone, or facsimile machine plugging directly into the V/DED.

Abstract: A system for the secure communication of a message from a transmitting user to a receiving user using a split key scheme. Each user generates a key component using a cryptographic engine. The key component is a pseudorandom sequence of bits with an appended error detection field which is mathematically calculated based on the pseudorandom sequence. This key component is then sent out on a communications channel from the transmitting user to the receiving user. The receiving user also sends its key component to the transmitting user. Each location performs a mathematical check on the key component received from the other location. If the key component checks pass at both locations, the transmit key component and the receive key component, including the error detection fields, are combined at both locations, forming identical complete keys at both locations.

Abstract: A method and apparatus for ensuring the security of messages communicated on a network. The system employs different levels of security to ensure that communication integrity is not breached. A user must first enter a valid password to clear the access control subsystem. The sending user must also possess valid cryptographic information and belong to a particular organization and/or be located at a particular device in order to encrypt a plain text message that is to be transmitted over the network. The device and organization information, along with receiving user information specified by the sending user, will then be grouped into a header which will be appended to the outgoing encrypted message. In order to receive a transmitted message, a receiving user must be the particular receiving user and be part of the particular group specified by the sending user, and must be attempting to receive the communication at the device specified in the message header.

Abstract: A system for increasing the security of a computer system, while giving an individual user a large amount of flexibility and power. To give users the most power and flexibility, a standard object that has the capability to embed objects is used. To allow users even more flexibility, a standard object tracking mechanism is used that allows users to distribute multiple encrypted embedded objects to other individuals in a single encrypted object. By effecting compartmentalization of every object by label attributes and algorithm attributes, multi-level multimedia security is achieved.