Abstract: A highly scalable, flexible, and extensible mechanism is provided for authenticating a request from a client. In a preferred embodiment, the invention comprises an authentication engine, an authentication host, a plurality of providers coupled to the host which implement selected authentication schemes, and a machine independent communication mechanism which enables the various components to communicate with each other irregardless of the machine each component resides on. The communication mechanism enables the invention to be distributed, which in turn, makes the invention highly scalable. In operation, the authentication engine receives a request having associated therewith a protect string. The protect string specifies the authentication scheme or schemes that need to be implemented for that request. The authentication engine parses the protect string into one or more provider requests, and sends the requests to the authentication host.

Abstract: A method and apparatus processes a video image signal to generate one or more random number generator seeds. Preferably, the video image signal represents a scene that is both unpredictable and “live”. As a result, potential interceptors of signals encrypted with a random number sequence derived from the seed will find it difficult, if not impossible, to determine the random number sequence. To further obscure the random number sequence from potential interceptors, a seed derived by processing a first video image signal is determined and is stored. Then, a second video image signal is received and a third video image signal is received. A difference is determined between the third video image signal and the second video image signal. If the difference exceeds a threshold (indicating that the scene represented by the video image signals is “live”), then the third video image signal is processed to generate a seed.

Abstract: A method for hiding message information into media information in frequency space. The data hiding method has high resistance to removal or change of message information embedded into media information and effectively maintain hidden message information even when signal processing is performed by employing a frequency filter. More specifically, in order to hide message information (m) into media information (M), the frequency transform of the message information (m) and the media information (M) are performed, and frequency spectra f1 and f2 are obtained. Next, from the frequency spectrum f2 of the message information (m), a region containing feature frequency components representative of the features of the message information (m) in real space is extracted as the base region B. Then, n copies of the base region B are generated, and in frequency space, the n copies are dispersedly arranged.

Abstract: The present invention is directed, in one embodiment, to a programming interface which enables device/protocol/network independent transmission of messages to, and programming of, mobile devices. In another embodiment, the present invention is directed to data structures maintained on, and supported by, the mobile devices. The present invention also, in another embodiment, provides security for programming messages and an acknowledgement channel over which the mobile device can acknowledge receipt of, and successful implementation of, a programming message.

Abstract: Process and device for quantum distribution of an encryption key. According to the invention, a light beam is modulated by a signal, the phase of which can be adjusted at random. On reception, the received beam is modulated by a signal, the phase of which is also adjustable. The intensity of one of the lateral modes is measured, which depends on the difference between the two phases used. The key is distributed by the photons contained in one of the lateral modes. Application to cryptography with secret key.

Abstract: Software lineages arise through purchase and reproduction. Lineages are tracked by storing lineage-relevant information in variable regions of software instances and/or in a central database according to methods disclosed.

Abstract: Briefly, in accordance with one embodiment of the invention, a method of using a digital signature includes: electronically referencing at least one plurality of electronic signals with a digital signature remotely stored from the plurality.

Abstract: A method and apparatus is presented for establishing provable integrity or untampered state in secure devices. It employs active tamper response; generating authentication secrets inside the device via real hardware randomness to minimize risk of compromised factory machines; activating tamper response at a trusted point of trust to protect against attacks and/or continually certify the integrity of the device along shipping channels and at user sites; and allowing for all keys to be regenerated so that in accordance with sound cryptographic practice no one needs to depend on permanent keys. The point of trust is a central authority that is trusted by all parties that need to trust the provable untampered state of the secure device. At any point the certifying authority authenticates the integrity and/or untampered state of the device, and re-issues a new certificate for that device.

Abstract: A system for encrypting and verifying a data packet includes an encryptor (20), a decryptor (30), an error detector (40), and switch (65). A data packet with embedded error detection codes is encrypted by the encryptor (20), decrypted by the decryptor (30), and then the error detector (40) examines the embedded error detection codes to determine if the data packet has had errors introduced during the encryption/decryption process. When errors are detected, the switch (65) is opened to keep erroneous data from being transmitted.

Abstract: A secure system using a continuously-changing key that depends on the user's body part. A preferred embodiment obtains an image of the user's fingerprint and cements it according to a random generator. Only part of the image and not all of the image is sent at one time. The random segmentation insures that part of the image that is sent continuously varies from time to time. Therefore, an unauthorized receiver can receive only part but not all of the image. That only part of the image which is received will usually not be the same at the second as it is at the first time. Therefore, a received code cannot later be used to fool the system with the same credit card.

Abstract: The invention relates to a method of importing information, in particular application information, onto a chip card which has a memory with a directory. The information being transferred onto the chip card comprises data and code, and it is often necessary to distribute these data and the code to different files in the directory. The method of the invention establishes whether the data and the code have been placed properly in the various files. The invention makes it possible to verify whether the information has been placed in the proper location allocated to it in the memory of the chip card. When an application is to be placed onto a chip card, the information is loaded into the chip card memory but is no allowed to be used until its location on the card is verified. Verification is accomplished by calculating an electronic fingerprint of the information and it's location.

Abstract: A device receives at one input (2) data of a file to be processed, and includes a processing module (5) which at the start of receiving the file, react by three operative stages. These stages include first stage of inserting data blocks from the file into a source memory (MS), after transformation, a second continuous stage of processing each data block of the file, transformed and inserted into the source memory (MS), and a third stage of generating a signature from the transformed, inserted and processed blocks.

Abstract: A method and apparatus for simultaneously encrypting and compressing data identifies an encryption key and uses the encryption key to identify one compression algorithm from a set of compression algorithms. The data is then compressed according to the one compression algorithm.

Abstract: A method for inserting a watermark signal into data to be watermarked. The method includes the steps of: applying a partial watermark extraction to unwatermarked data for generating a first set of intermediate extracted values; identifying a first set of target values that are to replace the intermediate extracted values; computing the difference between the first set of target values and the first set of intermediate extracted values; and adding the computed difference throughout the unwatermarked data.

Abstract: A pseudo-random number generator is used as a pre-processing step to generating a long random bit string. The bit string is then "stretched" by performing certain one-way functions in parallel on the bit strings. In a preferred embodiment, specialized constructions based on expander graphs are also used. Preferably, the strings generated by the one-way functions and expander graphs are exclusive-ored. An embodiment may operate in the following manner. Assume a slow but secure generator G.sub.0.1. Using G.sub.0, generate random numbers x.sub.1, x.sub.2, . . . , x.sub.n.2. Using a stretch function, stretch the random numbers into R=r.sub.1, r.sub.2, . . . , r.sub.n where each r.sub.i is a predetermined amount longer than x.sub.i.3. Use R as a one-time pad for encryption.This process provides a long, random, cryptographically secure bit string.

Abstract: A data encryption/decryption system encrypts data and its associated redundancy bytes while retaining the error correction capabilities of the original data. The error correction function can then be removed, for example, from a storage drive and performed by, e.g. a host processor or a other entity. The storage drive reads the raw data, including error correction codes, from the media and encrypts the data by exclusive OR-ing each error correction code (ECC) block with a new ECC block which was generated using random data and the same ECC scheme. Error correction of the new data block can be performed in the host processor or other entity without exposing the original data. The error correction is valid for any errors that occurred in the original raw data because the ECC redundancy bytes of the random data block were created using the same ECC generator as was used with the original data.

Abstract: To facilitate protected distribution of digital data files, the files are segmented, and each segment (e.g. disk sector) is encrypted separately. Some segments can be left unencrypted, speeding access since less decryption is required. Different segments can utilize different encryption techniques, increasing protection against unauthorized decryption. A table stored in association with the encrypted data provides authorized users with data identifying the encrypted segments, and the form of encryption used. Decryption is accomplished with a layered set of operating system software that operates in conjunction with said table. Specialized APIs aren't used; applications programs are provided with unencrypted data using conventional APIs. Internal interfaces, invisible to the APIS, intercept normal processing calls (e.g READs) and direct them to internal decryption software that returns decrypted data back to the APIs.

Abstract: The present invention provides a method for verifying an unreadable information-based indium that has been generated by a postal security device (PSD) for information-based indium comprising a 2-D bar code, certain human-readable information, a digital signature and a certificate. The method comprises the steps of attempting to read the 2-D bar code using sophisticated digital image processing when the 2-D bar code is not readable; and continuing normal processing when the 2-D bar code is readable with the sophisticated digital image processing. When the 2-D bar code is not readable two independent processes are used to determine the indicium certificate. A first process includes reading human readable information by optical character recognition using context, syntax, and redundancy in the human readable information to obtain a PSD-ID; and using the PSD-ID to look up in a certificate database a certificate corresponding to the information-based indicium.