Abstract: An apparatus for isolating data receiving entity from a data sending entity includes a first data channel, coupled to the data sending entity, and a second data channel, coupled to the data receiving entity. A data encryption chip decrypts data received from the data sending entity and encrypts data sent to the data sending entity. A processor is programmed to compare a plurality of data words received from the first data channel to at least one data word characteristic of a data virus and to assert a control signal when a data word received from the first data channel corresponds to a data word characteristic of a data virus. An optical isolator is capable of isolating the first data channel from the second data channel when the processor detects a data virus. A controllable power supply is responsive to the control signal from the processor and coupled to the optical isolator, which provides power to the optical isolator only when the control signal from the processor is not asserted.

Abstract: The invention relates to a method of providing connection security for a connection between terminals in a wireless network. In the method data is transmitted from a first terminal (MS1) via nodes in the network to a second terminal (MS2). The method according to the invention is characterized by that it includes the steps of: routing the transmitted data via a mediator (MD), using the first security method for providing connection security at the security protocol layer between the first terminal (MS1) and the mediator (MD), using the second security method for providing connection security at the security protocol layer between the mediator (MD) and the second terminal (MS2), and performing the security method conversion at the security protocol layer at the mediator (MD).

Abstract: A programmable cryptographic system (100) provides high performance cryptographic processing support for cryptographic algorithms. Two or more independent cryptographic algorithms may be performed at the same time through the processes of background staging and algorithm multi-tasking. A four stage software instruction pipeline and dynamically programmable function units support high performance cryptographic processing performance on the order of 60 mega bits per second (Mbps) aggregate throughput.

Abstract: A cryptographic controller (100) installs and manages a channel for processing data units. The cryptographic controller (100) performs background staging of programs, context, and data units for the programmable crypto engine (14) and configurable crypto engine (16). The cryptographic controller (100) is a secure, hardware operating system capable of managing high performance crypto processing on the order of 1500 million instructions per second (MIPS).

Abstract: An audio signal processing method and unit for scrambling and descrambling audio signals accompanying video signals. The audio signal processing method comprises steps of dividing digital audio signals into data blocks synchronized to video signals, and then switching the order of adjacent odd and even blocks. The audio signal processing unit comprises a synchronizing signal detector for detecting the synchronizing signal in the video signal; a timing controller for generating a sampling clock signal for A/D conversion, sampling signal for D/A conversion, and system clock from the synchronizing signal; an A/D converter for converting the analog audio signal to digital audio signal using the sampling clock for A/D conversion; a scrambler for dividing the digital audio signal into data blocks using the system clock and switching adjacent odd and even blocks; and a D/A converter for converting the output signal of the scrambler to the analog audio signal using the sampling clock for D/A conversion.

Abstract: A method and system for authenticating between a user or client and a network access entity such as a server or another client using an IC card. The method includes a step of executing an initial authentication using the IC card when the user first communicates with the network access entity, a step of commonly holding authentication information in both the user and the network access entity if the initial authentication achieves success, and a step of executing a re-authentication using the commonly held authentication information without using the IC card when the user communicates again with the same network access entity within a predetermined period of time after the last authentication.

Abstract: A communication device is provided that is controlled through the use of small programs or applets that are executed by a processor within the device. The applets are encoded as a sequence of instructions chosen from a general purpose, machine independent instruction set, such as Java bytecodes. These applets may be interpreted by software, or directly executed by the processor of the communication device. The applets may be loaded into the device from a local host computer or may be downloaded from a remote device or computer. Applets provide a convenient, hardware independent means for maintaining up to date communications protocols and for updating the device with new features and capabilities. Downloading applets from a remote device may, for example, provide automatic encryption capabilities on a session unique basis, or provide for automatic virus detection, thereby providing enhanced security in data communications.

Abstract: The encryption key based on a blocking set cryptosystem includes knowledge of the blocking set, and ciphers (usually independent) on the blocking set and its complement. In order to decipher, a legitimate receiver needs to know only the blocking set and the cipher used on it. Thus it is not necessary for the sender to transmit to anyone the cipher on the complement of the blocking set. The fact that part of the encryption key need not be transmitted is the fundamental difference between the proposed cryptosystem and the so-called private key system, where both the sender and receiver know, but keep secret, the encryption and decryption keys. Particularly useful applications of this scheme are two situations where a central person, institution or computer send out confidential information to several parties, but where none of the parties has the authority to transmit information to the group. This might apply to the main branch of a company, or to a certification authority in a cryptographic protocol.

Abstract: The invention relates to an improved method for accounting for, and keeping track of, commodities which are gathered or harvested in one location and thereafter transported for delivery to another location. While the invention is applicable for use with a variety of commodities, the embodiment discussed concerns timber. It provides for a paperless process which accommodates the use by, and inputs from, various persons responsible for different steps in the process. It can be initiated by the timber owner and thereafter allows for the accumulation and recordation of pertinent information by other persons responsible for the various steps of timber identification, harvesting and delivery, such as the forester, loader, timber cutting crew chief, transporter, and destination purchaser. The method provides security, accountability, data entry, data retrieval, and reporting, with respect to commodity harvesting, transport, delivery, and receipt.

Abstract: Both of a user side and a protect side such as a programmer of an application programmer need not handle a large number of inherent information such as authentication keys. An access ticket generation device generates an access ticket from user unique identifying information and access rights authentication feature information. As unique security characteristic information, there is used a secret key of an elliptic curve encryption or an ElGamal encryption. A proof data generation device receives the access ticket, converts authentication data received from a proof data verification device into proof data by use of the access ticket and the user unique identifying information, and returns the resultant proof data to the proof data verification device. The proof data generation device or the proof data verification device decrypts the above-mentioned encryption.

Abstract: A signal such as an analog scrambled television signal in a cable television network has first scrambling mode data which is compatible with a first decoder population, but not a second decoder population. The scrambled television signal is processed to determine the scrambling mode without recovering the first scrambling mode data. Second scrambling mode data which is compatible with the second decoder population is then provided in the scrambled television signal, for example, in the vertical blanking interval or on an audio subcarrier. During processing to determine the scrambling mode, the television signal is delayed, e.g., by digitizing it and temporarily storing it in memory. The delay compensates for the time required to determine the scrambling mode. The television signal is recovered in the analog domain prior to inserting the second scrambling mode data.

Abstract: The present invention provides a signing apparatus used for signing by a user on usage information of a source provided in a format made available by the use of key information. The apparatus includes a unit for generating the usage information which is to be signed, a unit for performing a first computation by utilizing the key information which has been encrypted and the usage information, a unit for performing a second computation by utilizing a user's private key and a result of the first computation. The apparatus further includes a unit for performing a third computation by utilizing a result of the second computation, and thereby generating the key information which has been decrypted and a result of the computation performed on the usage information by utilizing the user's private key. The apparatus further includes a unit for making the source available by utilizing the decrypted key information.

Abstract: In a communication network in which data for transmission to a receiver terminal is multiplexed on a time-division basis and scrambled, a communication control apparatus and method for allowing the data to be descrambled at the receiver without fail. A scrambler of the sender apparatus includes a time-division frame monitoring circuit for receiving an unscrambled data stream generated by multiplexing time-division frames for application data and relevant information for transmission to thereby extract information concerning a scramble key, a scramble key manager for managing information concerning the scramble keys, an application data encryption processor for acquiring a scramble key corresponding to the information concerning the scramble key as received from the time-division frame monitoring circuit to thereby scramble the desired time-division frames of the data for transmission by using the scramble key as acquired.

Abstract: An encryption system for restricted-access television systems. Decryption keys, which are used to decrypt program material, are transmitted to customers in a restricted-access television system. The keys are transmitted as a hierarchy, wherein one key unlocks another key, and the last key unlocked is used to decrypt program material. Such a hierarchy is sometimes called "key-upon-key" encryption. The system transmits a second key that produces a first key from a cipher text (which first key decrypts a first program material) and wherein the second key also decrypts a second program material.

Abstract: An user authentication system for authenticating a user using an IC card in conjunction with a portable terminal used to generate a one-time password and a server used to generate a corresponding one-time password for user authentication. The IC card contains a secret key for generating a one-time password and predetermined random numbers. The portable terminal contains a card receiver for receiving the IC card, a random number memory for reading and storing, and then deleting the random numbers of the IC card, a first password generator for generating a one-time password by the secret key of the IC card and the random number, a first random number changer for changing the random number stored in the random number memory into a predetermined value and storing the changed value in the random number storing portion, and a display for displaying the processed results of the terminal and the server.

Abstract: A call contact platform (CCP) is provisioned with handles that belong to call recipients. Each recipient can have any number of handles in the CCP and each handle is associated with conditions under which a call employing the handle may be established. Specifically, when a party supplies a handle to a telecommunication network (previously given to the party by the call recipient), the network contacts the CCP and interacts with it as required in conformance with stored instructions. If appropriate, the CCP instructs the telecommunication network to establish a connection. A recipient can also give a party a handle that includes a message, where the handle is not prestored in the CCP. After the network contacts the CCP, the party provides the message, the CCP extracts instructions from the message, or retrieves instructions with the help of the message, and, as before, causes the telecommunication network to establish a connection, if appropriate.

Abstract: A method and system are provided for secure document delivery over a wide area network, such as the Internet. A sender directs a Delivery Server to retrieve an intended recipient's public key. The Delivery Server dynamically queries a certificate authority and retrieves the public key. The public key is transmitted from the Delivery Server to the sender. The sender encrypts the document using a secret key and then encrypts the secret key using the public key. Both encrypted document and encrypted secret key are uploaded to the Delivery Server, and transmitted to the intended recipient. The intended recipient then uses the private key associated with the public key to decrypt the secret key, and uses the secret key to decrypt the document. In an alternative, equally preferred embodiment of the invention, the sender uses the public key to encrypt the document. In yet another embodiment, the server transmits the document to the Delivery Server for encryption.

Abstract: Pseudorandom numbers are generated in a cryptographic module in a cryptographically strong manner by combining a time-dependent value with a secret value and passing the result through a one-way hash function to generate a hash value from which a random number is generated. The secret value is continually updated whenever the cryptographic module is idle by a first feedback function that generates an updated secret value as a one-way function of the current secret value and the time-dependent value. In addition, the secret value is updated on the occurrence of a predetermined external event by a second feedback function that generates an updated secret value as a one-way function of the current secret value, the time-dependent value and an externally supplied value.

Abstract: A scrambled data transmission is descrambled by communicating encrypted program information and authentication information between an external storage device and block buffers of a secure circuit. The program information is communicated in block chains to reduce the overhead of the authentication information. The program information is communicated a block at a time, or even a chain at a time, and stored temporarily in block buffers and a cache, then provided to a CPU to be processed. The blocks may be stored in the external storage device according to a scrambled address signal, and the bytes, blocks, and chains may be further randomly re-ordered and communicated to the block buffers non-sequentially to obfuscate the processing sequence of the program information. Program information may be also be communicated from the secure circuit to the external memory. The program information need not be encrypted but only authenticated for security.

Abstract: A secure electronic monetary transaction system (SEMTS) provides absolute security for electronic financial transactions. These transactions can be of any kind provided they are numeric in content and of known length. The SEMTS encrypts and decrypts source numeric data using a private, numeric key known only by both parties in the transaction. The secure distribution of these keys will be under the same methods that the financial institutions use to distribute the original source data such as credit cards, account numbers, etc. The system uses nine simple, open formulas for translating source numbers into encrypted cipher numbers. These formulas return every possible value, except the input value, and are completely dependent on the key. Because there are no hidden parts, the architecture of the SEMTS is completely available to anyone in the public sector. This open architecture makes stealing the cipher numbers worthless. The only way to break a number is to know the key.