Abstract: A hybrid one time pad encryption and decryption apparatus with methods for encrypting and decrypting data wherein a one time random number pad provides high security encryption. The random number sequence is encrypted using DES, RSA or other technique and embedded in the message as a function of the random pad itself. This generates an encryption message that is impervious to attempts to directly decode the message text as the message is randomly dispersed throughout a message and the message contains as much quasi-random data as text. The message is also relatively impervious to attempts to decode the cipher, as the cipher is randomly interrupted by the encrypted data.

Abstract: A access rights authentication apparatus relieves burdens resulting from handling unique information of a large number of authentication keys and the like of users and protectors such as application authors, wherein a proof data verification module sends authentication data to a proof data generation module; proof data generation means of the proof data generation module generate proof data from the received authentication data and held user unique identifying information, and returns the proof data to the proof data verification module; the verification means of the proof data verification module verifies the proof data using the access ticket; and if the verification succeeds, program execution is permitted.

Abstract: An encryption device has a random number generator whose output is combined by exclusive-or with plaintext input which has been encrypted by a first block cipher. The combined exclusive-or output is encrypted with a second block cipher mechanism which produces a second enciphered output. The output of the random number generator is also encrypted by a third block cipher mechanism which produces a third enciphered output. The first and second block cipher mechanisms differ from each other.

Abstract: A key used for deciphering ciphertext is safely transmitted, to establish simple encryption communication. A transmitter and a receiver are connected through a network such that they can communicate with each other. In the transmitter, plaintext is enciphered using a common key. Ciphertext, together with a key generation program in a public-key cryptosystem, is transmitted from the transmitter to the receiver. In the receiver, a pair of a public key and a secret key is generated in accordance with the key generation program, the public key is transmitted to the transmitter, and the secret key is held in the receiver. In the transmitter, the common key is enciphered using the public key transmitted from the receiver. An enciphered common key transmitted to the receiver is deciphered using the held secret key. The ciphertext is deciphered using the deciphered common key.

Abstract: A field programmable gate array (FPGA) and a decryption circuit are implemented within a common integrated circuit (IC) or within separate ICs enclosed within a common IC package. The decryption circuit decrypts an input FPGA program encrypted in accordance with a particular encryption key and then writes the decrypted FPGA program into the FPGA. Thus an FPGA program encrypted in accordance with a particular encryption key can be used to program only those FPGAs coupled with a decryption circuit capable of decoding the encrypted FPGA program in accordance with that particular encryption key. Since the decryption circuit and the FPGA are implemented in the same IC, or within the same IC package, the decrypted FPGA program the decryption circuit produces cannot be readily intercepted and copied.

Abstract: A system for event detection employs a collector that collects raw audit data made up of raw audit data records at an audit source; a database; an inserter at a downstream processing location that inserts Virtual Records into the database, including both a first type of Virtual Record generated in response to a raw audit data record, and a second type of Virtual Record generated in response to a detected audit event; the inserter; a parser; coupled to the collector, that converts raw audit data records in the raw audit data into Virtual Records; a detector that detects audit events in response to the Virtual Records generated by the parser, and generates the second type of Virtual Record in the event an audit event is detected.

Abstract: The disclosed invention is a new cryptographic method which is fast and ideally suited for secure, high volume data communication and storage. The data is encrypted at the source using a private key and then transmitted to a destination over a secure or insecure channel. The destination can either be a local storage device or a non-local station. At the destination the data is decrypted using the same private key. The disclosed invention is a new method and apparatus for data encryption. The mathematical robustness and simplicity of this method brings a great improvement in security and speed as compared to previous block ciphers. The data block length or the key length can also be changed very easily and such changes do not require any significant redesigns in the components of the cipher. This is a significant advantage over previous block ciphers, where extensive modifications are needed if the key or the data block length is to be altered, if this is even feasible.

Abstract: A method for simultaneously generating one time pads and an apparatus which implements the method to produce a secure encryption system. The method and apparatus use the Diffie-Hellman key exchange algorithm to produce a one time pad rather than exchange keys. This makes it practical to generate one time pads for use in secure transmissions.

Abstract: A cryptosystem having a Certificate (Key) Server for storing and maintaining certificate or key information in a certificate database is described. The Certificate Server allows clients to submit and retrieve keys from a database based on a set of policy constraints which are set for one's particular site (e.g., company). Access to the Certificate Server is maintained by a Certificate Policy Agent, which makes sure that the policy is enforced for a given site based on the information supplied during the configuration. During operation, the Certificate Server responds to client requests to add, search for, and retrieve certificates. The server accepts or rejects certificates based on configurable parameters enforced by a Certificate Policy Agent. When a certificate is submitted to the server, the Certificate Policy Agent checks to see if it meets the criteria for a given site based on the settings specified during the configuration.

Abstract: A software distribution system and a software utilization scheme for effectively preventing an illegal copy of a software is difficult while improving a convenience of a user. At a user side, a shared key to be shared between a software provider and a user is stored, where the shared key has a guaranteed correspondence with an ID information regarding a payment of a software fee by the user. Then, a desired software is requested to the software provider, and the desired software is received in an encrypted form from the software provider. The desired software received from the software provider is then decrypted by using the shared key stored at the user side, and the desired software in a decrypted form is utilized at the user side.

Abstract: A public key management infrastructure (104) is shared by at least two users (102). A method (300) for managing risk arising from a user's use of the shared public key management infrastructure (104) includes the following steps. The user (102) is associated (301) with a digital certificate (200) which is issued and digitally signed by a certification authority (CA). The digital certificate (200) represents that the user (102) is bound to a public key (210) corresponding to a private key held by the user (102); the public key (210) and the private key form a key pair for use in public-key cryptography. The digital certificate (200) further includes an access label (216), which may identify the domain (105) within the public key management infrastructure (104) which the user (102) is authorized to access and/or the privileges which the user (102) is authorized to exercise. The user's identity and the validity of the digital certificate (200) are established (303,305).

Abstract: A method, system and apparatus for generating primes (p and q) for use in cryptography from secret random numbers and an initialization value whereby the initial secret random numbers are encoded into the generated primes. This eliminates the need to retain the initial secret random numbers for auditing purposes. The initialization value may also be generated from information readily available, if so desired, resulting in additional entropy without the requirement of storing additional information.

Abstract: A key management scheme for managing encryption keys in a cryptographic co-processor includes the first step of selecting a key from one of a symmetrical key type and an asymmetrical key type. Then, the key bit length is selected. The key is then generated and, lastly, the key is represented in either an external form or an internal form.

Abstract: A method and an equipment for allocating to a television program, which is already conditionally accessed, a complementary conditional access. The television program is first received by means provided with access entitlements and the control words are restored. Complementary access control messages and complementary entitlement management messages corresponding to a complementary access control system are built up. The initial unmodified television program is rebroadcast, together with the complementary messages related to the complementary access control system.

Abstract: In a method of receiving packets of data addressed to one or more receivers each having an individual identifier, wherein the data is included in a digital signal having destination addresses successively encrypted from a sequence of control words and receiver identifiers, and control messages containing the control words in encrypted form, address flags and control flags. The method processes the control messages to construct receiver addresses from the control words and the receiver identifier; directs the receiver addresses to update a receiver address register selected by the associated control flag in response to the transmitted control flags; directs each destination address to be compared with the receiver address to one of the address registers selected by the associated address flag in response to the address flags and; accepts each packet of data having a destination address matching the receiver address to which it was compared.

Abstract: A method and a device for allocating an authentication device to a base station, with the base station delivering a search signal which is received by the authentication device and is compared with a previously stored reference signal assigned to a base station. If the search signal matches a reference signal, the authentication device sends a response signal. If they do not match, the authentication device checks whether the search signal matches another previously stored reference signal allocated to another base station.

Abstract: A security document processing apparatus is provided having a feed path for receiving documents and at least one imaging assembly for capturing image data from documents received in the apparatus. The apparatus may include a material detection imaging assembly for detecting the material composition of certain materials on documents received in the apparatus. The material detection imaging assembly may detect material on a document by detecting transmissivity characteristics, or by sensing radiation emission characteristics of a document in the case received documents are of a type including radiation wavelength sensitive additives incorporated therein.

Abstract: This invention protects the unauthorized copy of multimedia data, recorded on an information recording medium, by using electronic watermark information and key information. The electronic watermark information embedded in the multimedia data is extracted by an electronic watermark extraction unit on the decryption system side. A disk key is obtained using the electronic watermark information and a part master key. The multimedia data is decrypted using the resultant disk key.

Abstract: A VGA (or other component video signal) output, e.g. from a computer or DVD player, is subject to protection so it is viewable on a VGA monitor. If the component video signal is converted to composite video (e.g. television) the resulting television picture is of substantially degraded quality, thereby inhibiting viewing and/or copying. This protects for instance copyrighted material in the VGA format from unauthorized use. The protection modifies the horizontal or vertical synchronization signals in the VGA video in such a way that there is no adverse affect on a typical VGA monitor. Most or all VGA to television converters and/or television sets and VCR's suffer from loss of synchronization, resulting in an unviewable picture. Methods and apparatuses for defeating this copy protection are provided herein.

Abstract: A public key cryptosystem with roaming user capability within a network that allows secure communication between users of the system, client machines, and encryption servers. A client machine generates and stores an encrypted private key on an encryption server. A user may then access the encrypted private key from any client machine located on the network and decrypt it using a passphrase, thus giving the user roaming capability. The private key may then be used to decrypt any encrypted messages received. A user can generate a digital message, encrypt it with a client recipient's public key, and transmit it to the encryption server from any client machine on the network.