Abstract: An encryption apparatus is constituted by a plurality of rungs of round functions. Each round function comprises internal state storing means for storing an internal state, internal state updating means for updating the internal state stored in the storing means, and an F-function for executing an encryption upon receipt of data to be encrypted, an encryption key, and the internal state stored in the internal state storing means. The internal state stored in the internal state storing means is updated by the internal state updating means every time the encryption is executed by the F-function.

Abstract: A transcription network having linked computer terminals for a court reporter and for examining, defending, and associate attorneys is disclosed. Real-time transcription text is communicated from the reporter's terminal through the network. Secure message interchange between the examining attorneys and between defending attorneys is provided along independent communication links and using encryption. Off-site terminals for clients, experts, or other associate attorneys may be linked to the network. Communication on the network is hierarchically controlled so as not to bombard the examining attorney, and is managed by a protocol for updating disconnected and non-listening terminals. The terminals provide software routines for automatically delivering proposed objections to the form of a question or answer. Stenographic keystrokes that cannot be directly transcribed are converted to a phoneme form for down-line readability.

Abstract: The present invention relates to a tame automorphism based encryption system or scheme. Let K be a finite field of 2.sup.m elements. Let .o slashed..sub.4,.o slashed..sub.3,.o slashed..sub.2, .o slashed..sub.1 be tame automorphisms (see above) of the ring K?x.sub.1, . . . ,x.sub.n+r !. Let the composition be .pi.=.o slashed..sub.4 .o slashed..sub.3 .o slashed..sub.2 .o slashed..sub.1. The automorphism .pi. and the factorization .pi.=.o slashed..sub.4 .o slashed..sub.3 .o slashed..sub.2 .o slashed..sub.1 are hidden. Let .pi.=(.pi..sub.1 (x.sub.1, . . . ,x.sub.n+r), . . . , .pi..sub.n+r (x.sub.1, . . . , x.sub.n+r)). The field K and the polynomials (f.sub.1, . . . , f.sub.n+r)=(.pi..sub.1 (x.sub.1, . . . ,x.sub.n, 0, . . . ,0), . . . ,.pi..sub.n+r (x.sub.1, . . . ,x.sub.n,0, . . . ,0)) will be announced publicly. Let (x'.sub.1, . . . ,x'.sub.n) be the plaintext. Then the cyphertext will be (y'.sub.1, . . . ,y'.sub.n+r)=(f.sub.1 (x'.sub.1, . . . ,x'.sub.n), . . . , f.sub.n+r (x'.sub.1, . . . ,x'.sub.n)).

Abstract: A cryptosystem and cryptographic method are provided for performing tasks such as encoding/decoding, signing messages, and verifying identity. The system and method employ a problem which is difficult to solve in the worst case. Because of the worst-case nature of the problem employed, a system and method according to the invention has advantageous level of security, In a class of preferred embodiments, the difficult problem is one of the recognized difficult problems associated with the mathematical theory of lattices. These problems include finding short vectors and sets of basis vectors from a lattice. Cryptographic protocols are performed, using these problems.

Abstract: The present invention was developed in order to provide a software management module incorporated in hardware or freely attachably/detachably set therein for encrypted software data to be obtained from software storing media or communications, wherein this software management module is provided with a function for decoding encrypted software, and an authorization control portion for managing authorization for decoding.

Abstract: A programmed computer secures communications between users of a crypto-system in which each user has an associated asymmetric crypto-key with a public key portion accessible to all system users and a corresponding private key portion having a first private key portion known only to the associated user and a corresponding second private key portion. The computer includes a processor programmed to generate a temporary asymmetric crypto-key having a first temporary key portion and an associated second temporary key portion. The computer then encrypts the second temporary key portion with the first private key portion of a first user crypto-key associated with a first user to form a first encrypted message. The processor directs the issuance of the first encrypted message to a second user having access to the second private key portion of the first user crypto-key.

Abstract: A method for permitting the secure handling or data between two remote stations firstly involves the generation of an encrypted decryption key which is based on a fingerprint information signal from a user of a first station, a fingerprint information signal from a user of a second station, and a key representing function derived from a random key. The encrypted decryption key is of the type with the property that when it is written to a spatial light modulator (SLM) of an optical correlator, the output of the correlator is similar when input with either one of the fingerprint information signals. The encrypted key is then stored at both stations. Thereafter a message encrypted with the key may be decrypted at either station by retrieving the encrypted key, writing the encrypted key to a filter of an optical correlator, inputting one of the fingerprint information signals to the correlator in order to allow recovery of the decryption key, and applying the decryption key to the encrypted message.

Abstract: A data transfer system transfers data between a smartcard and a reader by transmitting a series of binary pulses, where the absence or presence of single predetermined pulses within the series communicate the data bits. By providing a function mode switch on the card, it may be used both for both private transactions and authorizations at a distance.

Abstract: An enciphering system comprises a transmitter (1) and a receiver (2) communicatable with each other and incorporated in a keyless entry system. The transmitter (1) comprises a memory (11) for memorizing an ID code, a first micro processor (12) for enciphering the ID code outputted from the memory (11), and a transmitting section (13) for transmitting an enciphered ID code produced by the first micro processor (12). The receiver (2) comprises a receiving section (22) for receiving the enciphered ID code transmitted from the transmitter (1) and a second micro processor (21) for decoding the enciphered ID code.

Abstract: A secure method for distributing a random cryptographic key with reduced data loss. Traditional quantum key distribution systems employ similar probabilities for the different communication modes and thus reject at least half of the transmitted data. The invention substantially reduces the amount of discarded data (those that are encoded and decoded in different communication modes e.g. using different operators) in quantum key distribution without compromising security by using significantly different probabilities for the different communication modes. Data is separated into various sets according to the actual operators used in the encoding and decoding process and the error rate for each set is determined individually. The invention increases the key distribution rate of the BB84 key distribution scheme proposed by Bennett and Brassard in 1984. Using the invention, the key distribution rate increases with the number of quantum signals transmitted and can be doubled asymptotically.

Abstract: In a radio paging unit, in addition to a display driver, a control system for causing a display section to display message information received via a radio reception section and saved in a message storage section includes the following sections to operate in cooperation with a control section: an encryption section for encrypting message information, a password registration section for registering a password in advance which is used to permit message contents to be disclosed to limited users, and a password collation section for collating an input password input by the user with the registered password, the control section being adapted to set a mode (normal designation mode) of performing encryption of a message on the basis of selection by the user or a mode of automatically performing encryption of all messages on the basis of automatic selection in accordance with stored encryption control information, to cancel a message encryption designation mode when the passwords coincide with each other, and to caus

Abstract: Methodology and concomitant circuitry to generate cryptographically strong pseudo-random bit streams utilize secure block cypher encoders. Each block cypher encoder has a random key and a first seed as an input, and the output of each encoder is fed back to connect to its input. The first seed serves as the initial input, and each subsequent input is the immediate output of the block cypher encoder. Each bit in the cryptographically strong pseudo-random bit stream is related to a first inner product between input to the block cypher encoder and a second seed and a second inner product between the random key and a third seed.

Abstract: A data processing system for decoding instructions in parallel in a superscalar, complex instruction set computing (CISC) computer. In a training mode of operation, an encrypter 29 encrypts preprocessed instructions retrieved from an instruction cache 26. In a processing mode of operation, instruction information is fetched and decrypted in decrypter 30. A prefetcher 21 separates the fetched instruction according to the decrypted boundary information. An instruction length verifier 25 verifies that the instructions were separated correctly and controls decoders 22a-c according to the verification. If the verification is correct for a given set of instructions, the system processes the instructions in parallel through the decoders to a dispatch logic circuit 23 and then to functional units 24. If the verification is incorrect, those related instructions may be needed to decode serially.

Abstract: A user authentication service is disclosed which is both highly secure and user friendly. To access a particular service, a user simply enters a personal identification type number (PIN) using a portable terminal device which encodes the PIN. More specifically, a character position of the user's PIN is determined, and a random code having a length selectable at each service transaction by the user is generated. The user's PIN is encrypted using one of plural available, pseudo-randomly encrypting algorithms to provide an encrypted PIN. The encrypted PIN is then combined with the code at the determined position before being transmitted over a communications network. When received, the encoded PIN is decoded using an analogous procedure to determine if the user is authorized. A plurality of security levels are provided with each level having a plurality of encryption algorithms and with each increasing level providing encryption algorithms of increasing complexity and sophistication.

Abstract: An authentication system includes a portable information device, such as a smart card, that is configured to store and process multiple different applications. The smart card is assigned its own digital certificate which contains a digital signature from a trusted certifying authority and a unique public key. Each of the applications stored on the smart card is also assigned an associated certificate having the digital signature of the certifying authority. The system further includes a terminal that is capable of accessing the smart card. The terminal has at least one compatible application which operates in conjunction with an application on the smart card. The terminal is assigned its own certificate which also contains the digital signature from the trusted certifying authority and a unique public key. Similarly, the application on the terminal is given an associated digital certificate. During a transactional session, the smart card and terminal exchange their certificates to authenticate one another.

Abstract: Apparatus for verifying the identity of a party are disclosed, the apparatus including a database memory that stores a password signal encrypted by operation of a one-way commutative function; a number generator that generates an non-repeating number or signal representative thereof; and a processor element that can generate a challenge signal as a function of the number signal and a selected one-way commutative function and that can further generate a key signal as a function of the encrypted password signal and the number. The system includes a communication port for transmitting the generated challenge signal to a party requesting access to the secure system and for receiving a response from the party; and further includes a comparator element for comparing the received response with the generated key signal and for generating a match signal that indicates whether the response signal received from the party is substantially identical to the encrypted password signal stored in the database memory.

Abstract: An authentication session key is generated on a trusted machine based upon an identifier of its CPU, hardware configuration, and a timestamp. The trusting machine retrieves this same information about the trusted machine, and then generates session locks for the machine which are valid for a predetermined time interval. If the incoming session key matches one of the session locks, and the incoming session key is not on the list of used keys, the session key is appended to a list of keys which will no longer thereafter be valid, and access is then granted, thereby employing single-use keys. Because the locks and keys are also generated during a timestamp, a user may request service from the same machine multiple times by waiting no more than a predetermined time between requests, or front ends to the masquerade protection tools could be written that re-try until successful.

Abstract: Arrangement for carrying out a concealment on an information signal, the information signal including subsequent signal blocks (padding sequence), each signal block including a sequence of alternate first frames and second frames of different lengths, expressed in numbers of bits, the number of first frames and second frames in a signal block being N1 and N1-1 respectively. The last frame in a signal block and the first frame in a subsequent signal block are a first frame. The arrangement includes an input terminal for receiving the information signal, a concealment unit having an input coupled to the input terminal and an output coupled to an output terminal for supplying the concealed information signal. The concealment unit is adapted to conceal the information in response to a concealment control signal. More specifically, the concealment unit is adapted to conceal a number of M subsequent frames, M being an odd integer smaller than 2.N1-1.

Abstract: Cryptographic hardware is provided that is disabled at the time of shipment and that is selectively enabled in a trusted fashion using methods and interfaces that may be controlled by and governed by government policy in strict compliance with existing and future legislation. A given cryptographic algorithm is disabled/enabled at several points, referred to as Touch Points, and referred to collectively as Touch Point Logic. Because attributes of each touch point are satisfied by providing data that are referred to as Touch Point Data, manufactures are allowed to include disabled cryptographic hardware in their products and governments are provided with the ability to enable this cryptographic hardware only in compliance with governing legislation.

Abstract: Prior art methods used for monitoring, via monitoring means, signals which are to be transmitted via telecommunication links and with said signals each comprising a signalling signal and a content signal, require that the processing means which are required for monitoring are either situated in the vicinity of the monitoring means or must be coupled to the monitoring means via leased-lines. By having the monitoring means generate a further signalling signal, dependent upon a code word related to a signalling signal, and consequently transmitting, dependent upon the further signalling signal, a content signal which is to be monitored to the processing means, a substantial more efficient method is obtained as both means can be coupled via a public telephony network.