Abstract: A cryptographic key split binder includes key split generators that generate cryptographic key splits from seed data and a key split randomizer for randomizing cryptographic key splits to produce a cryptographic key, and a process for forming cryptographic keys. Key split generators can include a random split generator for generating a random key split based on reference data, a token split generator for generating a token key split based on label data, a console split generator for generating a console key split based on maintenance data or a biometric split generator for generating a biometric key split based on biometric data. Any key split can further be based on static data, which can be updated. Label data can be read from a storage medium, and can include user authorization data. A cryptographic key can be, for example, a stream of symbols, at least one symbol block, or a key matrix.

Abstract: A cryptographic key split combiner, which includes a number of key split generators (42, 48, and 56) for generating cryptographic key splits (32, 34, 36, 38, and 64) and a key split randomizer for randomizing the cryptographic key splits to produce a cryptographic key (62), and a process for forming cryptographic keys. Each of the key split generators (42, 48 and 56) generates key splits (32, 34, 36, 38, and 64) from seed data (40, 44, 46, 50, 52, 54, 58, and 60). The key split generators may include a random split generator (42) for generating a random key split (32) based on reference data (40) and encryption date/time (44).

Abstract: A method of providing cryptographic information and flow control includes first determining a target domain from an IP address. An organization policy is looked up from a credential store, and an algorithm and credentials specified for the target domain are looked up in a domain-credential map. Any further credentials that are provided and that are permitted by the organizational policy are added. A working key is then generated, and information is received in the form of a receive packet. Any packet header is stripped from the receive packet and the remaining data is encrypted. Key splits are retrieved from the credential store, and are combined to form a key-encrypting key. The working key is the encrypted with the key-encrypting key, and a CKM header is encrypted. The encrypted CKM header is concatenated to the beginning of the encrypted data to form transmit data, and the packet header and the transmit data are concatenated to form a transmit packet.

Abstract: A cryptographic key split combiner includes a number of key split generators for generating cryptographic key splits from seed data, and a key split randomizer for randomizing the key splits to produce a cryptographic key. The key split generators can include a random split generator for generating random key splits, a token split generator for generating token key splits based on label data, a console split generator for generating console key splits based on maintenance data, a biometric split generator for generating biometric key splits based on biometric data, and a location split generator for generating location key splits based on location data. Label data can be read from storage, and can include user authorization data. A process for forming cryptographic keys includes randomizing or otherwise binding the splits to form the key.

Abstract: A system provides cryptographic processing of input data on a parallel processor array that includes plural processors. A format filter extracts control and main data from the input data. A control unit receives the control data, and based on the control data, forwards control and cryptographic parameters to the processors. A first distributor distributes to each processor at least a portion of the main data. A second distributor receives output information from each processor, and based thereon, generates output data. Each processor generates output information based on the control and cryptographic parameters. The output data is a cryptographic processing result.

Abstract: A method of securing an object at an access level includes selecting a profile for a user, including a credential having an encrypted credential public key, an encrypted credential public key encryption key, and a multiple-level access identifier. A working key is generated by binding a domain value with a random value. The object is encrypted with the working key. A random value encryption key is generated based on the shared value by decrypting the credential public key encryption key with the profile key encryption key, decrypting the credential public key with the credential public key encryption key, generating an ephemeral key pair, and generating a shared value based on the ephemeral private key and the credential public key. The random value is encrypted with the random value encryption key, and the encrypted object, the ephemeral public key, and the encrypted random value are provided for an authorized recipient.

Abstract: A method and apparatus for deploying assemblies, for example, for surveillance equipment, in which a single remotely-operated carriage is used to position each assembly, in turn, on a respective upright support pole. The carriage can be moved away from the assembly when the assembly is located at a desired position on the support pole. Assemblies may, therefore, be deployed more cost effectively than by existing methods and apparatus, which require each assembly to be motorized.

Abstract: A method of authenticating the identity of a user to determine access to a system includes providing a plurality of factor-based data instances corresponding to a user, evaluating the factor-based data instances to determine if the user's identity is authenticated, and granting or restricting the user's access to the system if the user's identity is authenticated. More particularly, the method includes providing a modified data instance based on a second data instance, generating a key based on a first data instance, applying the key to the a modified data instance to generate a recovered data instance, interrogating the recovered data instance against the second data instance to generate an authentication value as a result of a correspondence evaluation, and granting or restricting the user's access to the system based at least in part on the validity of the authentication value.

Abstract: A method of securing an object at an access level includes selecting a profile for a user, including a credential having an encrypted credential public key, an encrypted credential public key encryption key, and a multiple-level access identifier. A working key is generated by binding a domain value with a random value. The object is encrypted with the working key. A random value encryption key is generated based on the shared value by decrypting the credential public key encryption key with the profile key encryption key, decrypting the credential public key with the credential public key encryption key, generating an ephemeral key pair, and generating a shared value based on the ephemeral private key and the credential public key. The random value is encrypted with the random value encryption key, and the encrypted object, the ephemeral public key, and the encrypted random value are provided for an authorized recipient.

Abstract: A secure accounting and operational method, whereby process elements are provided to a process, selected process elements are manipulated, a scheduled condition of the process is sampled at a predetermined point in the process, and the process sample is encrypted to provide an encrypted output. As a result, an authorized recipient has a high level of confidence in the reliability of the scheduled condition samples due to the integrity provided by the encryption process.

Abstract: A method of providing cryptographic information and flow control includes first determining a target domain from an IP address. An organization policy is looked up from a credential store, and an algorithm and credentials specified for the target domain are looked up in a domain-credential map. Any further credentials that are provided and that are permitted by the organizational policy are added. A working key is then generated, and information is received in the form of a receive packet. Any packet header is stripped from the receive packet and the remaining data is encrypted. Key splits are retrieved from the credential store, and are combined to form a key-encrypting key. The working key is the encrypted with the key-encrypting key, and a CKM header is encrypted. The encrypted CKM header is concatenated to the beginning of the encrypted data to form transmit data, and the packet header and the transmit data are concatenated to form a transmit packet.

Abstract: A cryptographic key split combiner, which includes a number of key split generators for generating cryptographic key splits and a key split randomizer for randomizing the cryptographic key splits to produce a cryptographic key, and a process for forming cryptographic keys. Each of the key split generators generates key splits from seed data. The key split generators may include a random split generator for generating a random key split based on reference data. Other key split generators may include a token split generator for generating a token key split based on label data, a console split generator for generating a console key split based on maintenance data, and a biometric split generator for generating a biometric key split based on biometric data. All splits may further be based on static data, which may be updated, for example by modifying a prime number divisor of the static data. The label data may be read from a storage medium, and may include user authorization data.

Abstract: A cryptographic key split combiner, which includes a number of key split generators for generating cryptographic key splits and a key split randomizer for randomizing the cryptographic key splits to produce a cryptographic key, and a process for forming cryptographic keys. Each of the key split generators generates key splits from seed data. The key split generators may include a random split generator for generating a random key split based on reference data. Other key split generators may include a token split generator for generating a token key split based on label data, a console split generator for generating a console key split based on maintenance data, and a biometric split generator for generating a biometric key split based on biometric data. All splits may further be based on static data, which may be updated, for example by modifying a prime number divisor of the static data. The label data may be read from a storage medium, and may include user authorization data.

Abstract: A cryptographic key split combiner, which includes a number of key split generators for generating cryptographic key splits and a key split randomizer for randomizing the cryptographic key splits to produce a cryptographic key, and a process for forming cryptographic keys. Each of the key split generators generates key splits from seed data. The key split generators may include a random split generator for generating a random key split based on reference data. Other key split generators may include a token split generator for generating a token key split based on label data, a console split generator for generating a console key split based on maintenance data, and a biometric split generator for generating a biometric key split based on biometric data. All splits may further be based on static data, which may be updated, for example by modifying a prime number divisor of the static data. The label data may be read from a storage medium, and may include user authorization data.

Abstract: A cryptographic key split combiner, which includes a number of key split generators for generating cryptographic key splits and a key split randomizer for randomizing the cryptographic key splits to produce a cryptographic key, and a process for forming cryptographic keys. Each of the key split generators generates key splits from seed data. The key split generators may include a random split generator for generating a random key split based on reference data. Other key split generators may include a token split generator for generating a token key split based on label data, a console split generator for generating a console key split based on maintenance data, and a biometric split generator for generating a biometric key split based on biometric data. All splits may further be based on static data, which may be updated, for example by modifying a prime number divisor of the static data. The label data may be read from a storage medium, and may include user authorization data.

Abstract: A process of encrypting an object includes applying a hash algorithm to the object, generating a random number, combining a first plurality of splits including the random number to form a working split, encrypting the object using the working split, combining a second plurality of splits not including the random number to form a value, encrypting the random number using the value, encrypting the hashed object according to a signature algorithm using a user private key, encrypting the hashed object according to a selected algorithm using the working split as a key, forming a header including information that can be used to decrypt the object, encrypting the header, and adding the encrypted header to the encrypted object. The pluralities of splits include a fixed split, a variable split, and a label split corresponding to a selected label. The header includes the encrypted random number, a label, and a digital signature.

Abstract: A communication system, which includes an origination space, a communications channel, and a destination space associated with the origination space via the communications channel. The origination space includes an encryption engine for generating an output symbol Ot based on an input symbol It and means for receiving an encrypt key, an encrypt text/key relation, and the input symbol. The destination space includes a decryption engine for generating a decrypted symbol I′t based on the output symbol received from the origination space via the communications channel and means for receiving a decrypt key and a decrypt text/key relation. The encrypt text/key relation controls the encryption engine such that Ot=&agr;N(t)+&pgr;N[&agr;N−1(t)+&pgr;N−1[&agr;N−2(t)+ . . . +&pgr;2[&agr;1(t)+&pgr;1[It+&agr;0(t)]] . . . ]], mod W, where &agr;N, &agr;N−1, . . .

Abstract: An RF identification system, including an identification tag having a unique RF signature, a source for generating RF energy, and a detector for reading the signature when the identification tag is illuminated the RF energy generated by the source. The identification tag includes a base formed from an electrically non-conductive material and metal particles distributed randomly in the base. Detected signatures may be stored for later comparison against detected signatures for identification purposes. Biometric data may be read and associated with corresponding signatures to identify and link objects with persons.

Abstract: A communication system, which includes an origination space, a communications channel, and a destination space associated with the origination space via the communications channel. The origination space includes an encryption engine for generating an output symbol O.sub.t based on an input symbol I.sub.t and means for receiving an encrypt key, an encrypt text/key relation, and the input symbol. The destination space includes a decryption engine for generating a decrypted symbol I'.sub.t based on the output symbol received from the origination space via the communications channel and means for receiving a decrypt key and a decrypt text/key relation. The encrypt text/key relation controls the encryption engine such that O.sub.t =.alpha..sub.N (t)+.pi..sub.N [.alpha..sub.N-1 (t)+.pi..sub.N-1 [.alpha..sub.N-2 (t)+ . . . +.pi..sub.2 [.alpha..sub.1 (t)+.pi..sub.1 [I.sub.t +.alpha..sub.0 (t)]] . . . ]], mod W, where .alpha..sub.N, .alpha..sub.N-1, . . . , .alpha..sub.1, .alpha..sub.

Abstract: A system for increasing the security of a computer system, while giving an individual user a large amount of flexibility and power. To give users the most power and flexibility, a standard object that has the capability to embed objects is used. To allow users even more flexibility, a standard object tracking mechanism is used that allow users to distribute multiple encrypted embedded objects to other individuals in a single encrypted object. By effecting compartmentalization of every object by label attributes and algorithm attributes, multi-level multimedia security is achieved.