Abstract: In the preferred embodiment, an encrypted GPS signal is down-converted from RF to baseband to generate two quadrature components for each RF signal (L1 and L2). Separately and independently for each RF signal and each quadrature component, the four down-converted signals are counter-rotated with a respective model phase, correlated with a respective model P code, and then successively summed and dumped over presum intervals substantially coincident with chips of the respective encryption code. Without knowledge of the encryption-code signs, the effect of encryption-code sign flips is then substantially reduced by selected combinations of the resulting presums between associated quadrature components for each RF signal, separately and independently for the L1 and L2 signals. The resulting combined presums are then summed and dumped over longer intervals and further processed to extract amplitude, phase and delay for each RF signal.

Abstract: A method and a device for facilitating authorized and simultaneously restraining unauthorized access to a multitude of alphanumeric sequences, for instance for credit cards, code keys and the like. According to the method every correct sequence (e.g. 5533) is encrypted by mathematically manipulating it by means of an encrypting sequence (7221) common to every correct sequence, so that every correct sequence is converted into a fictitious encrypted sequence. The credit card has a carrier (12-16) for carrying and exposing the fictitious sequence. A deciphering of the fictitious sequence is performed by a reversed mathematical manipulation of the fictitious sequence.

Abstract: A communications system includes a plurality of interfaces (20) each of which can receive and/or transmit data to a common transmission network (21). Each interface (20) transmitting data to the network (21) attaches a classification code to the transmitted data, and each interface (20) receiving data from the network (21) retrieves the classification code and restricts access to the associated data in dependence upon that classification code. The invention alleviates the need to employ "secure" and "clear" communications networks in parallel, and is especially applicable to aircraft communications.

Abstract: A cryptographic method is disclosed that enables the issuer in a secret-key certificate issuing protocol to issue triples consisting of a secret key, a corresponding public key, and a secret-key certificate of the issuer on the public key, in such a way that receiving parties can blind the public key and the certificate, but cannot blind a predetermined non-trivial predicate of the secret key even when executions of the issuing protocol are performed in parallel.

Abstract: A new class of variable length, nonlinear feedback shift registers (NLFSR's) is disclosed that uses data-dependent dynamically allocated taps to filter digital information reversibly, flexibly, and rapidly. This class of NLFSR's has been succinctly realized in terms of a multi-parameter family of nonlinear, discrete difference equations that operate on digital data of variable length. Each individual NLFSR is characterized by a collection of integer `parameter functions` and `boundary condition functions` denoted .PI..sub.T for an integer T.gtoreq.1. A concrete description of an exemplary set .PI..sub.T is given in the text. Given an input sequence to the NLFSR, the final output sequence is another sequence defined by the values of the parameter and boundary condition functions, and a new reversible (or invertible) nonlinear mathematical rule that transforms a sequence of integers into a different sequence of integers.

Abstract: A synchronized chaotic system and a communication system using the synchronized chaotic system is disclosed. The synchronized chaotic system comprises a master chaotic part and a slave chaotic part, and a first synchronizing part connected to the master chaotic part and a second synchronizing part connected to the slave chaotic part. The first and second synchronizing parts preform operational functions to synchronize a chaotic signal output of the master chaotic part with a chaotic signal output of the slave chaotic part. Each of the first and second synchronizing parts includes a first scaler, a subtracter, a second scaler, and an adder. Each output of the adder is fed back to the main and slave chaotic parts. The synchronization occurs when the synchronized system consisting of the variable differences of the master and the slave chaotic parts generates infinite period of laminar phase which is connected with on-off intermittency.

Abstract: An improved session control method and apparatus includes a client which establishes a session with a first server such that the first server can identify the client. When the client wishes to migrate from the first server to a second server, the client requests a session token from the first server. The session token is a data element generated by the first server which is unique over the client-server network being navigated and identifies the particular session with the first server. The session token is preferably a difficult to forge data element, such as a data element digitally signed using the private key of the first server. The session token is passed from the client to the second server to initiate migration to the second server. If session data is too bulky to be passed as part of the session token, the second server may use data from the session token to formulate a request to the first server for additional data needed to handle the state of the session.

Abstract: A secret-key block-cipher utilizing the principles of factorization and composition with respect to general logarithmic signatures in permutation groups of arbitrary size 2.sup.l, and methods of use thereof are disclosed. The preferred embodiment uses two encryption/decryption stages from composition and factorization means including novel and efficient circuits for multiplication and inversion of permutations, operating in their compact form representation. The system is scalable to any input/output block size l and performs encryption/decryption at very high data rates.

Abstract: The present invention is an apparatus and method of encryption. A first table comprising a set of 2.sup.n distinct n-bit input numbers and a first set of 2.sup.n distinct n-bit output numbers is received. A second table comprising of the set of 2.sup.n distinct n-bit input numbers and a second set of 2.sup.n distinct n-bit output numbers is also received. The first and second sets of 2.sup.n n-bit output numbers are each a one-to-one mapping of the set of 2.sup.n n-bit input numbers, and the second mapping of 2.sup.n n-bit output numbers is disjoint from the first mapping of 2.sup.n n-bit output numbers. The first and the second tables are combined and a fourth table of 2.sup.n pairs of (n+1)-bit numbers is generated by converting each of the 2.sup.n pairs of n-bit input numbers and each of the 2.sup.n pairs of n-bit output numbers in the third table, to (n+1)-bit numbers.

Abstract: Proactive robust threshold schemes are presented for general "homomorphic-type" public key systems, as well as optimized systems for the RSA function. Proactive security employs dynamic memory refreshing and enables us to tolerate a "mobile adversary" that dynamically corrupts the components of the systems (perhaps all of them) as long as the number of corruptions (faults) is bounded within a time period. The systems are optimal-resilience. Namely they withstand any corruption of minority of servers at any time-period by an active (malicious) adversary (i.e., any subset less than half. Also disclosed are general optimal-resilience public key systems which are "robust threshold" schemes (against stationary adversary), and are extended to "proactive" systems (against the mobile one). The added advantage of proactivization in practical situations is the fact that, in a long-lived threshold system, an adversary has a long time (e.g., years) to break into any t out of the l servers.

Abstract: A universal decoder consisting of modules that may be exchanged with a module of a like type which provides automatic frequency changes and remote system control of the decoder by a host computer. The decoder minimizes signal invasion by providing a data signal frequency change device between a broadcast station and subscriber terminals. Converters modules are classified into fixed function and variable function modules. The fixed function module is a singularly-bodied unit assembled onto a PCB while the variable functions are modularized based on their functions. The connecting circuitry and the data communication protocol between fixed functions and the variable functions is standardized thereby improving the lifetime of the converter. Hacking is solved by allowing the scramble system to be changed. Compatibility problems are eliminated since the modules are made in accordance with internationally uniform or standardized specifications.

Abstract: "A method of using personal information as a decryption key for encrypted software. When software is sold, a purchaser provides a seller with several pieces of personal information that will be used as part of a decryption key. The personal information is tied to the purchaser or a user of the software. For example, the personal information can include, but is not limited to, the purchaser's social security number, telephone number, expiration date of the credit card, address, mother's maiden name, children's names, bank account information. This personal information is embedded in the purchased or licensed software. The material is then conveyed to the purchaser. To activate the software the purchaser must enter the key that includes the personal information. The software compares the key that the purchaser enters with the personal information embedded in the software. The software will only be installed if the key and the personal information match.

Abstract: A self contained data medium is provided with an apparatus for generating a decrypting key for decrypting stored data. Frames of encrypted data are stored on the data medium such as a video or audio disk. Each frame of data includes a header which has a frame identification number. A reader reads each frame of data including the header with the frame identification number. The reader transmits the frame number to a transponder attached to the data medium. The transponder includes a decryption engine which calculates a decryption key from the frame number and a secret deciphering key stored in the transponder. The transponder transmits the decryption key to the reader which uses the decryption key to decrypt the frame of data. The system discourages both home copying and commercial piracy of the underlying program material.

Abstract: An apparatus and method for performing remote financial transactions over an interactive network using a user operated payment module such as an initialized remote control device. The secure remote financial transaction system uses password security as well as a secure method for selecting and implementing personal passwords.

Abstract: Controllable functions (210, 220, 230) and controllable connection managers (212, 222, 216, 226) are used to provide a fail-safe security system implemented on a single processor (200). Red subsystems, black subsystems and clear bypass subsystems ensure separation between red data and black data. Connection managers (212, 222, 216, 226) are used to isolate and control red data ports (214), black data ports (224), red crypto ports (218), and black crypto ports (228). Subsystems are configured to control data flow, provide data separation, access control and prevent single failures from compromising security system (200). Each subsystem is managed separately, and each subsystem has unique access protection provided by controller (202). Within security system (200), the subsystems are kept separate. Functional separation of the red data memory and black data memory is maintained to provide fail-safe data isolation.

Abstract: A fingerprint sensing system for providing data in dependence upon fingerprint information to a computer is disclosed. The system comprises an imaging device for capturing a fingerprint image. The fingerprint image is processed to provide associated data such as a portion of an encryption key. The associated data are secured prior to transmission by encoding into an image frame forming part of a video data signal. The data are encoded at predetermined locations within the image frame instead of image pixel data. The video data signal comprising the associated data are then transmitted to a computer. Upon receipt at the computer the received video data signal is processed to extract the encoded data from the predetermined locations within the image frame.

Abstract: In a center, a Fourier transformation with a weighting function and a center matrix are applied to the identifier of each entity (steps 2-1, 2-2), which is then randomized by one-time pass random number data generated by a manual operation at each entity, thereby generating a secret private key peculiar to each entity (steps 2-3.about.2-5). The center also generates an identifier transformation algorithm based on the one-time pass random number data and the Fourier transformation with a weighting function (step 2-6). Thereafter, the center distributes the identifier transformation algorithm and the secret private key to each entity. Each entity applies the identifier transformation algorithm and the secret private key to the identifier of another entity with which to communicate, for thereby generating a common cryptokey for cryptographic communications between the entities.

Abstract: A co-planar system for determining the shape and dimensions of a surface of an object includes a projector for projecting in a selected plane onto the object a spatially coded pattern of radiation, e.g., light. The system also includes a receiving device capable of imaging the reflected pattern in the selected plane, and a discriminator for determining which portion of the reflected pattern corresponds to which portion of the projected pattern. By this means, a received signal representing less than the complete reflection from the projected pattern can be correlated with a discrete portion of the scanned object. The object is moved relative to the selected plane and the procedure repeated to obtain enough reliable data to generate a reasonably reliable surface profile. The resulting set of received signals and correlations are used to calculate the shape and dimensions of the object.

Abstract: For effecting cryptographic communications between entities i, j using a common cryptokey, each of the entities i, j generates a common cryptokey by applying an identifier transformation algorithm and a secret private key, which have previously been distributed from a center, to the identifier of the other entity with which to communicate (step 3). In a transmitting side, one-time pass cryptographic communication random number data are generated and encrypted by the common cryptokey, a plaintext is encrypted using the random number data, and the encrypted random number data and the encrypted plaintext are combined into an encrypted communication text (step 4). In a receiving side, the encrypted random number data in the encrypted communication text are decrypted using the common cryptokey, and the encrypted plaintext is decrypted using the decrypted random number data as a key (step 5).

Abstract: An improved secure communication arrangement separates the tasks of identity verification and certificate issuing, which allows a disassociating of the long-term binding between Alice and her public/private key pair. This is accomplished by a registration authority issuing a password to Alice once it is satisfied of Alice's bona fide. Thereafter, whenever Alice wishes to communicate with Bob, she contacts a certification authority, identifies herself with the password and obtains a private key and a corresponding short-lived certificate. The certificate typically includes Alice's name and a public key in plaintext, and a signature. The signature is derived by hashing the plaintext portion of the certificate to obtain a value, and encrypting the value with the CA's private key.