Abstract: A cryptographic technique that not only provides fast and extremely secure encryption and decryption but also assures integrity of a ciphertext message. This technique involves, during message encryption: generating, in response to an incoming plaintext message, an intermediate stream—such as by chaining the message, wherein a predefined portion of the intermediate stream defines a message authentication code (MAC); inserting an encrypted version of the MAC into a predefined portion of a ciphertext message; and generating, in response to the intermediate stream and the encrypted MAC, a remainder of the ciphertext message such that the remainder exhibits a predefined variation, e.g., a pseudo-random sequence, also contained within the encrypted MAC. Decryption proceeds in essentially a reverse fashion.

Abstract: A method for generating authentication identification symbols, such as numbers, letters, etc., generates sequences of unpredictable symbols which are employed by vendors of various types of goods to authenticate the goods. Using special mathematical functions, an agent generates a first unpredictable subset of symbols to be supplied to a vendor for marking the vendor's goods. The subset is unpredictable in that knowledge of one or more symbols in the subset cannot be employed to predict other symbols in the subset. Preferably, the vendor then selects another subset of symbols from the first subset, and the symbols in this sub-subset are employed for marking the vendor's goods. The unpredictability of the symbol sequences prevents a counterfeiter from being able to predict other symbols in the sequence. In addition, the vendor's use of a sub-subset of symbols prevents the agent from knowing which of the original subset of symbols the vendor is employing to mark the goods.

Abstract: A system for open electronic commerce having a customer trusted agent securely communicating with a first money module, and a merchant trusted agent securely communicating with a second money module. Both trusted agents are capable of establishing a first cryptographically secure session, and both money modules are capable of establishing a second cryptographically secure session. The merchant trusted agent transfers electronic merchandise to the customer trusted agent, and the first money module transfers electronic money to the second money module. The money modules inform their trusted agents of the successful completion of payment, and the customer may use the purchased electronic merchandise.

Abstract: A system for providing position-related information to a mobile user includes a mobile unit and a central site server. The mobile unit includes circuitry for determining present position information from position signals which may emanate from, for example, GPS satellites. The mobile unit further includes circuitry for establishing a wireless bidirectional communications link with the central site server via a terrestrial network, which may be accessed via a cellular telephone network. The central site server includes circuitry for receiving the present position information from the mobile unit. A table stored at the central site server includes different response information in correspondence with possible positions of the mobile unit. The response information may further be in correspondence with user preferences.

Abstract: The present invention provides an apparatus and method for confirming, timestamping, and archiving documents using telecopiers (e.g., facsimile machines). A user sends a document to a timestamping service via facsimile, which archives the transmission with a timestamp. A submission receipt, containing size-reduced images of the submission and a document identification value (DIV), is prepared and sent to the sender. The DIV can later be submitted to the timestamping service to obtain verification that the document was received at the indicated time. In addition, the invention allows for various other forms of document transmission, document identification, and timestamp verification. The invention is thus useful in any situation where it is desired to prove that a document was in existence at a given time. Other embodiments of the invention provide senders of facsimile and telecopier transmissions with confirmation that their transmissions were received successfully.

Abstract: A cryptographic technique that not only provides fast and extremely secure encryption and decryption but also assures integrity of a ciphertext message. This technique involves, during message encryption: generating, in response to an incoming plaintext message, an intermediate stream--such as by chaining the message, wherein a predefined portion of the intermediate stream defines a message authentication code (MAC); inserting an encrypted version of the MAC into a predefined portion of a ciphertext message; and generating, in response to the intermediate stream and the encrypted MAC, a remainder of the ciphertext message such that the remainder exhibits a predefined variation, e.g., a pseudo-random sequence, also contained within the encrypted MAC. Decryption proceeds in essentially a reverse fashion.

Abstract: A security apparatus including a number input device (302), an address register (312) responsive to the number input device, an encryption schema memory (316) addressable by the address register to produce an output code and a relative address code, and address incrementing logic (310) responsive the relative address code and operative to increment the address register. The apparatus also preferably includes a PIN register (304) coupled to the number input device, a public code register (306) coupled to the number input device, and merging logic (308) merging outputs of the PIN register and the public code register to be input to the address register. The apparatus also preferably includes an output shift register operative to shift out the output code of the encryption schema memory. The encryption schema memory can be read only memory, writeable memory, or both.

Abstract: An information processing system includes a first information processing apparatus and a second information processing apparatus arranged separate from the first information processing apparatus and capable of exchanging a signal with the first information processing apparatus. The first information processing apparatus includes a first key generator for generating a first key, and a first encrypting unit for encrypting data using the first key generated by the first key generator to generate first encrypted information. The second information processing apparatus includes a second key storage unit for storing a second key, and a second encrypting unit for encrypting the first key using the second key stored in the second storage unit to generate second encrypted information.

Abstract: A cryptographic controller (100) installs and manages a channel for processing data units. The cryptographic controller (100) performs background staging of programs, context, and data units for the programmable crypto engine (14) and configurable crypto engine (16). The cryptographic controller (100) is a secure, hardware operating system capable of managing high performance crypto processing on the order of 1500 million instructions per second (MIPS).

Abstract: A programmable cryptographic system (100) provides high performance cryptographic processing support for cryptographic algorithms. Two or more independent cryptographic algorithms may be performed at the same time through the processes of background staging and algorithm multi-tasking. A four stage software instruction pipeline and dynamically programmable function units support high performance cryptographic processing performance on the order of 60 mega bits per second (Mbps) aggregate throughput.

Abstract: An apparatus for isolating data receiving entity from a data sending entity includes a first data channel, coupled to the data sending entity, and a second data channel, coupled to the data receiving entity. A data encryption chip decrypts data received from the data sending entity and encrypts data sent to the data sending entity. A processor is programmed to compare a plurality of data words received from the first data channel to at least one data word characteristic of a data virus and to assert a control signal when a data word received from the first data channel corresponds to a data word characteristic of a data virus. An optical isolator is capable of isolating the first data channel from the second data channel when the processor detects a data virus. A controllable power supply is responsive to the control signal from the processor and coupled to the optical isolator, which provides power to the optical isolator only when the control signal from the processor is not asserted.

Abstract: An audio signal processing method and unit for scrambling and descrambling audio signals accompanying video signals. The audio signal processing method comprises steps of dividing digital audio signals into data blocks synchronized to video signals, and then switching the order of adjacent odd and even blocks. The audio signal processing unit comprises a synchronizing signal detector for detecting the synchronizing signal in the video signal; a timing controller for generating a sampling clock signal for A/D conversion, sampling signal for D/A conversion, and system clock from the synchronizing signal; an A/D converter for converting the analog audio signal to digital audio signal using the sampling clock for A/D conversion; a scrambler for dividing the digital audio signal into data blocks using the system clock and switching adjacent odd and even blocks; and a D/A converter for converting the output signal of the scrambler to the analog audio signal using the sampling clock for D/A conversion.

Abstract: In a communication network in which data for transmission to a receiver terminal is multiplexed on a time-division basis and scrambled, a communication control apparatus and method for allowing the data to be descrambled at the receiver without fail. A scrambler of the sender apparatus includes a time-division frame monitoring circuit for receiving an unscrambled data stream generated by multiplexing time-division frames for application data and relevant information for transmission to thereby extract information concerning a scramble key, a scramble key manager for managing information concerning the scramble keys, an application data encryption processor for acquiring a scramble key corresponding to the information concerning the scramble key as received from the time-division frame monitoring circuit to thereby scramble the desired time-division frames of the data for transmission by using the scramble key as acquired.

Abstract: An object of the invention is to provide a transmitting system of which data is difficult to be tapped and which is suitable for flexibly determining a watching and listening fee. In order to achieve the object, there is provided a combination of a transmitting method comprising steps of, transmitting encoded data which has been encoded, to a receiving side, changing the encoding in a predetermined unit, and performing recording according to requirement, from the receiving side of information concerning decoding of the encoded data, and a receiving method comprising steps of, receiving the encoded data which has been encoded, from a transmitting side, requiring the information concerning the decoding of the encoded data, to the transmitting side, and decoding the encoded data by using the obtained information concerning the decoding.

Abstract: A scrambled data transmission is descrambled by communicating encrypted program information and authentication information between an external storage device and block buffers of a secure circuit. The program information is communicated in block chains to reduce the overhead of the authentication information. The program information is communicated a block at a time, or even a chain at a time, and stored temporarily in block buffers and a cache, then provided to a CPU to be processed. The blocks may be stored in the external storage device according to a scrambled address signal, and the bytes, blocks, and chains may be further randomly re-ordered and communicated to the block buffers non-sequentially to obfuscate the processing sequence of the program information. Program information may be also be communicated from the secure circuit to the external memory. The program information need not be encrypted but only authenticated for security.

Abstract: A method and apparatus for hiding cryptographic keys based on autocorrelation timing attacks is provided. The method and apparatus of the present invention utilize a autocorrelation timing attack to allow independent software entities to authenticate themselves without storing a private cryptographic key. This is accomplished by storing timing statistics related to the evaluation of an equation in the software entity rather than the cryptographic key itself. When the software entity authenticates itself, the cryptographic key is derived based on information provided by the timing statistics contained in the software entity.

Abstract: A system processes a video signal that includes a plurality of signal components representing respective ones of a plurality of video programs such as various pay-TV programs. Each of the signal components is processed, e.g., descrambling a pay-TV program, by one of a plurality of series connected high speed signal processing integrated circuit (IC) cards, or "smart" cards. An output signal from the last smart card in the series connection includes a plurality of processed signal components. The plurality of processed signal components are processed further to produce a signal suitable for producing a displayed image that includes multiple image portions, such as a picture-in-picture (PIP) or picture-outside-picture (POP) image in a television system. Each portion of the image is produced in response to one of the processed signal components.

Abstract: Techniques for ensuring the security of forms data are disclosed. The layout for a particular form is signed separately from the data used to fill out the form using encryption techniques. The signed data is related to the signed layout in a way which permits the layout to be changed without requiring the data to be changed while still guaranteeing that a changed layout does not change the original meaning of the signed data.

Abstract: A configurable cryptographic processing engine (100) provides high performance cryptographic processing support for symmetric combiner type cryptographic algorithms. As many as two independent cryptographic algorithms may be performed at the same time through the processes of background staging and algorithm multi-tasking. A 3-stage instruction pipeline, dynamically configurable cryptographic co-processor (550), and 32-bit RISC based architecture support high performance cryptographic processing performance on the order of 60 Mbps aggregate throughput.