Abstract: Apparatus in form of a microelectronic assembly including an integrated circuit (IC) for execution of an embedded modular exponentiation program utilizing a square-and-multiply algorithm, wherein in the modular exponentiation program a secret exponent having a plurality of bits characterizes a private key, a method of providing a digital signature to prevent the detection of the secret exponent when monitoring power variations during the IC execution, the method comprising the steps of for a first operation in the modular exponentiation, selecting at least one predetermined bit, wherein the at least one predetermined bit is a bit other than a least significant bit (LSB) and the most significant bit (MSB); using the square-and-multiply algorithm, sequentially selecting bits to the left of the at least one predetermined bit for exponentiation until the MSB is selected; subsequent to selecting the MSB, sequentially selecting bits to the right of the at least one predetermined bit for exponentiation until the LSB

Abstract: A signer uses an undeniable signature scheme to sign his public key to thereby create an “undeniable certificate” which can be used to verify the signer's digital signature on any message signed using the signer's corresponding private key. Hence, once the undeniable certificate is received by the recipient, the recipient and the signer engage one time in a confirmation protocol or denial protocol to the satisfaction of the recipient that the undeniable certificate has in fact been signed by the signer thus certifying signer's public key. Thereafter, the recipient can use the certified public key to verify any documents signed by the signer with no further interaction with the signer. However, third parties are precluded from verifying the signer's signature since they do not possess the confirmed undeniable certificate and corresponding public key.

Abstract: A method for generating an identical electronic one-time pad at a first location and a second location, the method comprising the steps of: (a) providing a first electronic device at the first location and a second electronic device at the second location, each of the first and the second electronic devices having: (i) a non-volatile memory; (ii) a processor; (iii) at least one table of true random numbers being stored on the non-volatile memory, the table being identical for the first and the second electronic devices; and (iv) at least one software program for obtaining a true random number from the table, the software program being stored on the non-volatile memory and the at least one software program being operated by the processor; (b) providing a communication channel for communication between the first electronic device and the second electronic device; (c) selecting a selected true random number from the table at the first and the second electronic devices according to a selection procedure, the sele

Abstract: A watermarking scheme which allows the watermarked image to be authenticated by an authentication agent without revealing the human-readable content of the image. There is disclosed an approach which combines privacy control with watermarking and authentication mechanisms. The watermark can be made to be imperceptible to humans. Public key cryptography allows the authentication agent to authenticate without being able to watermark an image.

Abstract: A drive such as a DVD-ROM drive encrypts an error code correction (ECC) block in a manner that still retains the error correction capabilities of the ECC block. Encryption is performed by generating an encryption mask including a plurality of random numbers and redundancy data. The encryption mask is bitwise XOR'ed with the ECC block. The product of the bitwise XOR is an encrypted ECC block, which can then be transmitted over an unsecured bus to a host processor. The integrity of the ECC codewords is preserved. This allows the host processor to perform some or all error correction on the encrypted ECC block. Error correction can be removed from the drive altogether, or error correction can be performed by the drive and additionally by the host processor, if necessary. User data in the ECC block can be XOR'ed entirely with random numbers, or the user data can be XOR'ed selectively with random numbers and zeros to selectively encrypt a portion of the user data.

Abstract: A method and system for transferring information using an encryption mode indicator (EMI). The present invention provides several secure information communication modes in which data (e.g., representing an audio/visual work) can be transmitted from a source device to a sink device (receiving station) in a number of secure modes. In one secure mode, EMI mode A, the information of the transmission is not allowed to be copied as a whole work; this is the highest level of copy protection. In second secure mode, EMI mode B, the information of the transmission is allowed to be copied once and once only by the sink device. In a third transmission mode, no encryption is used and free copying is available. Depending on which secure mode is selected between mode A and mode B, a different encryption process is used by the source device to encrypt the transmission.

Abstract: Apparatus and methods for managing key material in cryptographic assets are disclosed. The methods can include defining first key material to be delivered to a cryptographic asset, wherein the first key material has a cryptoperiod having an expiration. Second key material to be delivered to the cryptographic asset is also defined. An automatic delivery of the second key material is scheduled such that the second key material will be delivered automatically to the cryptographic asset at or before the expiration of the cryptoperiod of the first key material. The methods can include defining a set of equipment classes, and registering at least one cryptographic asset with each equipment class. Cryptographic assets selected from the registered cryptographic assets are grouped into secure communication services, thereby defining secure communication interfaces between the cryptographic assets.

Abstract: A technique for generating, for a given message to be signed, an authentic cryptographic signature that can be authenticated, by a recipient of the signed message, as having originated from a signor of the message; and appropriately authenticating such a signature. Specifically, this technique, given a message, such as, e.g., a numerical product copy identifier (83, 93), forms an authentic signature (87, 97), based on public-key cryptosystem, through use of generator value selected from points on an elliptic curve over a finite field. The authentic signature is generated using the generator value in conjunction with three keys; namely, a public key, a private key and a secret key, and thus substantially increases the security associated with cryptographic signatures generated through a conventional two-key public key cryptosystem. A unique product copy indicia can be formed by concatenating the identifier, for a given product copy, with its corresponding authentic signature.

Abstract: A technique for generating, for a given message to be signed, an authentic cryptographic signature that can be authenticated, by a recipient of the signed message, as having originated from a signor of the message; and appropriately authenticating such a signature. Specifically, this technique, given a message, such as, e.g., a numerical product copy identifier (83, 93), forms an authentic signature (87, 97), based on public-key cryptosystem, through use of generator value selected from points on an elliptic curve over a finite field. The authentic signature is generated using the generator value in conjunction with three keys; namely, a public key, a private key and a secret key, and thus substantially increases the security associated with cryptographic signatures generated through a conventional two-key public-key cryptosystem. A unique product copy indicia can be formed by concatenating the identifier, for a given product copy, with its corresponding authentic signature.

Abstract: A security module that is preferably tokenless and is used in telephone communications (e.g., cellular) to secure a transmitted bit stream. The module provides traffic encryption, key exchange, key protection, and algorithm protection. The module provides encryption and key processing using a programmable information security architecture (PISA). Preferably, the module does not use a physical device, such as a key or a card, to unlock the security features, and preferably, the security features all reside within the security module and not on a physical device, such as a key or a card. Instead, a personal identification number (PIN) is used to unlock the security features.

Abstract: In response to an inquiry by an unsophisticated Subscriber over a nonsecure network, a Provider returns a public key and retains the corresponding private key. The Subscriber encrypts a password using the public key, which is decrypted by the Provider. The password is then used to securely transfer to the Subscriber a key determined by the Provider, thereby enabling the Subscriber to decrypt messages encrypted by the Provider and transmitted over the nonsecure network. This password dependent secure transmission of a key to an unsophisticated Subscriber may be accomplished by several methods, including hashing, key lookup, Wizard protocol, and Warlock procedure. In each method the password is used by the Subscriber and the Provider in correlated operations ending in secure receipt by the Subscriber of a key determined by the Provider.

Abstract: The encryption key based on a blocking set cryptosystem includes knowledge of the blocking set, and ciphers (usually independent) on the blocking set and its complement. In order to decipher, a legitimate receiver needs to know only the blocking set and the cipher used on it. Thus it is not necessary for the sender to transmit to anyone the cipher on the complement of the blocking set. The fact that part of the encryption key need not be transmitted is the fundamental difference between the proposed cryptosystem and the so-called private key system, where both the sender and receiver know, but keep secret, the encryption and decryption keys. Particularly useful applications of this scheme are two situations where a central person, institution or computer send out confidential information to several parties, but where none of the parties has the authority to transmit information to the group. This might apply to the main branch of a company, or to a certification authority in a cryptographic protocol.

Abstract: An user authentication system for authenticating a user using an IC card in conjunction with a portable terminal used to generate a one-time password and a server used to generate a corresponding one-time password for user authentication. The IC card contains a secret key for generating a one-time password and predetermined random numbers. The portable terminal contains a card receiver for receiving the IC card, a random number memory for reading and storing, and then deleting the random numbers of the IC card, a first password generator for generating a one-time password by the secret key of the IC card and the random number, a first random number changer for changing the random number stored in the random number memory into a predetermined value and storing the changed value in the random number storing portion, and a display for displaying the processed results of the terminal and the server.

Abstract: An issuer offers any type of service secured with a secret cryptographic key assigned to an applicant according to the present invention, which includes a secret key registration process. Usually, the secret key will be loaded on a portable memory device or other secret key store of the applicant. As preliminary steps, the issuer sets up its public key for the Probabilistic Encryption Key Exchange (PEKE) cryptosystem, and the applicant obtains a copy of a secret key registration software, a copy of the issuer's public key, and an uninitialized portable memory device. Once initiated by the applicant, the registration software generates an internal PEKE secret key. The applicant chooses a registration pass query and pass reply that the registration software MACs and encrypts with a key derived from the PEKE secret key. The registration software derives the key assigned to the applicant from the PEKE secret key, and loads it into the secret key store.

Abstract: A secure communications arrangement is disclosed including a source device and a destination device interconnected by a network. The source device generates message packets for transfer to the destination device, each message packet including information in ciphertext form. The source device generates the ciphertext from plaintext in accordance with the cipher block chaining mode, using an initialization vector that is generated using a hash function selected so that small changes in an input result in large changes in the initialization vector. As a result values such as sequence numbers or time stamps can be used in generating the initialization vector, while still providing for cryptographic security for the ciphertext as against cryptanalytic attack. The destination device receives the message packet and decrypts the ciphertext to generate plaintext in accordance with the cipher block chaining mode, using an initialization vector that is generated using the corresponding hash function.

Abstract: In response to an inquiry by an unsophisticated Subscriber over a nonsecure network, a Provider returns a public key and retains the corresponding private key. The Subscriber encrypts a password using the public key, which is decrypted by the Provider. The password is then used to securely transfer to the Subscriber a key determined by the Provider, thereby enabling the Subscriber to decrypt messages encrypted by the Provider and transmitted over the nonsecure network. This password dependent secure transmission of a key to an unsophisticated Subscriber may be accomplished by several methods, including hashing, key lookup, and Wizard protocol. In each method the password is used by the Subscriber and the Provider in correlated operations ending in secure receipt by the Subscriber of a key determined by the Provider.

Abstract: A remote-control unit for vehicles in which an immobilizer facility and keyless entry facility are united to enable bidirectional transmission. Further, a cost reduction is achieved by decreasing the number of parts, and labor required for maintenance is diminished. A remote-control unit for vehicles includes a circuit 16 for receiving a cryptographic code CR from a vehicle when a key 10 is fitted into a key cylinder 21, a circuit 17 for storing a cryptographic code, a control circuit for producing a first cipher system code CS1 in response to a cryptographic code, and producing a second cipher system code CS2 in response to actuation of a manual switch 12, and a transmission circuit 15 for transmitting the cipher system codes in the form of radio waves to the vehicle.

Abstract: A computer program memory stores computer instructions for securing data transmitted over a system, such as the Internet, enabling a user to be authenticated and authorized for a requested operation. An "eticket" architecture (including identification information) is generated by an authentication server. The information in the eticket is hashed using, for example, a Message Digest Protocol, and a hash number is generated. The hash number is then encrypted using a private key, and the identification information in the eticket and the encrypted hash number are concatenated to generate a completed "eticket" architecture. The "eticket" may then be transmitted over the Internet (i.e., a non-secure environment) from server to server without having the information in the "eticket" altered, and without having to "reauthenticate" the user at each server.

Abstract: A method for encryption wide-bandwidth video, using a first processor for encrypting the video and a second processor for decrypting the video. Data is taken in blocks. A block of data is scrambled to generate scrambled data, then partitioned into a first portion and a second portion. A global key is generated at the first processor and the second processor, using public key technology. At the first processor, the global key is exclusively-ORed with the first portion, thereby generating a encrypted second portion. At the first processor, a random number is generated from the first portion and exclusively-ORed with the second portion to generate an encrypted second portion. At the second processor, the global key is exclusively-ORed with the encrypted first portion. At the second processor, the random number is recovered from the decrypted first portion and exclusively-ORed with the encrypted second portion to decrypt it. The scrambled data are descrambled, thereby recovering the data.

Abstract: A key variable correction scheme allows errored encryption key material in mobile and portables radios to be quickly identified and corrected. The errored encryption material can be corrected automatically by a key management controller, once detected. Consequently, a mismatch problem can be diagnosed and resolved in a manner which is automatic, therefore quick and efficient, and in a way which overcomes the difficulty which users have in identifying by themselves a mismatch condition since the result is often only silence out of their respective radio speaker. Once the mismatch is corrected by the reassignment of correct keys, the user is free to join the radio call already in progress.