Abstract: Circuitry implemented within a multi-chip module comprising a first integrated circuit chip and a second integrated circuit chip coupled together through an interconnect. Both the first and second integrated circuit chips include a cryptographic engine coupled to the interconnect and a non-volatile memory element used to contain key information. These cryptographic engines are solely used to encrypt outgoing information being output across the interconnect or to decrypt incoming information received from the interconnect. This prevents fraudulent physical attack of information transmitted across the interconnect.

Abstract: A secure embedded memory management unit for a microprocessor is used for encrypted instruction and data transfer from an external memory. Physical security is obtained by embedding the direct memory access controller on the same chip with a microprocessor core, an internal memory, and an encryption/decryption logic. Data transfer to and from an external memory takes place between the external memory and the memory controller of the memory management unit. All firmware to and from the external memory is handled on a page-by-page basis. Since all of the processing takes place on buses internal to the chip, detection of clear unencrypted instructions and data is prevented.

Abstract: A computer program product comprising: a computer useable medium having computer readable program code means embodied therein for encrypting and decrypting information transferred over a network between a client application program running in a client computer and a server application program running in a server computer, the computer readable program code means in the computer program product comprising: computer readable program code means for providing a socket application program interface to an application layer program; computer readable program code means for providing encrypted information to transport protocol layer services; computer readable program code means for encrypting information received from an application layer program; and computer readable program code means for decrypting information received from transport protocol layer services.

Abstract: A key control system comprises the generation of a first set of predetermined keys K.sub.pred which are then used as master keys for a plurality of respective postage meters. The keys are then related to a respective meter in accordance with a map or algorithm. The predetermined master key K.sub.pred is encrypted with the date to yield a date dependent key K.sub.dd related to the respective meter. The date dependent key is encrypted with a unique identifier or the respective meter to yield a unique key K.sub.final that is by the respective meter to generate digital tokens. The Data Center encrypts the date with each predetermined key K.sub.pred to yield a table of dependent keys K.sub.dd 's. The table of K.sub.dd 's are distributed to verification sites. The verification site reads a meter's identification from a mailpiece being verified to obtain the dependent key K.sub.dd of the meter. The verification site encrypts the dependent key K.sub.

Abstract: System and method for securely backing up and reliably retrieving vault data in a metering system that includes a host processor operatively coupled to a vault. Whenever a transaction is completed by the vault, the vault cryptographically signs the vault data, including ascending register, descending register and piece count and sends the cryptographically signed vault data to the host processor where it is stored in a data file assigned to the vault. Each storage of the cryptographically signed vault data is indexed to create a historical log of vault transactions. If the vault is lost or damaged so that vault data cannot be retrieved from the vault, the cryptographically signed vault data is retrieved from the host processor data file and verified.

Abstract: A decryptor includes a descrambler for descrambling the scrambled signals using a PN signal, a PN generator which shifts the state successively from its initial state setup by a scramble-key, generates PN signals based on a conversion logic at the shifted state and is capable of changing PNG altering information for generating PN signals and a controller for decrypting a scramble-key from the scrambled signal and giving information for specifying a scramble-key and PN signal generating logic.

Abstract: An intelligent removable information storage device (100), for coupling to a host microcomputer system (10), includes a local processor unit (106) including apparatus for preventing the microcomputer system from reading from, or writing to, the storage device absent the entry of an appropriate password by a user of the host microcomputer system. The storage device also includes a storage medium (e.g., a magnetic disk) for storing information including at least one password. The local processor unit includes apparatus for preventing access to the information stored in the storage means absent receipt of a valid password.

Abstract: A master copy of a software file has within it a predetermined block of data. When a copy of the file is made that block of data within the copied file is located and overwritten with data identifying the copied file. When an unauthorized copy is found, the data identifying the copy can be read and the source of the unauthorized copy may be traced. The invention is particularly suited to use with software distribution over a computer network in which details such as the time the copied file was made and the name of the authorized user can be embedded within the copy.

Abstract: An active medium, typically a photochromic material and more typically spirbenzopyran, maintained in a three-dimensional matrix, typically of polymer, is illuminated in selected regions by two UV laser light beams, typically of 532 nm. and 1064 nm. wavelength, to change from a first, spiropyran, to a second, merocyanine, stable molecular isomeric form by process of two-photon absorption. Regions not temporally and spatially coincidently illuminated are unchanged. Later illumination of the selected regions by two green-red laser light beams, typically of 1064 nm wavelength each, causes only the second, merocyanine, isomeric form to fluoresce. This fluorescence is detectable by photodetectors as stored binary data. The three-dimensional memory may be erased by heat, or by infrared radiation, typically 2.12 microns wavelength. Use of other medium permit the three-dimensional patterning of three-dimensional forms, such as polystyrene polymer solids patterned from liquid styrene monomer.

Abstract: An off-premises method and apparatus for the interdiction of unauthorized channels of a broadband cable television signal includes common circuitry for adjusting the amplitude and equalization levels of the broadband CATV signals and one or more subscriber modules for generating jamming signals of different frequencies which are used to interdict one or more unauthorized channels. Each subscriber module is associated with a subscriber and is programmable and addressable to adjust the jamming parameters of that subscriber independently of other subscribers. Each subscriber module circuit comprises a plurality of latches, each of which is associated with one of a plurality of digital to analog converters. Each of the digital to analog converters drives one or more frequency agile oscillators with its analog output to generate the jamming signals.

Abstract: A low cost spread spectrum modulator for BPSK, or Binary Phase Shift Keying capable of outputting the high modulation rate and suppressed carrier output needed in spread spectrum systems. The present invention provides high quality BPSK modulation without the double balance mixers as required in the prior art, thereby dispensing with the necessity of complex transistor/potonciometer or diode/transformer arrangements. The present invention provides BPSK modulation utilizing only one transformer, which can be adjusted for carrier suppression and two transistors, FET's, or digital logic gates or the like, allowing the present system to be driven from low power CMOS logic levels, yet producing eight db of gain. The present invention may also be utilized as a frequency multiplier, with the utilization of the appropriately high frequency transistor, FET, digital logic gate, or the like.

Abstract: A distributed computer system employs a license management system to account for software product usage. A management policy having a variety of alternative styles and contexts is provided. Each licensed product upon start-up makes a call to a license server to check on whether usage is permitted, and the license server checks a database of the licenses, called product use authorizations, that it administers. If the particular use requested is permitted, a grant is returned to the requesting user node. The product use authorization is structured to define a license management policy allowing a variety of license alternatives by values called "style", "context", "duration" and "usage requirements determination method". The license administration may be delegated by the license server to a subsection of the organization, by creating another license management facility duplicating the main facility.

Abstract: An environment which includes a communications network, user terminals, and an authentication center provides communication services only to legitimate subscribers. The center receives an equipment ID for each terminal and uses a secret key to encrypt the equipment ID with a user ID and an error detection code to form an encrypted block. This block is programmed into an authentication module and sent to the subscriber for installation in the subscriber's terminal. The center sends a public key to authentication nodes of the network. When the subscriber operates the terminal to gain access to the network, a log-on message, which includes the encrypted block and an unencrypted version of the equipment ID, is sent to an authentication node. The authentication node decrypts the encrypted block and evaluates the IDs to determine whether to grant access to services offered by the network.

Abstract: In a communication system that includes a plurality of communication units, a communication resource allocator, and a limited number of transceivers that transceive information amongst the plurality of communication units via a limited number of communication resources, at least some of the information is transceived utilizing encryption means. To enhance the security of the communication system multiple keys are employed wherein a first communication unit transmits information identifying a particular key of the plurality of keys. Upon receiving the identifying information, at least a second communication unit looks up the particular key that is represented by the identifying information. Once the key is determined, it is loaded into a cryptographic circuit of the second communication unit enabling the second communication unit to receive encrypted messages from the first communication unit.

Abstract: A distributed sample scrambling system comprising scrambler and a descrambler. The scrambler includes a first shift register generator (SRG) 2 for generating scrambler SRG sequence, an exclusive OR gate 7 for generating a scrambled bitstream by adding the binary sequence to a scrambler input bitstream, and first sampling unit 2 for sampling the scrambler SRG sequence at non-uniform sampling intervals.

Abstract: A prover possessing public information and related secret information sends the public information and an initial message to a verifier. The verifier sends back a random message and an enquiry generated from the initial message and random message. The prover confirms that the enquiry has been correctly generated, then sends the verifier a response created from the enquiry and the secret information and related to the initial message. Using the initial message and public information, the verifier checks whether the response is a valid response to the enquiry. If it is, the verifier stores the public information, initial message, random message, and response as a transcript. If necessary, the transcript can be submitted to an arbitrator to establish that verification has taken place.

Abstract: A diagnostic method and apparatus for a cable television interdiction system is provided. One or more diagnostic modes each corresponding to a particular problem or state associated with the interdiction unit may be entered into by the interdiction unit. If a diagnostic mode is detected, the television signal provided to a television signal receiving apparatus, e.g., a television set, is disabled for a specified length of time. Thereafter, depending upon the diagnostic mode detected, either the television signal provided to the receiving apparatus and/or a light-emitting device, e.g., a light-emitting diode (LED), is pulsed a specified number of times corresponding to the detected diagnostic mode. The cycle of disabling the television signal provided to the receiving apparatus and pulsing either or both the television signal provided to the receiving apparatus and/or the LED is repeated until a transaction is received from the headend cancelling the diagnostic mode.

Abstract: A system for representing and recognizing data in machine readable graphic image form in which data to be encoded is entered into the system and a processor encodes the data into a two-dimensional bar code symbol and generates transfer drive signals representative of the symbol. A transferring device such as a printer transfers an image of the two-dimensional bar code symbol onto a carrier such as a card or paper document in response to the transfer drive signals. A recognition device converts the image on the carrier into electrical signals representative of the symbol by scanning the image. A low-level decoder decodes the signals by decoding each scan line into a vector of codeword values corresponding to the codewords in the two-dimensional bar code symbol, assigning a row number to each of the codeword values, and then filling in a two-dimensional matrix with the codeword values. A high-level decoder further decodes the codeword values into data which can then be output for processing or use.

Abstract: A metering system requires a user to provide periodic, accurate meter readings to a billing authority.The metering system includes a mechanism for dispensing postage or another accountable quantity, an accounting mechanism for updating and storing information regarding the amount of postage dispensed by the dispensing mechanism and an output mechanism for outputting the stored postage information. The system also includes a mechanism for storing a time deadline, a clock that provides a current date signal and a lock that disables the dispensing mechanism when the current date is not before the stored deadline. The system also includes a reset mechanism for extending the stored deadline.A user of the system reads the output of the system to obtain a current meter reading. The user then telephones the billing authority's data center, provides the current reading to the data center and receives back from the center an encrypted combination that reflects the reading provided by the user.

Abstract: A cryptographic communication system. The system, which employs a novel combination of public and private key cryptography, allows two parties, who share only a relatively insecure password, to bootstrap a computationally secure cryptographic system over an insecure network. The system is secure against active and passive attacks, and has the property that the password is protected against offline "dictionary" attacks. If Alice and Bob are two parties who share the password P one embodiment of the system involves the following steps: (1) Alice generates a random public key E, encrypts it with P and sends P(E) to Bob; (2) Bob decrypts to get E, encrypts a random secret key R with E and sends E(R) to Alice; (3) Alice decrypts to get R, generates a random challenge C.sub.A and sends R(C.sub.A) to Bob; (4) Bob decrypts to get C.sub.A, generates a random challenge C.sub.B and sends R(C.sub.A, C.sub.B) to Alice; (5) Alice decrypts to get (C.sub.A, C.sub.B), compares the first against the challenge and sends R(C.