Abstract: The present invention relates to a procedure for controlling independent secure transactions using a single physical apparatus (11) that is the property of the user, wherein: the user of said apparatus obtains the apparatus independently of any service provider, on presentation by the user of said apparatus (11) to a service provider (P1, P2, P3) said service provider supplies a set of data identifying the user associated with the apparatus for access to a given service (S1, S2, S3) the combination of the apparatus and the data enables a secure transaction to be conducted with the service.

Abstract: A technique for combining biometric identification with digital certificates for electronic authentication called biometric certificates. The technique includes the management of biometric certificates through the use of a biometric certificate management system. Biometric certificates may be used in any electronic transaction requiring authentication of the participants. Biometric data is pre-stored in a biometric database of the biometric certificate management system by receiving data corresponding to physical characteristics of registered users through a biometric input device. Subsequent transactions to be conducted over a network have biometric certificates generated from the physical characteristics of a current user, which is then appended to the transaction, and which then authenticates the user by comparison against the pre-stored biometric data of the physical characteristics of users in the biometric database.

Abstract: A system and method for accelerating information transfers from an encrypted memory to a requesting device in a system utilizing a decryption engine is provided. The decryption engine fetches and decrypts a first information block having a greater byte count than the number of bytes of requested information. A current address, corresponding to a storage device address of the decrypted first information block residing at the output of the decryption engine, is compared to a requested address. The requested address corresponds to a storage device address of a second information block of which the requested information is a subset thereof. The second information block has a byte count equivalent to the byte count of the first information block which was decrypted by the decryption engine. A new block fetch of encrypted information from the encrypted storage device is initiated when the current address and the requested address are unequal.

Abstract: A pseudorandom sequence generator including a first feedback shift register having at least one input and at least one output and a first controller having an output in communication with the at least one input of the first feedback shift register; the first feedback shift register operating at a first speed S1 and the first controller operating at a second speed S2. In one embodiment the first speed S1 of the first feedback shift register is an integer multiple of the second speed S2 of the first controller. In another embodiment the first feedback shift register includes a shift register having an input, an output, and at least one tap; and a feedback function generator having a first input in communication with the at least one tap of the shift register, a second input in communication with the output of the first controller, and an output in communication with the input of the shift register; the feedback function generator includes at least one feedback function.

Abstract: A method for access control to computer-controlled programs, which can be used at the same time by a plurality of users. A user sends a request regarding a program to a unit for organizing a data flow. It is checked in this unit whether the user which sent the request, has originally started the program. When the user sending the request has started the program, the request is forwarded to the program. If not, an access control with respect to the request is carried out on the basis of an access control data bank. When it derives from the access control that the request is an allowed request, the request is forwarded to the program. When it derives from the access control that the request represents an unallowed request, the request is not forwarded to the program.

Abstract: A complete system for the purchasing of goods or information over a computer network is presented. Merchant computers on the network maintain databases of digital advertisements that are accessed by buyer computers. In response to user inquiries, buyer computers retrieve and display digital advertisements from merchant computers. A digital advertisement can further include a program that is interpreted by a buyer's computer. The buyer computers include a means for a user to purchase the product described by a digital advertisement. If a user has not specified a means of payment at the time of purchase, it can be requested after a purchase transaction is initiated. A network payment system performs payment order authorization in a network with untrusted switching, transmission, and host components. Payment orders are backed by accounts in an external financial system network, and the payment system obtains account authorizations from this external network in real-time.

Abstract: A method and system for conducting electronic auctions is described. A dynamic lot closing extension feature avoids collisions in closing times of multiple lots by dynamically extending the closing time of a subsequent lot if a preceding lot's closing time is extended to be too close to the subsequent lot's then-currently scheduled closing time. Scheduled closing times can be extended with a flexible overtime feature, in which the properties of the event triggering the extension and the duration of the overtime period(s) can be tailored to a particular auction, particular lots of products within an auction, and to the particular time within an auction process. The bidding status of a lot can be set to a “pending” status after the nominal closing time for submission of bids to allow bidders to alert the auction coordinator of technical problems in submission of bids. This allows the possibility for a lot to be return to open status for further bidding by all bidders.

Abstract: A method of generating a private key for use in a public key data communication system implemented between a pair of correspondents is disclosed. The method comprises the steps of generating a random number for use as a private key and testing the number against a predetermined set of criteria The criteria are chosen to determine the statistical randomness of the number. The random number is utilized as a key upon satisfying the criteria.

Abstract: A complete system for the purchasing of goods or information over a computer network is presented. Merchant computers on the network maintain databases of digital advertisements that are accessed by buyer computers. In response to user inquiries, buyer computers retrieve and display digital advertisements from merchant computers. A digital advertisement can further include a program that is interpreted by a buyer's computer. The buyer computers include a means for a user to purchase the product described by a digital advertisement. If a user has not specified a means of payment at the time of purchase, it can be requested after a purchase transaction is initiated. A network payment system performs payment order authorization in a network with untrusted switching, transmission, and host components. Payment orders are backed by accounts in an external financial system network, and the payment system obtains account authorizations from this external network in real-time.

Abstract: A system for creating a log of a conversation includes a convener computer and a plurality of conversation computers interconnected by a computer network. The system includes an arbiter computer and a plurality of conversation computers interconnected by a computer network. The arbiter computer creates a public key pair comprising a new public key and a new private key, and causes the new public key to be transmitted to the conversation computers. The conversation computers receive the public key and transmit messages during the conversation. The arbiter computer uses the new private key to encrypt messages transmitted by at least some of the conversation computers during a conversation among the conversation computers, and to store the encrypted messages in a message log. The conversation computers cause messages in the message log to be decrypted using the new public key.

Abstract: A method is provided for establishing mutual authentication and secure communications between an microprocessor-based transaction evidencing device and a microprocessor-based server coupled thereto. A session key KS is generated at the transaction evidencing device and encrypted with a first key K1 to form a first message. The first message is sent to the server and decrypted using a second key K2. In response to the first message a second message is generated at the server and encrypted using the session key KS. The encrypted second message is sent to the transaction evidencing device and decrypted using the session key KS. A response to the second message is generated at the transaction evidencing device and is signed using a third key K3. The signed response is encrypted with the session key KS and transmitted to the server. The encrypted signed response is decrypted using the session key KS and the signature is verified using a fourth key k4.

Abstract: A quantum cryptographic key distribution (QKD) system splits discrete light signals from a laser source into a pair of light pulses that are orthogonally polarized with respect to each other, imparts a phase shift to one or both of these separate pulses during their round trip from the sender to the receiver and back, assures that the return pulses from the receiver are attenuated to single-photon pulses, recombines the phase-shifted pulses at the sender, and then detects from the recombined signal its polarization state, which is representative of the net phase shift imparted by the sender and receiver. The phase modulator at the receiver transmits only one polarization (e.g., vertical), but is used in a manner that permits it to equally modulate both polarization components of an arriving pulse. In this arrangement, when both components of a pulse reach the phase modulator at the receiver, they are both entirely vertically polarized and a phase shift is imparted at that time.

Abstract: A key recovery information distribution device is provided between a recoverer device and a key recovery device, recovers a data key for the recoverer device, and reduces the load of the recoverer device. Data is encrypted using the data key and stored with key recovery information. The recoverer device which decrypts the encrypted data distributes the key recovery information to key recovery devices through the key recovery information distribution device to recover key information. A recoverer is authenticated directly between the key recovery device and the recoverer device, and then the key information is transmitted to the recoverer device, and the recoverer device recovers the data key.

Abstract: The invention relates to providing secure transactions with a tag and POS device associated with a host network authorization system. In doing so, the tag is adapted to bi-directionally communicate with a POS device, preferably a fuel dispenser, which further communicates with a host network to provide authorization of the tag and carry out any desired purchases or transactions. To avoid transmitting data from which valuable account or financial information could be derived, between the tag and POS device or the POS device and the host network system, the invention may maintain all or a majority of account and financial information requiring absolute security only at the host network. Neither the tag nor the POS device has or has access to certain critical financial or account information. The tag also is adapted to communicate with other local sources and the POS device directly. Additional and alternate security is available for these communications.

Abstract: Cryptographic methods and systems are disclosed. The cryptographic methods provide transparent encryption and decryption of documents in an electronic document management system. The cryptographic system adds a software module to an electronic document management system which traps file I/O events and performs cryptographic functions on the relevant documents before passing control back to the electronic document management system.

Abstract: A method and apparatus for determining the prepayment propensity of borrowers. Earlier payment of loans and particularly mortgage loans can lead to losses being suffered by lenders. The present invention analyzes the demographics associated with a particular borrower to determine both the individual and group based prepayment propensity. The history of the borrower, the history of the demographic group to which the borrower belongs, interest rate trends and other factors are then used to calculate a prepayment score that can be used by the lender to determine the propensity of a given borrower to prepay the loan in question. Where prepayment is a significant risk, inducements to the borrower to leave the loan in force can be made or the loan product can be adjusted to reflect the prepayment risk involved. Loan brokers can also be rated based upon the prepayment propensity of those borrowers who are clients of the broker.

Abstract: An audio input interface (122) receives a digital audio signal and identifies an audio bitstream which is optionally decrypted by a decryption unit (123), and decoded by an audio decoding unit (124). An audio digital to analog converter (126) converts the decoded audio bitstream to an analog audio signal which is optionally decrypted by an audio analog decryption unit (127). An analog transmitter (150) transmits the analog audio signal to a radio (110).

Abstract: Method and apparatus for efficiently scheduling tasks on a network. A user may schedule node-specific tasks across the network without specifying particular times for each node. One application of the present invention is scheduling of survey tasks across the network. A user may select times at which a task is to be performed or exclusion times when a task is not to be performed at the node level, subnet level, or level of the whole network.

Abstract: A method, system, and computer program are disclosed to transport an encrypted key across multiple, diverse systems which provides the relevant and necessary information to guarantee a successful decryption of the key. The method prepares an ASN.1 encoding file at the sender which contains the key. The receiver performs the method to decode the ASN.1 encoded file. In this manner, only the data and the contents of the portable key need to be sent to guarantee successful decryption at the receiver.

Abstract: Apparatus, and a method for its use, for automatically verifying the identity of a person seeking access to a protected property that is remotely located with respect to the apparatus, such as a remotely located computer file or building alarm system. The apparatus, which is disclosed in the form of a handheld device (14) or other portable device (14′), includes a sensor (16) for reading biometric data, such as a fingerprint image, from the person, and a correlator (28) for comparing the sensed data with a previously stored reference image (32) and for determining whether there is a match. If there is a match, the device (14) initiates an exchange of signals over a communication network, with the “door” (10) that protects the property. Specifically, the device (14) generates a numerical value, such as a cyclic redundancy code, from the stored reference image (32), encrypts the numerical value, and transmits it to the door (10) as confirmation of the person's identity.