Abstract: Methods and apparatus for enhanced CMEA, or ECMEA, processing. A forward ECMEA and a reverse ECMEA process are provided. The forward ECMEA process decrypts text encrypted by the reverse ECMEA process and the reverse ECMEA process decrypts text encrypted by the forward ECMEA process. The forward ECMEA process employs a transformation, an iteration of the CMEA process, and an inverse transformation. The reverse ECMEA process employs a reverse transformation, an iteration of the CMEA process, and a reverse inverse transformation. The transformations and inverse transformations, and the iteration of the CMEA process, employ secret offsets to improve security. The transformations and the iteration of the CMEA process also employ an enhanced tbox function using an involutary lookup table.

Abstract: Key escrow is achieved without a key escrow facility. An escrow key pair is generated and stored in the terminal. A key escrow field that includes a traffic key encrypted with the escrow key is provided before encrypted traffic is communicated. When access to the traffic key is authorized, the escrow key is extracted from the terminal and used to decrypt the traffic key. The private portion of the escrow key is covered in the terminal with an escrow key access number. The escrow key access number is preferably generated by the terminal manufacturer with a secret algorithm using the terminal serial number. Alternatively, the escrow key is stored within a user token, rather than the terminal.

Abstract: A method and apparatus that uses control of a chaotic system to produce secure digital chaotic communication. Controls are intermittently applied by a transmitter-encoder to a chaotic system to generate the 0 and 1 bits of a digital message. A new control/no control bit stream is thereby created in which a 0 indicates that no control was applied and a 1 indicates that a control was applied. The control/no control bit stream and a prepended synchronization bit stream are transmitted, using conventional transmission technologies, from the transmitter-encoder to an identical receiver-decoder. A chaotic system in the receiver-decoder is driven into synchrony and is subject to intermittent controls based on the control/no control bit stream, thereby causing it to generate the digital message.

Abstract: An in-line decryptor is employed to decrypt software (program instructions) transferred from a read only memory to a central processing unit. The in-line decryptor comprises a keystream generator that contains a cryptographic algorithm coupled to a memory that stores cryptographic keys. A combining function implemented using two substitution functions and two XOR functions generates an output keystream of the keystream generator. The decryptor uses the cryptographic algorithm to initialize a variation of a one time pad cryptosystem. Using a number of relatively short pseudorandom sequences and a simple combining function, a much longer address-dependent pseudorandom sequence is created. This sequence is used to decrypt the encrypted software in real time on an instruction-by-instruction basis.

Abstract: An apparatus and methods for facilitating an encryption process for use in systems employing cryptography based security, removes unnecessary data relating to encryption keys prior to storing the data after receipt of the encrypted information from a sender. Encrypted data, such as message data for multiple recipients, is analyzed to determine whether encryption related data for other recipients may be removed and/or whether a preferred encrypting process was used. In one embodiment, the apparatus and method also determines whether a non-preferred encryption process was used to encrypt encrypted data and re-encrypts the encrypted data with a different encryption process in response to detected non-preferred encryption key usage.

Abstract: Public key security control (PKSC) is provided for a cryptographic module by means of digitally signed communications between the module and one or authorities with whom it interacts. Authorities interact with the crypto module by means of unsigned queries seeking nonsecret information or signed commands for performing specified operations. Each command signed by an authority also contains a transaction sequence number (TSN), which must match a corresponding number stored by the crypto module for the authority. The TSN for each authority is initially generated randomly and is incremented for each command accepted from that authority. A signature requirement array (SRA) controls the number of signatures required to validate each command type. Upon receiving a signed command from one or more authorities, the SRA is examined to determine whether a required number of authorities permitted to sign the command have signed the command for each signature requirement specification defined for that command type.

Abstract: The public key, either short term “session” key or long term key, is generated by combining a pair of components. A first component is obtained by utilizing an integer with a relatively low Hamming weight as an exponent to facilitate exponentiation. The second component is a precomputed secret value that is of the form resulting from the exponentiation of the generator of the group element by an integer that has the requisite Hamming weight. The two components are combined to provide the public key and the two exponents combined to provide the corresponding private key.

Abstract: A method and apparatus for decrypting an input block encrypted under a predetermined key in a cryptographic system having a cryptographic facility providing cryptographic functions for transforming blocks of data. The cryptographic functions include an encryption function for encrypting a block under a predetermined key and a transformation function for transforming a block encrypted under a first key to the same block encrypted under a second key. The cryptographic functions have at least one key pair with the property that successive encryption of a block under the keys of the pair regenerates the block in clear form. The input block is first transformed into an intermediate block encrypted under one of the key pair using the transformation function. The intermediate block is then further encrypted under the other of the key pair using the encryption function to generate an output block successively encrypted under the keys of pair, thereby to regenerate the input block in clear form.

Abstract: A method and apparatus for collecting and securely transmitting biometric data over a network contains a sensor, preferably a camera, for collecting biometric data and code generating hardware and software. The camera data is digitized and a unique code which is a function of the digitized camera data, a secret key and a transaction token is attached to the digital file. The code may identify the sensor which acquired the biometric information, a time at which the biometric information was acquired, or a time interval during which the data is considered to be valid, and a unique transaction code. The data and code are transmitted over a network to a server which authenticates that the data has not been altered by recomputing the code using its own knowledge of the secret key and transaction token needed to generate the code. If the data is authentic the server then computes a biometric template using the data.

Abstract: A system for assuring the location integrity of a decryption chip used to receive and decrypt encrypted signals ES received from an encrypted signal source. The decryption chip operates in association with a licensed signal receiver and is licensed for use at a selected site or location Li and is positioned adjacent to a Satellite Positioning System (SATPS) antenna and receiver/processor that determine the present location L of this antenna. If the SATPS-determined location L is within a region R(Li;di), centered at the location Li and having a selected diameter di, and if the signal ES is associated with a channel that is authorized for reception by this signal receiver, the decryption chip is enabled, and the signal ES is decrypted for audible or visual display on the signal receiver. Otherwise, the decryption chip does not decrypt the incoming signal ES. The licensed site location Li can be changed and the group of channels for which signal receipt and decryption is authorized can be changed.

Abstract: The invention relates to a method for encrypting or decrypting a sequence of successive data words in a data communications device, the method comprising executing an algorithm in which a sequence of quasi-random encryption words is generated from predetermined start values by performing operations in a finite group, and in which a respective one of the encryption words is combined with a respective one of the data words.

Abstract: The present invention relates to the block cipher algorithm based on the prior Feistel type block cipher algorithm (or similar to DES algorithm). Usually the security of Feistel type block cipher algorithm depends on the structure of its round function. More specifically, the present invention relates to the round function structure of the Feistel type block cipher algorithm, in the instance that the round input data block is divided into 8-bit blocks and the divided sub-blocks are fed, with the combined output data of the previous S-box, into 256×8 S-box, except for the first input sub-data block. The first sub-data block one is directly fed into the first S-box. The total output data block, after these steps, is rotated by 8-bits and this rotated result is the output of the current round function.

Abstract: The present invention takes advantage of a quadratic-only ambiguity for x-coordinates in elliptic curve algebra as a means for encrypting plaintext directly onto elliptic curves. The encrypting of plaintext directly onto elliptic curves is referred to herein as “direct embedding”. When performing direct embedding, actual plaintext is embedded as a “+” or “−” x-coordinate. The sender specifies using an extra bit whether + or − is used so that the receiver can decrypt appropriately. In operation their are two public initial x-coordinates such that two points P1+ and P1− lie respectively on two curves E+ and E−. A parcel of text xtext is selected that is no more than q bits in length. The curve (E+ or E−) that contains xtext is determined. A random number r is chosen and used to generate a coordinate xq using the public key of a receiving party.

Abstract: In a cryptosystem which performs encryption/deciphering of communication text using k bits of cryptographically secure pseudo-random numbers as the block cipher key thereof, the block cipher key is updated each time j=k/m bits of new pseudo-random numbers are generated, with the j·m=k bits of pseudo-random numbers created by combining the j·(m−1) bits within the k bits of the present key and the newly generated j bits, serving as a new key, thereby shortening the updating cycle and improving the safety.

Abstract: Data sequences comprised of figure-coded units, such as text comprised of ASCII characters, are encoded into another data entity, such as a pixel based image. The encoding implements a positionally-based encoding scheme in which values of the data entity (basic matrix) upon which the data sequences are to be encoded is used. The position for values to be changed in the basic matrix are determined by a reversible function, and the encoding value that these values are changed by may be 1, another arbitrary number, or determined by a formula. The counterpart to the reversible function is known by an intended receiver of the encoded data for decoding purposes. The basic matrix may be generated utilizing a suitably complex function, such as a chaos function, with parameters known only to the sender and receiver.

Abstract: A method and apparatus for cryptographically converting a digital input data block into a digital output data block. The apparatus has an input for supplying the input data block and a further input for supplying a code conversion digital key K1. Cryptographic processing merges a selected part M1 of the digital input data block with the key K1 to produce a data block B1 which is non-linearly dependent on M1 and K1. The merging is performed in one sequentially inseparable step. The digital output block is derived from a selected part of the data block B1.

Abstract: A scheme for encrypting and transferring electronic mails which enables the realization of the information management regarding encrypted electronic mails by an electronic mail manager, and the transfer control regarding encrypted electronic mails. A management encryption key information is produced by encrypting the message encrypting key according to a public-key cryptography by using a prescribed management public key, in addition to the usual sender's encryption key information and each receiver's encryption key information. The encrypted electronic mail is then constructed from the encrypted message, the sender's encryption key information, each receiver's encryption key information and the management encryption key information. At a time of transferring the electronic mail, whether this electronic mail is an encrypted electronic mail or not is identified and whether a transfer of this electronic mail is permitted or not is judged according an identification result.

Abstract: The present invention is a method for outputting larger bit size pseudo-random number zi that is cryptographically secure. Since larger bit size pseudo-random numbers are being outputted, larger bit size segments of messages may be encrypted resulting in a speedier encryption process than encryption processes of the prior art. In one embodiment, the present invention is a pseudo-random number generator defined by a modular exponential function xi=gxi−1 mod p. The output of the pseudo-random number generator being a pseudo-random number zi comprising a j−1 bit size segment of xi. The value of j being less than or equal to m−2c (i.e., j≦m−2c). In an embodiment of the present invention, the pseudo-random number zi includes the j least significant bits of xi excluding the least significant bit of xi.

Abstract: A method is provided for an escrow cryptosystem that is essentially overhead-free, does not require a cryptographic tamper-proof hardware implementation (i.e., can be done in software), is publicly verifiable, and cannot be used subliminally to enable a shadow public key system. A shadow public key system is an unescrowed public key system that is publicly displayed in a covert fashion. The keys generated by the method are auto-recoverable and auto-certifiable (abbrev. ARC). The ARC Cryptosystem is based on a key generation mechanism that outputs a public/private key pair, and a certificate of proof that the key is recoverable by the escrow authorities. Each generated public/private key pair can be verified efficiently to be escrowed properly by anyone. The verification procedure does not use the private key.

Abstract: The present invention relates to digital signature operations using public key schemes in a secure communications system and in particular for use with processors having limited computing power such as ‘smart cards’. This invention describes a method for creating and authenticating a digital signature comprising the steps of selecting a first session parameter k and generating a first short term public key derived from the session parameter k, computing a first signature component r derived from a first mathematical function using the short term public key, selecting a second session parameter t and computing a second signature component s derived from a second mathematical function using the second session parameter t and without using an inverse operation, computing a third signature component using the first and second session parameters and sending the signature components (s, r, c) as a masked digital signature to a receiver computer system.