Abstract: A personal data/time notary device is embodied in a token device such as a “smart card”. The portable notary device includes an input/output (I/O) port, which is coupled to a single integrated circuit chip. The I/O port may be coupled to a conventional smart card reading device which in turn is coupled to a PC, lap-top computer or the like. A tamper resistant secret private key storage is embodied on the chip. The private key storage is coupled to the processor which, in turn, is coupled to a permanent memory that stores the program executed by the processor. At least one clock is embodied on the card. A second clock 14 and a random value generator 10 are also preferably coupled to the processor. The device combines digital time notarization into a digital signature operation to ensure that a time stamp is always automatically present. The user does not need to be involved in any additional decision making as to whether time stamping is necessary.

Abstract: A session processing module for a server is adapted to communicate across the Internet with a plurality of clients. The processing module runs within a servlet and allocates a session identifier in response to a first input stream of a session between a client and the server; negotiates communication characteristics for the session; and instantiates, according to the communication characteristics, routines for processing subsequent session input streams containing request data and routines for generating session output streams containing response data. A variable depth of penetration to be applied to a dynamically specified quality of service for a session is enabled. Thus, in one embodiment the module relays encrypted request data for a session to a back-end server, and receives from the back-end server encrypted response data for the session for the client.

Abstract: A system for monitoring tamper events in a computer system is disclosed. The computer system is on a network. The system comprises a tamper real time clock (RTC) means which receives at least one tamper event signal from the computer system. The tamper RTC means includes a timer for indicating the time of a tamper event and a management device for receiving the at least one tamper event signal. The management device issues a command to the tamper RTC means to obtain the time of the at least one tamper event. The management device also generates a network packet which includes the time of the tamper event to a system administrator of the network. The present invention in a preferred embodiment is directed to a computer system which has the ability to functionally detect and store the time of a tamper event. A tamper real time clock (RTC) circuit is operatively connected with logic to store the date and time of an event as it occurs.

Abstract: Copy protection is provided for the now-unprotected computer monitor port of a computer 100 in two ways: (i) delaying synchronizing signals by a time variable amount and (ii) generating pulses during non-active video. Delay of the synchronizing signal is performed by selecting a fixed offset 203 and selecting either the fixed offset of the pseudorandom delay to be sent to a variable delay generator 260, which delays the horizontal synchronizing signal 201 by the selected amount. This new delayed horizontal synchronizing signal 202 is encoded by the CRT Controller 244 and is then sent to the computer monitor 164, which uses the delayed synchronizing signal 202 as encoded to produce its display in conjunction with a data signal. Thus, if these signals 202, 268 are intercepted by a VGA to TV converter 122, the converter 122 (or any downstream device) is unable to lock onto the correct frequency in order to reproduce the image properly.

Abstract: A secure multiple application card system and process is provided having secure loading and deleting capability by use of a Certification Authority and Personalization Bureau. The certification authority maintains the security of the system by requiring IC cards to be injected with its public key and a card identifier for uniquely identifying each card, by providing a personalization data block for each card, and by signing with its private key all applications to be loaded or deleted from the IC card.

Abstract: The system, method, and program of this invention provides a secure configuration of a digital certificate for a printer. The printer has a unique encryption key stored in it at manufacturing time. This key is also recorded in a database, securely controlled by a certificate authority, and the key is associated with the printer by model and serial number. The printer sends a message requesting a digital certificate to the certificate authority. In the message request, the printer sends the model number and serial number of the printer in the clear, i.e., not encrytped, which is needed by the certificate authority to look up the unique encryption key in the database. The message request also contains an encryption, using the built-in key, of some of the same information that was sent in the clear. The database needs the information in the clear to get the key.

Abstract: Arbitrarily fine-grained limitation of access to information stored in a resource of a data processor network is provided in a manner compatible with existing network browsers by mapping user identity and credentials with randomly assigned security cookie information which thus serves as a surrogate credential accompanying each user request during a session. Labels are imbedded within HTML files/text which may embody any desired security policy, including mandatory access control (MAC) arrangements which are not available through native browser functions. Data is retrieved in response to a user request which includes a security cookie from a location in the resource which is not directly accessible through use of a URL; the location being stored in a configuration file which is hidden from users.

Abstract: The present invention provides a system for managing trusted certificates for authenticating communications for clients belonging to an enterprise. The system assembles a list of trusted certificates containing public keys for authenticating communications signed by associated private keys. This assembly process may include verifying the authenticity of trusted certificates in the list. The system then constructs a fingerprint for the list. The list is then communicated to a client through a first communication mechanism, and the fingerprint is communicated to the client through a second communication mechanism. Next, the client verifies that the fingerprint received through the second communication mechanism was constructed from the list of trusted certificates received through the first communication mechanism. This establishes a high degree of confidence that the list of trusted certificates is authentic.

Abstract: The present invention provides a method and apparatus for securing cryptographic devices against attacks involving external monitoring and analysis. A “self-healing” property is introduced, enabling security to be continually re-established following partial compromises. In addition to producing useful cryptographic results, a typical leak-resistant cryptographic operation modifies or updates secret key material in a manner designed to render useless any information about the secrets that may have previously leaked from the system. Exemplary leak-proof and leak-resistant implementations of the invention are shown for symmetric authentication, certified Diffie-Hellman (when either one or both users have certificates), RSA, ElGamal public key decryption, ElGamal digital signing, and the Digital Signature Algorithm.

Abstract: A system for viewing a subtle image on a security document is provided including a security document, a document viewer, and a document receiving station. The security document comprises a subtle image and a security image formed on a first face of the security document, wherein security image elements are arranged in a security image element array and complementary security image elements are arranged in a complementary security image element array. The subtle image comprises a plurality of subtle image elements arranged in a subtle image element array. The subtle image element array is arranged in a pattern that is optically distinct from respective patterns of arrangement of the security image element array and the complementary security image element array.

Abstract: Method and computer network for enhanced security for applications using downloadable executable content is described. More particularly, a client is operatively coupled to an authentication server and a remote host through a gateway. In an initial login session, authentication information is provided from the client to the gateway for obtaining client-authenticating credentials from the authentication server. These client-authenticating credentials may be encoded to be in a form of a data string and provided to the client, for example as the value of an HTTP cookie. The encoded data string may be provided to the client as one or more parameter values. These parameter values may be employed along with requested downloadable executable content, such as one or more Java classes, for running on the client. The Java classes may communicate the parameter values to an execution server of the gateway for decoding the encoded data string in order to extract the client-authenticating credentials therefrom.

Abstract: A method for downloading a document via a communications medium operatively associated with a communications interface, the method including receiving the document from the communications medium, placing an information storage smart card in removable operative association with the communications interface, and conditionally transmitting the document from the communications interface to the information storage smart card and storing the document in the information storage smart card. Other related methods and apparatus are also provided.

Abstract: A method of communicating information between users of a communications system includes the following steps: generating a ring R, ideals P and Q in R, a set of coset representatives CQ for the ring R modulo the ideal Q, and a set of coset representatives Cp for the ring R modulo the ideal P; generating at least one public key element h1, . . . , hk in the ring R as a function of at least two private key elements ƒ1, . . . ƒn in R and the ideal Q of the first user; and transmitting from a first user to a second user a description of the ring R, the ideal Q, the ideal P, and the elements h1, . . . , hk in R; generating an element e in R as a function of the ideals P and Q, the public key elements h1, . . . , hk, a private message element m in R, and at least one private random element ø1, . . .

Abstract: Disclosed is an optical disk barcode forming method wherein, as information to be barcoded, position information for piracy prevention, which is a form of ID, is coded as a barcode and is recorded by laser trimming on a reflective film in a PCA area of an optical disk. When playing back the thus manufactured optical disk on a reproduction apparatus, the barcode data can be played back using the same optical pickup.

Abstract: A cryptographic packet processing unit performing cryptographic operations on a data portion of a data packet based on control information included in a header of the data packet. The cryptographic packet processing unit comprises a cryptographic bus interface unit, a crypto-processing unit, and a control storage unit. The cryptographic bus interface unit is capable of (i) receiving the data packet and (ii) removing the control information from the data portion. Coupled to the cryptographic bus interface unit, the crypto-processing unit is capable of performing a cryptographic operation on the data portion under the control of the control storage unit, which contains the control information.

Abstract: A method and apparatus to allow a key manager node in a network to initiate the process of changing a group key for all nodes in a multicasting group. In the described embodiment, the key manager node initiates changing the group key by setting an indicator in a multicast packet. The indicator indicates that each of the nodes in the multicast group should obtain a new group key from the key manager node. The key manager node sets the indicator whenever the key manager node determines that the nodes in the group need to change their key. The nodes in the multicast group then obtain a key from the key manager node. In one embodiment of the present invention, the key manager node sends the group key to the members of the group and, once all nodes in the group have received their key, sends an indicator that the group members should start using the new keys. In another embodiment, the key manager node sends the new key to the group, along with instructions specifying when the new key is to take effect.

Abstract: A system for authenticating a first entity to a second entity and for simultaneously generating a session key for encrypting communications between the entities. The first entity generates an authentication value by encrypting time-dependent information using a long-lived secret key shared by the entities and transmits the authentication value to the second entity. The first entity independently encrypts other time-dependent information using the long-lived key to generate a session key that cannot be derived from the authentication value without the long-lived key. Upon receiving the transmitted authentication value, the second entity checks the transmitted authentication value using the shared long-lived key to determine whether it is valid. If the authentication value is valid, the second entity authenticates the first entity and generates an identical session key from the same shared secret information and time-dependent information.

Abstract: The data security system uses a volatile key apparatus to create and manage a master file, comprising a single encrypted file that is stored on the hard drive of the computer system. The master file contains all of the passwords, cryptokeys and security codes that are used by conventional security programs and apparatus resident on the computer system to safeguard the confidential data that is contained in the memory of the computer system. The master key that is used to encrypt and decrypt this master file is stored in the volatile key apparatus, which is a piece of hardware located in the personal computer and directly connected to the system bus. When a violation of the system security procedures is detected, the master key is erased from the volatile key apparatus, thereby preventing access to the encrypted information that is stored on the hard drive.

Abstract: A certification revocation system uses a one-way function F to verify the validity of a certificate that includes a first value V. Included are means for receiving a second value V′ and means for iterating F on V′ and for comparing the result thereof to V. The function F is used to verify that a certificate having an issue date D and including a first value V is valid at a date belonging to a sequence of dates after D.

Abstract: A signal reproducing apparatus for prohibiting copying or unauthorized use. The apparatus includes a copying management information decision circuit 19 for discriminating the state of the copying management information read out from each header of a data sector and within the TOC, a protect signal generating circuit 20 for generating a protect signal based on the discrimination signal and a mixing circuit 24 for mixing a protect signal in a vertical blanking period of an analog video signal D/A converted from digital video data reproduced from an optical disc D. The apparatus also includes a descrambling circuit 31 for descrambling the digital data based on the copying management information and a scrambling circuit 32 for descrambling the digital data. The apparatus enables prohibition of unauthorized analog copying and digital copying, inhibition of serial generational copying and prohibition of unauthorized analog and digital copying simultaneously.