Abstract: A rollback attack prevention system 10 for a gaming machine 20 includes a configuration log 30 and a revocation list 40. Preferably, the configuration log 30 includes a protected record of software that has been installed on the gaming machine 20. Further, the revocation list 40 includes an inventory of unauthorized software that the prevention system 10 prevents from being installed and/or used on the gaming machine 20.

Abstract: A method is provided for asymmetrically encrypting data communicated between a ground platform and multiple airborne platforms. The method includes packet encrypting ground-based data so as to preserve routing information while encrypting the remaining data. The packet-encrypted data is then transmitted to the airborne platforms. The method also includes bulk encrypting airborne-based data so as to maximize security. The bulk-encrypted data is then transmitted to the ground platform.

Abstract: A system and method for implementing adaptive cryptographically synchronized authentication is disclosed. The authentication system includes a controller that dynamically selects one of a plurality of authentication mechanisms to be used in providing authentication for an exchange of message data. The variation in the level of authentication assurance can be based on one or more factors such as the current security conditions and the available CPU utilization.

Abstract: A system and method for generating a plurality of authentication tags using a plurality of authentication mechanisms is disclosed. The plurality of authentication tags can reflect different authentication strength-performance levels. It is a feature of the present invention that a receiver is afforded increased flexibility in adaptively choosing strength-performance levels. It is a further feature of the present invention that multiple authentication tags can be used in multicast environments, where different receivers may have different processor capabilities or security policies.

Abstract: A system and method for detecting and correcting errors using an authentication mechanism is described. In particular, a reversible inner function is used in a nested message authentication code configuration to provide both error detection and error correction in high performance applications.

Abstract: A high-speed, low-strength authentication mechanism is disclosed. This mechanism is based on a partial message authentication code, wherein a message authentication code is applied only to some portion of the message. By applying an authentication algorithm only to selected parts of the message, significant time can be saved while maintaining acceptable security.

Abstract: One embodiment of the present invention provides a system for establishing a cryptographic key between energy-limited nodes using a super node that has abundant energy. The node also sends a message to a super node including the partial key value encrypted using the super node's a public key. Note that the energy-limited node only encrypts with the public key, which requires less energy than decrypting with the corresponding private key. The super node then decrypts to recover the partial key value. Next, the super node securely communicates the partial key value to the second node. The second node then establishes the cryptographic key using the first and second node's partial key values.

Abstract: A method is provided for asymmetrically encrypting data communicated between a ground platform and multiple airborne platforms. The method includes packet encrypting ground-based data so as to preserve routing information while encrypting the remaining data. The packet-encrypted data is then transmitted to the airborne platforms. The method also includes bulk encrypting airborne-based data so as to maximize security. The bulk-encrypted data is then transmitted to the ground platform.

Abstract: A system and method for data recovery is described. In one embodiment, an encrypting system encrypts a message or file using a secret key (KS) and attaches a key recovery field (KRF), including an access rule index (ARI) and KS, to the encrypted message or file. To access the encrypted message or file, a decrypting system must satisfactorily respond to a challenge issued by a key recovery center. The challenge is based on one or more access rules that are identified by the ARI included within the KRF.

Abstract: The present invention is a system and method for publicly verifying that a session key determined according to a Diffie-Hellman key exchange can be recovered from information associated with a communication encrypted with the session key. More particularly, the present invention provides recovery information and verification information with the encrypted communication. A recovery agent is able to recover the session key using the recovery information. A verifier, using the verification information, is able to verify that the session key can, in fact, be recovered from the recovery information. Neither the recovery information nor the verification information alone reveal any secret or private information. Furthermore, only the recovery agent is able to recover the session key, and he does so without revealing any other private information. Thus, the verification can be performed by any member of the public.