Abstract: The present invention is a method and apparatus for authenticating an information exchange between a host and a guest on a network. The host has a host key and the guest has a guest key. An authenticating server authenticates the guest. The authenticating server uses the host key and the guest key. The guest authenticates the authenticating server using the guest key. The host authenticates the guest and the authenticating server using the host key.

Abstract: A method and apparatus for fairly exchanging documents. A first document is shared between principal Y and third party Z. A second document is shared between principal X and third party Z. Z verifies that the sharing of the first and second documents has been performed correctly without Z understanding either document. If verified, Z sends its shares of the first and second documents to Y and X, respectively. X and Y verify that Z's shares are authentic.

Abstract: A fixed-point multiple calculation apparatus, for use in an encryption method and a signature method that use elliptic curves, finds multiples of a fixed point and an arbitrary point at high speed. The fixed-point multiple calculation apparatus generates a pre-computation tables for multiples of digits at one-word intervals and for multiples of digits at half-word intervals. Using the tables, multiples of points on an elliptic curve are calculated using a doubling process, but with a reduced number of additions. This reduces the overall amount of required calculation.

Abstract: A first service provider having a highest security of access, initially programs (604) tables in a subscriber unit (122), including an address table (224) having entries including addresses to which the subscriber unit is responsive, a sub-address table (226) including a sub-address identifier and a corresponding first pointer to a first decryption key for an algorithm required to decrypt a sub-message associated with the sub-address identifier, and a key table (228) including the first decryption key. A second service provider having a security of access less than that of the first service provider reprograms (606) an attribute of at least one of the sub-address table and the key table. The second service provider obtains reprogramming access by encrypting a first reprogramming message such that it can be properly decrypted using the first decryption key.

Abstract: A method and apparatus for determining the distance between transitions from a first logical state to a second logical state stored on a medium (i.e., a document). This determination is used to precisely characterize the information pattern in order to authenticate the information and the medium on which the information is stored. The invention uses a reader having a leading and trailing read apparatus which allow information to be read simultaneously from two or more locations spaced a known distance apart. The distance between the centerlines of each read apparatus is preferably an odd integer multiple of one half the distance between logical clock transitions. The distance between a first transition at the leading read apparatus and a next transition at the trailing read apparatus is used as a reference (i.e., the “Reference Value”). The Reference Value is compared with the distance between the first transition and the next transition on the medium (i.e., the “Jitter Value”).

Abstract: The invention relates to a method for indicating enciphering of data transmission between a mobile communication network and a mobile station (MS) in the mobile communication network, wherein signals transferred between a mobile communication network and a mobile station are monitored, and on the basis of the signal monitored, the cipher mode is indicated to the user of the mobile station.

Abstract: A key recovery method and system capable of key recovery without informing a third party of one's own secret key are disclosed. For realization of the method, a transmitting information processor generates a data value satisfying a relational expression by which if one of data obtained by converting a first public key and used as a cipher text generating parameter and data obtained by converting at least one second public key is decided, the other can be determined. The transmitting processor transmits a cipher text applied with the generated data value to a first receiving information processor which has a secret key paired with the first public key and at least one second receiving information processor which has a secret key paired with the second public key.

Abstract: A ‘virtual’ encryption scheme combines selected ones of plurality of different encryption operators stored in an encryption operator database into a compound sequence of encryption operators. Data to be transported from a data source site, such as a user workstation, to a data recipient site, such as another workstation, is sequentially encrypted by performing a compound sequential data flow through this sequence prior to transmission. Because of the use of successively different encryption operators, the final output of the sequence will be a compound-encrypted data stream that has no readily discernible encryption footprint. Therefore, even if a skilled data communications usurper possesses a decryption key for each encryption operators, there is a very low likelihood that he would be able to recognize the characteristics of any individual encryption operator.

Abstract: A method for implementing private key protocols between two processing devices of which at least one is a portable storage medium. The devices are fitted with a digital processing circuit for performing modular calculation operations with a view to executing operations such as modular multiplication, the processing circuit is used to implement a private key encryption function consisting of a series of reversible operations comprising at least a combination of two operations, i.e. a modular calculation operation and a binary logic operation, and said function is applied either for encrypting or signing messages to be transmitted, or for decrypting received messages.

Abstract: Disclosed are a system and a method employing a user's fingerprint to authenticate a wireless communication. The user's personal fingerprint is employed as the secret key in the context of a modified “challenge-response” scenario. The system includes a fingerprint capture module on a mobile personal wireless communication device (e.g., a wireless telephone) and a central authentication system coupled to a conventional mobile switching center. The central authentication system contains information that associates each mobile identification number (“MIN”) with a particular user's fingerprint. When a wireless communication is to be initiated, the central authentication system engages in a challenge-response authentication with the mobile switching station or the wireless phone using the stored fingerprint associated with the MIN through the common air interface.

Abstract: A parameter receiving unit receives parameters &agr; and &bgr; of an elliptic curve E and an element G=(x0,y0) on the elliptic curve E. A transformation coefficient acquiring unit calculates a transformation coefficient t which is an element on a finite field GF(p) so that t{circumflex over ( )}4×&agr;(mod p) will not exceed 32 bits.

Abstract: Secure time stamps generated by the inventive apparatus and method include an externally generated time signal, such as a GPS signal, a time stamp serial number, generated through an irreversible process which may not be duplicated by the apparatus, and one or more check sum values used to verify the content of the time stamp parameters or any data file associated with the time stamp. Also disclosed are apparatus and methods for verifying the authenticity of previously generated time stamps in either electronic or tangible form. The time stamp generator apparatus may be implemented as an add-on board to an existing computer system or as a stand alone device which may also include a GPS receiver and a scanner for verifying previously generated time stamps.

Abstract: The invention provides technology that improves the security of the A-Keys in a wireless communications system. The technology effectively prevents any human access to the A-Keys and eliminates cloning. The invention improves the security and integrity of the wireless communications system. A secure processor exchanges random numbers with a wireless communications device to generate the A-Key. The secure processor then encrypts the A-Key and transfers the encrypted A-Key to an authentication system. When the authentication system generates or updates the SSD, the authentication system transfers the encrypted A-Key and other information to the secure processor. The secure processor decrypts the A-Key and calculates the SSD. The secure processor transfers the SSD to the authentication system for use in authenticating the wireless communications device.

Abstract: The present invention provides a technique, system, and computer program for a symmetric key block cipher. This cipher uses multiple stages with a modified Type-3 Feistel network, and a modified Unbalanced Type-1 Feistel network in an expansion box forward function. The cipher allows the block size, key size, number of rounds of expansion, and number of stages of ciphering to vary. The modified Type-3 cipher modifies the word used as input to the expansion box in certain rounds, to speed the diffusion properties of the ciphering. The modified Type-3 and Type-1 ciphers are interleaved, and provide excellent resistance to both linear and differential attacks. The variable-length subkeys and the S-box can be precomputed. A minimal amount of computer storage is required to implement this cipher, which can be implemented equally well in hardware or software (or some combination thereof).

Abstract: The present invention provides a technique, system, and computer program for a symmetric key block cipher. Variable block sizes and key sizes are supported, as well as a variable number of rounds. The cipher uses multiple stages of processing, where the stages have different structures and different subround functions, to provide excellent resistance to both linear and differential attacks. Feistel Type-1 and Type-3 are both used, each during different stages. The number of rounds may vary among stages. Subkeys are used in some, but not all, stages. The variable-length keys can be precomputed. A novel manner of using data-dependent rotation in a cipher is defined.

Abstract: The present invention provides a technique, system, and computer program for a symmetric key block cipher. Variable block sizes and key sizes are supported, as well as a variable number of rounds. The cipher uses multiple stages of processing, where the stages have different structures and different subround functions, to provide excellent resistance to both linear and differential attacks. Feistel Type-3 networks are used, with different networks during different stages. The number of rounds may vary among stages. Subkeys are used in some, but not all, stages. The variable-length keys can be precomputed. A novel manner of using multiplication in a cipher is defined.

Abstract: One embodiment of the present invention provides a method for authenticating an identity of a user in order to secure access to a host system. In this embodiment, the host system receives an identifier for the user from a client system. This identifier is used to retrieve a template containing biometric data associated with the user, and this template is returned to the client. The client then gathers a biometric sample from the user, and compares this biometric sample with the template to produce a comparison result. Next, the client computes a message digest using the template, the comparison result and an encryption key, and sends the message digest to the host system. This computation takes places within a secure hardware module within the client computing system that contains a secure encryption key in order to guard against malicious users on the client system.

Abstract: Plaintext elements and masking array elements are converted into digits in another number base. The resulting digits are combined modulo the new number base and the result is converted back into elements using the original number base resulting in ciphertext elements. For recovery of the plaintext, the ciphertext elements and masking array elements are converted again into digits in the same number base as used for encryption and a reverse arithmetic combination of these digits is employed, modulo the new number base, and the result of the combination is converted back into elements in the original number base resulting in the original plaintext elements.

Abstract: Apparatus and method for encrypting and decrypting using permutation, concatenation and decatenation together with rotation and arithmetic and logic combining with elements or digits or characters from random, pseudo-random, or arbitrary sources wherein the plaintext may be partitioned, block-by-block, the block size being a user selectable power of 2 in size. The data bytes in the input block are selected M bytes at a time, where M.gtoreq.2, with permuted addressing to form a single concatenated data byte, CDB. The CDB is modified by rotating (or barrel shifting) a random bit distance. The CDB may also be modified before or after rotation by simple arithmetic/logic operations. After modification, the CDB is broken up into M bytes and each of the M bytes is placed into the output block with permuted addressing. The output block, or ciphertext, may again be used as an input block and the process repeated with a new output block.

Abstract: In a system for jamming television programs in a cable television system, modified oscillators are used to provide jamming signals to control ports where they are added to the video signal, in order to prevent unauthorized viewing. The oscillators have switchable portions so that they, when receiving appropriate control signals from a control unit on control lines, can be switched to different basic oscillation frequencies and thus each one can cover a very wide frequency range. The basic oscillation frequency of the oscillators is finely adjusted by means of a continuous signal on a line like the conventional voltage control of oscillators. The use of such switched oscillators in an interdiction apparatus for a cable television system provides a number of advantages, such as making the system more flexible and more efficient in terms of jamming capacity for more expensive programs, pay channels, needed oscillator circuitry, etc.