Abstract: A barcode is formed on an optical disk. The optical disk is provided with a control data area and an identifier for indicating the presence or absence of the barcode in the control data area. A beam pattern if focused on a reflective film of the optical disk in an information signal region on which the data is recorded. Information is provided for making the barcode. The information is PE-modulated so that a width of a mark of the barcode is half or less than a period of the barcode marks. The optical disk is rotated to form the barcode.

Abstract: A system and method for providing protection of content stored on a bulk storage media is disclosed. The technique for providing protection from unauthorized utilization of the content so stored is provided publicly in order to allow for those utilizing a conforming media device to master or generate content protected according to the present invention. Various ways in which to protect content are disclosed including verification of the authenticity of a particular media, utilization of an accepted list of media play-back devices and their corresponding published public keys in order to securely pass media content keys thereto, and utilization of an external contact to provide media content keys and/or updates of accepted media play-back devices.

Abstract: A key managing system for implementing simultaneous disclosure of information. The invention includes an information transmitting apparatus which transmits a date and time at which secrecy protection of information is ended to a key controlling apparatus. The key controlling apparatus searches a key control table indicating a relation between decryption keys and decryption key disclosure dates & times for an encryption key that forms a pair in conjunction with a decryption key associated with the date & time transmitted by the information transmitting apparatus. The key controlling apparatus then transmits an encryption key found in the search to the information transmitting apparatus. The key controlling apparatus also discloses a decryption key for the present date & time to an information receiving apparatus in response to a request for a decryption key at a present date and time.

Abstract: A cipher device that can be configured to execute different types of cryptographic algorithms and perform more than one algorithm simultaneously. The device is operated from an external source and is implemented with a hardware architecture which exhibits the efficiency of conventional hardware based cipher devices as well as the flexibility of software based solutions.

Abstract: A cryptographic device is implemented in communication with a host processor to prevent the host processor from performing a standard boot-up procedure until a basic input output system (BIOS) code is authenticated. This is accomplished by a cryptographic device which is addressed by the host processor during execution of a first instruction following a power-up reset. The cryptographic device includes a first integrated circuit (IC) device and a second IC device. The first IC device includes a memory to contain firmware and a root certification key. The second IC device includes logic circuitry to execute a software code to authenticate the BIOS code before permitting execution of the BIOS code by the host processor.

Abstract: A verification data generating apparatus generates data that can be stored in a terminal device without sustaining unauthorized operations and has assured continuity in the order of being output. In the apparatus, a verification data holding element holds a verification data. A data generation element generates a data body at a predetermined timing. Whenever the data body is generated, a verification value generation element generates a new verification value based on the verification value held in the verification value holding element and the data body newly generated. The verification value held in the verification value holding element is then updated with the new verification value. A data storage element stores the data bodies generated by the data generating element in order.

Abstract: A method of expanding a secure kernel memory area to accommodate additional software code includes the step of digitally signing the additional code by a trusted authority. The code has a digital signature to authenticate the source of the code and to control what code can be added to the secure kernel. The new code is copied into an unprotected memory where the digital signature is verified. The digital signature includes a unique integrated circuit (IC) identification number, which provides the IC manufacturer with the ability to control the secure kernel memory expansion of all or each of the ICs. If the code is authenticated via the digital signature, then those memory blocks are locked-in as protected memory and thus given “secure kernel” privileges.

Abstract: An anonymity system including a cryptographic device. The cryptographic device of the anonymity system is adapted to initially determine whether a response to an incoming electronic message is requested. If so, an address of the anonymity system is encrypted with a key. In one embodiment, the key may be a public key of a system targeted to receive an outgoing electronic message from the anonymity system inclusive of data contained in the incoming electronic message. The encrypted address is placed into an outgoing electronic message before re-routing to the target system to allow the target system to re-route the response back to the anonymity system.

Abstract: A multi-application IC card system and method is disclosed providing a secure data transmission technique. The method is used, for example, to load an application from an application provider, which could be remote, to an IC card. At least a portion of the application is encrypted using a transfer key. The transfer key is then encrypted using the public key of a public/secret key pair of the intended IC card to form a key transformation unit. The encrypted application and key transformation unit are then sent to the IC card and the IC card decrypts the key transformation unit using its secret key. The transfer key is then recovered and used to decrypt the encrypted application. The application can then by stored on the IC card and accessed by the card user.

Abstract: Private keys for a public key cryptography system are protected within private key storage and communication by the requirement of a password to extract the private key based on a password during decryption. Upon receipt of a message encrypted with the public key, both the public key and the protected private key are retrieved from key storage. Interception of this transaction is useless since the protected private key alone cannot be utilized to decrypt the received message. A user is authenticated by extracting a potential private key from the protected private key utilizing a hashed password value, encrypting a well-known message with the public key, decrypting the encrypted well-known message utilizing the potential private key, and comparing the original and decrypted well-known messages. If they match, the extracted private key is employed to decrypt the received message.

Abstract: A key agreement method between a pair of entities i and j in a digital communication system, wherein each the entity has a private and corresponding public key pair Si,Pi and Sj,Pj respectively and the system, having global parameters for generating elements of a group, the method comprising the steps of: (a) entity i selecting a random private session value Ri; (b) forwarding a public session value corresponding to the private session value Ri to the entity j; (c) entity j computing a long term shared secret key k′ derived from entity i's public key and j's private key utilizing a first function H1; (d) the entity j utilizing entity j utilizing the key′ and computing an authenticated message on entity identities i,j and entities public session keys and forwarding the aunthenticated message to entity i; (e) the entity i verifying the received authenticated message; (f) the entity i computing the long term shared secret key k′ derived from the entity j's public key and i&

Abstract: A signal is encoded, for example, perceptually and, during or after the perceptual coding process, a digital watermark is inserted into a quantized digital information signal resulting from the perceptual coding process in such a manner that its insertion is imperceptible to one later listening to, displaying or otherwise utilizing the information signal. Moreover, the digital watermark may be inserted in accordance with a key indicative of the location of the mark in the digitally encoded signal. The key may be protected with a trusted entity and distributed in such a manner as to be not detectable by a pirate. Consequently, the key may be utilized at watermarking apparatus that can be located anywhere in the distribution channel of a copyright protected work. The key may be embedded in a secure microprocessor of validating apparatus at a point of distribution or even at a point of sale.

Abstract: The functionality of “protected shareware” is controlled by digitally signed messaging protocol. Protective code within the shareware controls the functionality of the shareware in response to authorization messages which are supplied directly or indirectly by the shareware supplier. These messages are digitally signed in whole or part by or on behalf of the shareware supplier using the supplier's secret signing key. The shareware, in turn, includes the public checking key for this digital signature of the supplier, thereby enabling the protective code to authenticate any such authorization message before acting in reliance upon it. The shareware includes an integrity self-checking routine which is run at appropriate times to ensure that shareware, including its protective code, is in an anticipated state. Typically this is equivalent to a finding that the code has not been altered, but it is conceivable that the code might be dynamically altered in some authorized (i. e.

Abstract: One or a plurality of prime numbers pi which are generated and a generated random number are used to calculate a larger prime number candidate, and a judgment is made as to whether or not the prime number candidate is a prime number by using a provable prime number judging method, and when the judgment is made that the candidate is a prime number, the prime number p is outputted. As for at least three polynomials F(p) which are factors of ps−1 (s: arbitrary natural number) by a prime number p, a measure against prime factorization is taken. Moreover, when the prime number p is used for a secret key of RSA cryptosystem, a strong prime number p against the iterated-encryption attack on RSA cryptosystem is generated.

Abstract: An arrangement, for verifying a playing authorization for an encrypted information signal reproduced by a reproducing device and for supplying a decrypted information signal when a playing authorization is available, includes a verification device for verifying a playing authorization for a reproduced encrypted information signal, and a decryption circuit for decrypting a reproduced encrypted information signal when a playing authorization is available. The arrangement further includes an interrogation device for independently requesting a playing authorization. The interrogation device includes a communication circuit which, in the absence of a playing authorization for a reproduced encrypted information signal, sets up a data link and supplies playing authorization request information to a playing authorization allocation device via the data link, and receives a playing authorization for the reproduced encrypted information signal from the playing authorization allocation device.

Abstract: A method and system for overcoming the problems associated with certificate revocation lists (CRL's), for example, in a public key infrastructure. The invention uses a tree-based scheme to replace the CRL.

Abstract: Disclosed is an optical disk barcode forming method wherein, as information to be barcoded, position information for piracy prevention, which is a form of ID, is coded as a barcode and is recorded by laser trimming on a reflective film in a PCA area of an optical disk. When playing back the thus manufactured optical disk on a reproduction apparatus, the barcode data can be played back using the same optical pickup.

Abstract: A certification revocation system uses a one-way function F to verify the validity of a certificate that includes a first value V. Included are means for receiving a second value V′ and means for iterating F on V′ and for comparing the result thereof to V. The function F is used to verify that a certificate having an issue date D and including a first value V is valid at a date belonging to a sequence of dates after D.

Abstract: An optical disk reproduction apparatus is for use with a disk on which data is recorded. A barcode-like mark is reproduced on the optical disk. It is possible to detect whether an identifier is on the optical disk. A decryption key is obtained from identification information included in the barcode-like mark. When the identifier indicates absence of the barcode-like mark, a signal is generated to indicate that the barcode-like mark is not to be reproduced.

Abstract: An optical disk includes a first area where data is recorded with pit pattern, a second information area where another data is recorded with marks which have a stripe-like configuration, and a guard band area formed between the first information area and the second information area. An address is written with pit pattern on the guard band area.