Abstract: A computing system, includes a processor, a cache, a memory system, and a secure cache controller system. The cache stores a plurality of cache lines. The memory system stores a plurality of blocks of encrypted data. The secure cache controller system is situated between the memory system and the cache. When there is a miss of a first cache line of data in the cache and the first cache line of data resides in a first block of encrypted data within the memory system, the secure cache controller system fetches the first block of encrypted data, decrypts the first block of encrypted data and forwards the first cache line to the cache.

Abstract: Private user data is securely entered from a public location in a way that the private user data cannot be ascertained by observers. A voice agent generates vocal instructions for a user, instructing the user to enter response data. The vocal instructions are communicated to the user with a telephonic link, in a manner that is secure from observers of entry of the response data. The instructions implement an encryption function, which causes the private user data to be encrypted within the response data. The response data is entered by the user vocally into a telephone, or by pressing buttons on a telephone keypad, or by pressing keys on a computer keyboard. The response data entered by the user is received by a security agent, which ascertains the private user data from the response data, and which also determines the validity of the data.

Abstract: A system and method for transferring messages securely over a computer network which includes the steps of inputting the message to be transmitted at a first device and then encrypting the message at the first device. An address for a dynamically addressed server is obtained and the first device is connected to the dynamically addressed server. The encrypted message is transmitted from the first device to the server and the message is received at the dynamically addressed server. The message is transmitted from the server to a second device and then the message is decrypted at the second device.

Abstract: The present invention is a method and apparatus for providing cryptographically secure algebraic key establishment protocols that use monoids and groups possessing certain algorithmic properties. Special fast algorithms associated with certain monoids and groups are used to optimize both key agreement and key transport protocols. The cryptographic security of the algorithms is based on the difficulty of solving the conjugacy problem in groups and other known hard algebraic problems. Braid groups and their associated algorithms are the basis for highly rapid key agreement and key transport protocols which employ modest computational resources.

Abstract: A key establishment protocol includes the generation of a value of cryptographic function, typically a hash, of a session key and public information. This value is transferred between correspondents together with the information necessary to generate the session key. Provided the session key has not been compromised, the value of the cryptographic function will be the same at each of the correspondents. The value of the cryptographic function cannot be compromised or modified without access to the session key.

Abstract: A technique which implements a primitive for computing, e.g., a checksum. Specifically, this primitive replaces a mod(M) operation with a series of simple elementary register operations. These operations include mod 2n multiplications, order manipulations (e.g., byte or word swaps), and additions—all of which are extremely simple to implement and require very few processing cycles to execute. Hence, use of our inventive technique can significantly reduce the processing time to compute various cryptographic parameters, such as, e.g., a message authentication code (MAC), or to implement a stream cipher, over that conventionally required. This technique has both invertible and non-invertible variants.

Abstract: A data transmitting method, a data recording apparatus, a data record medium and a data reproducing apparatus are provided to disallow the encryption to be easily decoded and keep the secrecy of key information higher. The data transmitting apparatus includes an error correction coding process block. In the block, an input converting circuit operates to perform a logic operation with respect to the information data from an interface circuit according to the key data. The converted information data is sent to an encoder for generating parity data. This parity data is mixed in a mixing circuit with information data before conversion. The error correction coding block operates to send the resulting data to a modulating circuit for modulating the data. The modulated data is recorded on a disk record medium.

Abstract: In the method for managing the use of temporary mobile identifiers (TIDs), the mobile and the network each store a list of TIDs for the mobile. Newly determined TIDs are added to the respective TID list such that the TIDs are stored in chronological order. To determine a new TID, the network sends a first challenge to the mobile and the mobile sends a second challenge to the network as part of a TID update protocol. The network and the mobile then determine the new TID based on the first and second challenges. As communication between the mobile and the network continues, the respective TID lists are updated. Namely, when either the network or the mobile confirms a TID, the TIDs older than the confirmed TID are deleted from the TID list. In communicating with one another, the mobile will use the oldest TID on its TID list, while the network will use the newest TID on its TID list.

Abstract: A cryptographic processing apparatus for performing cryptographic processing using input data to generate output data is provided. The cryptographic processing apparatus includes a storage unit for storing chain data which is used for reflecting present cryptographic processing on next cryptographic processing, and for renewing the chain data each time cryptographic processing is performed, a merging unit for merging the chain data stored in the storage unit with the input data to generate merged data, and a main cryptographic processing unit for performing main cryptographic processing using the merged data to generate output data and for outputting intermediate data generated during a generation of the output data, wherein the storage unit renews the chain data by storing the intermediate data outputted by the main cryptographic processing unit as the new chain data, which is used for the next cryptographic processing.

Abstract: A random-number generator generates first and second title keys on the basis of random numbers. A first DES encryption circuit for the title encrypts input data with the first title key. Initial values of this item of input data are a data identifier (ID) and program clock reference (PCR) that are extracted from a packet header. After completing the encryption of the initial values, a result of an encryption by a second DES encryption circuit for title serves as the input data for the first DES encryption circuit for title. The second DES encryption circuit for title encrypts a value of result of the encryption by the first DES encryption circuit for title with the second title key. An exclusive OR circuit outputs an exclusive OR of the data stored in the packet and a value of result of the encryption by the second DES encryption circuit for title. This exclusive OR turns out encrypted data.

Abstract: A system for identifying multiple electronic tags that includes a plurality of electronic tags attachable to a single object, each electronic tag having a non-overlapping readable region, and each electronic tag having a unique identifier. One or more electronic tag readers are configured to read the unique identifier of each electronic tag within the non-overlapping readable region, and a computing system is connected to the electronic tag reader to provide digital services in response to reading the unique identifier of each electronic tag. In certain embodiments, the electronic tags can have integral sensor systems that detect, for example, light, location, acceleration, or other physical properties, allowing provision of particular digital services related to the sensed properties.

Abstract: An input is ciphered in at least one of a sector forming circuit 13, a scrambling circuit 14, a header appendage circuit 15, an error correction encoding circuit 16, a modulation circuit 18 and a synchronization appendage circuit 18, used for processing input data for forming a recording signal. Not only the key for ciphering itself in the circuits but also the information as to which of the circuits has been used for ciphering becomes the key for ciphering. This realizes ciphering difficult to decode by a simplified structure.

Abstract: The invention provides secure and anonymous communications over a network, which is accomplished by imposing mechanisms that separate a users' actions from their identity. In one embodiment, involving use of the Internet, an http request, which normally contains both identity and action information, is separated in the first instance on the client side into action request and identity components, which are encrypted. The encrypted action and identity components are transmitted to a facility comprising an “identity server” and an “action server”, wherein the identity server receives the two encrypted request components and forwards the encrypted action request component to an action server. The identity server has the key to decrypt the identity component (but not the action component), and the action server has the key to decrypt the action component (but not the identity component). The action server decrypts the action request and forwards it to the third-party server.

Abstract: A book data service system in which the book data can be delivered by the broadcasting such that the book data can be delivered to any user located at any place promptly and economically, without causing the waste of the resources. A book data service system if formed by at least one data center including: a data center computer for storing and managing book data; and a broadcasting facility for broadcasting the book data stored and managed by the data center computer according to a prescribed communication protocol using a synchronization control and an error correction scheme suitable for data delivery by broadcasting without confirmation from a receiving side; and a plurality of user terminals, each user terminal including: a receiver for receiving the book data broadcasted from the broadcasting facility of the data center; a user terminal computer for storing and managing the book data received by the receiver; and a display for displaying the book data stored and managed by the user terminal computer.

Abstract: A system and method for communicating a key between two stations using an interferometric system for quantum cryptography. The method includes sending at least two light pulses over a quantum channel and detecting the interference created by the light pulses. The interfering pulses traverse the same arms of an interferometer but in a different sequence such that the pulses are delayed when traversing a quantum channel. The pulses are reflected by Faraday mirrors at the ends of the quantum channel so as to cancel any polarization effects. Because the interfering pulses traverse the same arms of an interferometer, there is no need to align or balance between multiple arms of an interferometer.

Abstract: A system for securely transporting valuables enclosed in a container which responds to attempted tampering by damaging said valuables and is provided with internal control means operating as a limited-mode machine that may include at least some of the elements of a series consisting of a user such as a dispatcher, a recipient or an escort, a container, and a single remote host capable of communicating with the internal control means of said container, at least at the time of departure. The elements are interconnected via a single terminal to form a star network of stations with said station at the center. The system is characterized in that the station of at least one recipient is not a resident station but a mobile and portable station.

Abstract: A control system provides secure transmission of programs, including at least one of video, audio, and data, between a service provider and a customer's set top unit over a digital network. Program bearing data packets are received in a first network protocol over a first data link and removed from the first network protocol. Packets representing a particular program requested by a customer having a set top unit are selected. Conditional access is provided to the selected program. In particular, program bearing packets are encrypted according to a first encryption algorithm using a first key, which is then encrypted according to a second encryption algorithm using a second key. The first keys are transported in packets to the customer's set top units along with the program packets. A public key cryptographic technique encrypts the second key such that the public key used in the encryption corresponds to the private key of the customer's set top unit.

Abstract: A public key encryption system exchanges information between a pair of correspondents. The recipient performs computations on the received data to recover the transmitted data or verify the identity of the sender. The data transferred includes supplementary information that relates to intermediate steps in the computations performed by the recipient.

Abstract: A new scheme for fast realization of encryption, decryption and authentication which can overcome the problems of the RSA cryptosystem is disclosed. The encryption obtains a ciphertext C from a plaintext M according to C≡Me (mod n) using a first secret key given by N (≧2) prime numbers p1, p2, . . . , pN, a first public key n given by a product p1k1 p2k2 . . . pNkN where k1, k2, . . . , kN are arbitrary positive integers, a second public key e and a second secret key d which satisfy ed≡1 (mod L) where L is a least common multiple of p1−1, p2−1, . . . , pN−1. The decryption recovers the plaintext M by obtaining residues Mp1k1, Mp2k2, . . . , MpNkN modulo p1k1, p2k2, . . . , pNkN, respectively, of the plaintext M using a prescribed loop calculation with respect to the first secret key p1, p2, . . . , pN, and by applying the Chinese remainder theorem to the residues Mp1k1, Mp2k2, . . . , MpNkN. This encryption/decryption scheme can be utilized for realizing the authentication.

Abstract: The disclosed system uses a challenge-response authentication protocol for datagram-based remote procedure calls. Using a challenge-response authentication protocol has many advantages over using a conventional authentication protocol. There are two primary components responsible for communication using the challenge-response protocol: a challenge-response protocol component on the client computer (client C-R component) and a challenge-response protocol component on the server computer (server C-R component). In order to start a session using the challenge-response protocol, the client C-R component first generates a session key. The session key is used by both the client C-R component and the server C-R component for encrypting and decrypting messages. After creating the session key, the client C-R component encrypts a message containing a request for a remote procedure call and sends it to the server C-R component. In response, the server C-R component sends a challenge to the client C-R component.