Abstract: A courier electronic payment system provides customers, merchants, and banks with a secure mechanism for using a public network as a platform for credit card payment services. The system governs the relationship between a Customer, Merchant, and Acquirer Gateway to perform credit card purchases over such networks as the Internet. The system uses a secure connection to simplify the problem of Internet-based financial transactions in accordance with an electronic payment protocol that secures credit card payments and certifies infrastructure that is required to enable all of the parties to participate in the electronic commerce, as well as to provide the necessary formats and interfaces between the different modules and systems.

Abstract: A method for encrypting and decrypting digital data. The digital data is initially latched by an input register. Sixteen separate cipher stages cascaded in series are used to encrypt the digital data. These cipher stages are operating at a maximum frequency limited only by the process technology. The encoded digital data from the last cipher stage is stored in an output register. The input and output registers are capable of being docked at an interface frequency that is different from that of the DES core's data frequency. After an appropriate number of cycles have elapsed, the output register is sampled. A programmable counter is used to indicate when the output register contains valid encrypted data.

Abstract: In a microprocessor-based controller, scrambled program data words are stored in a read-only memory and user information is stored in a random-access memory. A data converter is connected in the data bus between the microprocessor and the memories for descrambling data words when the ROM is accessed to produce a replica of original program data words and applying the replica to the microprocessor for operating the controller. The data converter simply applies data words to the microprocessor without descrambling when the RAM is accessed. The scrambled program data words in the read-only memory may be divided into multiple data blocks, each of which is a scrambled form of the original program data words with each of multiple keywords defined respectively for the data blocks. A modulo-2 adder is provided for summing each of the keywords with the scrambled program data words of a corresponding data block.

Abstract: A self-verifying identification card having an image area which may contain a portrait, a finger print, a retinal image, or all of these together with an image signature which is derived from scanned intensity measurements taken from the image area. In the verification process, the image is scanned and aligned with respect to reference points corresponding to the original printing process which created the card, and intensity values, their averages, or any other function are compared to information provided by the image signature. Mathematical transformations, such as a one-way hash, an encryption, a compression algorithm, or a truth table may be used to encode the image signature. Alignment markers aid in scanning the image and the image signature. The use of average values aids in reducing noise and the use of comparison functions makes the process less sensitive to variations among scanners.

Abstract: Method for providing user authentication and a memory for storing a computer program for providing user authentication are described. The method includes the steps of providing a first argument including a one-way cryptographic transformation of a password and a second argument including a one-way cryptographic transformation of a cryptographic combination of the password and a first nonce, computing a first term using the first argument and computing a second term using the first nonce, and comparing the second term with the second argument.

Abstract: A system for controlling the validity of printing of indicias on mailpieces from a potentially large number of users of postage meters includes apparatus disposed in each said postage meter for generating a code and for printing the code on each mailpiece. The code is an encrypted code representative of the postage meter apparatus printing the indicia and other information uniquely determinative of the legitimacy of postage on the mailpieces. The keys for the code generating apparatus are changed to change its code generation at predetermined time intervals in each of the meters. A security center includes apparatus for maintaining a security code database and for keeping track of the keys for generating security codes in correspondence with the changes in each generating apparatus and the information printed on the mailpiece by the postage meter apparatus for comparison with the code printed on the mailpiece.

Abstract: The terminal and the user module are authenticated in a combined manner on the basis of an authentication key calculated on the one hand by the terminal and on the other hand by the network. A session key is firstly calculated by the user module on the basis of a secret user key, of a terminal identification parameter and of a first random number. Calculation of the authentication key by the terminal involves this session key calculated by the user module, a secret terminal identification key and a second random number. The network calculates in the same way the session key and the authentication key by retrieving the secret keys on the basis of the identification parameters transmitted by the terminal. The terminals can then be authenticated by the network independently of the associated user modules.

Abstract: A system including a storage medium containing encrypted information comprises: (a) a control unit for selecting information to be retrieved from the storage medium; (b) a storage medium reader for reading the selected information from the storage medium; and (c) a decryption device for decrypting at least portions of the selected information using a decryption key. The decryption key is defined, at least in part, by rules and/or data which are read from the storage medium by the storage medium reader. A different and unique key is associated with each separate item or file of encrypted information.

Abstract: In apparatus for performing signature verification for an input document on which at least one digital signature is put by at least one signer assigned with a signer's user ID code, an inputting section inputs the signature document. A user ID identifying section identifies the signer's user ID code in the input document to produce an identified user ID code indicative of the signer's user ID code. A user verification key holding unit preliminarily holds user verification keys for respective user ID codes to produce an identified verification key which is one of the user verification keys that corresponds to the identified user ID code. A signature verifying unit verifies the digital signature in the input document by using the identified verification key to produce a signature verification result. A verification result indicator message creating unit creates the verification result indicator message indicative of the signature verification result.

Abstract: A receiver is connected to a satellite communication network. The receiver includes a satellite receiver card for receiving a packet containing data from the satellite communication network and a satellite receive device driver, associated with the satellite receiver card, for outputting the data in the packet in a format using a predetermined standard LAN interface format. The receiver may also include a key distribution unit for providing the satellite receiver card with keys for decrypting the data in the packet when the data is encrypted. The satellite receive device driver sends the satellite receiver card a list of addresses corresponding to destination addresses of interest, and the satellite receiver card discards the received packet if its destination address is not in the list of addresses.

Abstract: A system for securely using digital signatures in a commercial cryptographic system that allows industry-wide security policy and authorization information to be encoded into the signatures and certificates by employing attribute certificates to enforce policy and authorization requirements. In addition to value limits, cosignature requirements and document type restrictions that can be placed on transactions, an organization can enforce with respect to any transaction geographical and temporal controls, age-of-signature limitations, preapproved counterparty limitations and confirm-to requirements by using attribute certificates for the transacting user. Restrictions on distribution of certificates can be set using attribute certificates. Certificates can be used also to ensure key confinement and non-decryption requirements of smartcards in this system.

Abstract: A system is employed for providing two different levels of protection for cryptographic devices transmitting digital information. The system is independent of the cryptographic algorithm used and works with any keyed cryptographic algorithm. High grade encryption is used for data transmitted from the transmitter device and employs an encryption key of "Y" bits. This information is decrypted at the receiver by a decryption circuit also having a "Y" key size. At the receiver, return information is encrypted by an encryption key having "X" bits, where X=Y-Z, with Z being a variable. The low grade information encrypted at the receiver is supplied back to the transmitter, which incorporates a decryption circuit having an "X" key size for decrypting the lower grade information.

Abstract: A method and system for prioritizing, securing, and reducing the amount of data transmitted and stored during the creation of a backup copy of file data. Sectors in which changes have been made are identified as are the actual changes made to the sectors. Only the actual changes within each changed sector, along with the HCS number and a byte offset identifying the location within the sector at which the changes occur, are transmitted to the backup site. Files that are to be transmitted to the backup site are prioritized according to ratings based on predetermined criteria. Higher rated files are transmitted to the backup site prior to lower rated files. The files that are to be transmitted to the backup site are encoded and double encrypted. All instances of predetermined client-specific data elements within each file are identified and replaced by a corresponding code prior to encryption.

Abstract: An inverter for converting DC power into AC power includes first and second subinverters having a plurality of controllable switches and three-phase outputs coupled to a summing transformer having wye and delta connected sets of primary windings and a set of secondary windings. The switches in the subinverters are controlled so that the subinverters produce first and second sets of pulse-width modulated subinverter waveforms which are summed by the summing transformer to produce the AC power in the secondary winding.

Abstract: A video signal format converting circuit is disclosed, comprising a signal converting matrix circuit and a filter circuit that is constructed of a time delaying device for a video signal corresponding to a standard television format. When a digital video signal corresponding to a first video signal format is converted into a second video signal format that is different from the first video signal format and then output, the time delaying device of the filter circuit is used as a delaying circuit. The output signal of the delaying circuit or the video signal corresponding to the standard television signal format is selectively output. While or after the video signal corresponding to the first video signal format is converted into the video signal corresponding to the second signal format, the video signal is modified so as to protect it from being copied.

Abstract: A computer program product comprising: a computer useable medium having computer readable program code means embodied therein for encrypting and decrypting information transferred over a network between a client application program running in a client computer and a server application program running in a server computer, the computer readable program code means in the computer program product comprising: computer readable program code means for providing a socket application program interface to an application layer program; computer readable program code means for providing encrypted information to transport protocol layer services; computer readable program code means for encrypting information received from an application layer program; and computer readable program code means for decrypting information received from transport protocol layer services.

Abstract: The invention relates to a device for securizing a document incorporating a processing module, which calculates and associates with each document page (10), comprising a zone (11) containing the text of the information to be certified, a graphic seal (12) representing it in the form of interlaced bar codes.The invention also relates to a process for securizing a document and a graphic authentification code.Particular application to the securized storage of documents and to securizing transmissions by fax.

Abstract: Fast message authentication code generation is achieved by preprocessing a secret key into an efficiently-computable representation of a hash function selected from a family of hash functions that share a characteristic property. The secret key is also mapped into a particular cryptographic transform. The hash function and the transform are used to generate the authentication code. In particular, the hash function is applied to the message to generate a hashed message. The cryptographic transform is then applied to the hashed message to generate a tag. The tag and possibly other information (such as the state of a counter) are then combined to create the authentication code.

Abstract: A method and a system for cipher key distribution realizing an effective prevention of the illegitimate use and the illegitimate charging. A key request signal containing a first random number generated at each user terminal is transmitted from each user terminal to the key center, so as to indicate the cipher key required at each user terminal to the key center, and a terminal check signal containing a second random number generated at the key center is transmitted from the key center to each user terminal.

Abstract: A cryptographic framework consists of four basic service elements that include a national flag card, a cryptographic unit, a host system, and a network security server. Three of the four service elements have a fundamentally hierarchical relationship. The National Flag Card (NFC) is installed into the Cryptographic Unit (CU) which, in turn, is installed into a Host System (HS). Cryptographic functions on the Host System cannot be executed without a Cryptographic Unit, which itself requires the presence of a valid National Flag Card before it's services are available. The fourth service element, a Network Security Server (NSS), can provide a range of different security services including verification of the other three service elements. The framework addresses national policies governing cryptography, where such policies can be independently developed and maintained using a such a framework.